- Documentation: https://marketplace.zoom.us/docs/guides/build/jwt-app
- Summary: Zoom is a video teleconferencing software. It can be used to set up chats, meetings, phones calls or webinars. It exposes various APIs to integrate applications with their product. JWT can be used for server-to-server interactions, they can be generated with an API key and secret or directly from the developer dashboard. This detector aims at catching the API key and secret.
- IPs allowlist: This feature is not mentioned in the documentation.
- Scopes: Every token has the same scopes. It can access information linked to the user who created the app.
To revoke a JWT, regenerate the API secret used to generate it. This can be done from the app dashboard under "App credentials".
This feature is not mentioned in the documentation.
Zoom api jwt keys#
Category: Messaging system
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 3.4
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r)?html5?~?$ - ^[aps]?cssc?~?$ - ^lock$ - ^mdx?~?$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames:  check_binaries: false- type: ContentWhitelistPreValidator patterns: - zoom- type: ContentWhitelistPreValidator patterns: - id - key- type: ContentWhitelistPreValidator patterns: - secret
- text: > ZOOM_CLIENT_ID=Tv5sLk45Qc2W3DVSw41ZzQ ZOOM_CLIENT_SECRET=9NeGUzYkSjpIF5pt93m2D1w17fOjI84FtBv4 client_id: Tv5sLk45Qc2W3DVSw41ZzQ client_secret: 9NeGUzYkSjpIF5pt93m2D1w17fOjI84FtBv4