Zoom API JWT
Service Name: Zoom Video Communications
Service Description: Zoom is a cloud-based video conferencing service that provides video and audio conferencing, chat, and webinars across mobile, desktop, and room systems.
Service Address: https://zoom.us/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Zoom's security settings.
Secret Access Scope: Grants programmatic access to Zoom APIs for managing meetings, users, accounts, and other Zoom resources.
Secret Revokement URL: https://marketplace.zoom.us/docs/guides/auth/jwt/
Secret Example: eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOm51bGwsImlzcyI6IkFCQ0RFRkdISUtMTU5PUFF6UlNUV VZXWFlaIiwiZXhwIjoxNjE1MjM2NDAwLCJpYXQiOjE2MTUyMjkyMDB9.1234567890abcdefghi jklmnopqrstuvwxyz
Suspicious Activity Investigation Instructions:
- Review Zoom dashboard for unusual meeting creation or user management activities
- Check API usage logs for unexpected API calls or high-volume requests
- Monitor for unauthorized changes to Zoom settings or user permissions
- Verify if there are any unexpected integrations or apps connected to your Zoom account
- Look for geographical anomalies in access patterns
Mitigation Instructions:
- Log in to the Zoom Developer Dashboard at https://marketplace.zoom.us/
- Navigate to the JWT app that's using the compromised credentials
- Generate a new API key and secret to replace the compromised one
- Update all applications and services using the old credentials with the new ones
- Consider implementing additional security measures like IP restrictions
- Review and update your application's security practices for storing and
handling JWT tokens
- Enable Zoom's advanced security features like two-factor authentication for
administrative accounts