Zoom API JWT Keys

Description

General

Documentation: https://developers.zoom.us/docs/guides/build/jwt-app
Summary: Zoom is a video teleconferencing software. It can be used to set up chats, meetings, phones calls or webinars. It exposes various APIs to integrate applications with their product. JWT can be used for server-to-server interactions, they can be generated with an API key and secret or directly from the developer dashboard. This detector aims at catching the API key and secret.
IPs allowlist: This feature is not mentioned in the documentation.
Scopes: Every token has the same scopes. It can access information linked to the user who created the app.

Revoke the secret

To revoke a JWT, regenerate the API secret used to generate it. This can be done from the app dashboard under "App credentials".

Check for suspicious activity

This feature is not mentioned in the documentation.

Details for `Zoom API JWT Keys`

Family: credentials
Category: messaging_system
Company: Zoom
High recall: False
Validity check available: True
Analyzer available: False
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 2
Occurrences found for one million commits: 0.99
Prefixed: False
PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - zoom
- type: ContentWhitelistPreValidator
  patterns:
    - id
    - key
    - client
- type: ContentWhitelistPreValidator
  patterns:
    - secret

Examples

- text: |
    ZOOM_CLIENT_ID=Tv5sLk45Qc2W3DVSw41ZzQ
    ZOOM_CLIENT_SECRET=9NeGUzYkSjpIF5pt93m2D1w17fOjI84FtBv4
  client_id: Tv5sLk45Qc2W3DVSw41ZzQ
  client_secret: 9NeGUzYkSjpIF5pt93m2D1w17fOjI84FtBv4

- text: |
    ZOOM_CLIENT_ID=TvXsLkUVQcHW3DVSwIKZzQ
    ZOOM_CLIENT_SECRET=9NeGUzYkSjpIF5pt93m2D1w17fOjI84FtBv4
  client_id: TvXsLkUVQcHW3DVSwIKZzQ
  client_secret: 9NeGUzYkSjpIF5pt93m2D1w17fOjI84FtBv4

- text: |
    ZOOM_AUTH_CLIENT=TvXsLkUVQcHW3DVSwIKZzQ
    ZOOM_AUTH_SECRET=9NeGUzYkSjpIF5pt93m2D1w17fOjI84FtBv4
  client_id: TvXsLkUVQcHW3DVSwIKZzQ
  client_secret: 9NeGUzYkSjpIF5pt93m2D1w17fOjI84FtBv4
- text: ZOOM_CLIENT_ID=Tv5sLk45Qc2W3DVSw41ZzQ ZOOM_CLIENT_SECRET=9NeGUzYkSjpIF5pt93m2D1w17fOjI84FtBv4

  client_id: Tv5sLk45Qc2W3DVSw41ZzQ
  client_secret: 9NeGUzYkSjpIF5pt93m2D1w17fOjI84FtBv4

Zoom API JWT Keys

Description

General

Revoke the secret

Check for suspicious activity

Details for `Zoom API JWT Keys`

Examples

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Description​

General​

Revoke the secret​

Check for suspicious activity​

Details for Zoom API JWT Keys​

Examples​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

General

Revoke the secret

Check for suspicious activity

Details for `Zoom API JWT Keys`

Examples