Skip to content

Zoom SDK Keys

Service Name: Zoom Video Communications

Service Description: Zoom is a cloud-based video conferencing service that provides video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom SDK (Software Development Kit) allows developers to integrate Zoom's video conferencing capabilities into their own applications.

Service Address: https://zoom.us/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Zoom's security settings.

Secret Access Scope: Zoom SDK keys grant access to Zoom's video conferencing features and APIs, allowing developers to build applications that leverage Zoom's functionality. This includes initiating meetings, joining meetings, and accessing Zoom features programmatically.

Secret Revokement URL: https://marketplace.zoom.us/develop/apps

Secret Example: SDK.1a2b3c4d5e6f7g8h9i0j.1a2b3c4d5e6f7g8h9i0j.1a2b3c4d5e6f7g8h9i0j

Suspicious Activity Investigation Instructions:

  • Review the Zoom Developer Dashboard for unusual API calls or usage patterns.
  • Check for unauthorized applications using your SDK credentials.
  • Monitor for unexpected meeting creation or participant activity.
  • Review access logs for geographic anomalies or unusual access times.
  • Check for any changes in SDK configuration or permissions.

Mitigation Instructions:

  • Log in to your Zoom Developer account at https://marketplace.zoom.us/develop/apps.
  • Navigate to the App Credentials section of your application.
  • Click on "Revoke" or "Reset" for the compromised SDK key.
  • Generate a new SDK key for your application.
  • Update your application code with the new SDK key.
  • Review and update your application's security settings, including IP restrictions if applicable.
  • Consider implementing additional security measures such as webhook validation.
  • Update any environment variables or configuration files in your deployment environments.