Choosing the right attribution path for your Zoom app
As demand for meeting context keeps growing, Zoom is introducing an important user-first update to how apps access and interact with meeting content. Starting March 2, 2026, all apps joining external meetings must be attributed to a specific user. That means developers will need to intentionally choose which authorization model best fits what their app actually does. There are three main paths:
- Realtime Media Streams (RTMS) – Real-time access to meeting audio, video, and screen share for AI, analytics, and automation
- On-Behalf-Of (OBF) tokens (Meeting SDK) – Used when apps join meetings as visible participants
- Zoom Access Keys (ZAK) – Used for host-controlled or internal automations. Each model serves a different type of integration, from AI-powered assistants to embedded meeting tools to host-driven automations.
Quick overview
| PATH | BEST FOR | KEY BENEFIT |
|---|---|---|
| RTMS | Real-time data, AI workloads, and automation | Direct access to live audio and video streams without joining as a participant |
| OBF token (Meeting SDK) | Apps that join meetings as visible participants | Attribute apps to users in the meeting via OAuth |
| ZAK token | Host-controlled or internal automations | Grants host-level permissions to start and manage meetings |
Quick reference: ZAK vs. OBF tokens
A common question we hear is, "what's the difference between ZAK and OBF tokens?"*
The key difference is who or what the token represents:
- ZAK tokens represent a person. Use them when your Meeting SDK app starts or manages a meeting on behalf of an authenticated Zoom user.
- OBF tokens represent an app. Use them when your Meeting SDK app joins a meeting as an automated participant, like a recording or note-taking app. Keeping that distinction in mind makes it easier to decide which path fits your app's purpose.
Choosing the right path
| GOAL | RECOMMENDED PATH |
|---|---|
| Real-time transcription, analytics, or automation | RTMS |
| Compliance or continuous recording | RTMS |
| Embedded meeting or visible participant app | OBF token (Meeting SDK) |
| Lightweight or low-volume participant integrations | OBF token (Meeting SDK) |
| Host-controlled or internal automation | ZAK token |
| Starting or managing meetings as the host | ZAK token |
RTMS: best for real-time data and automation
If your app needs to analyze, record, or act on meeting content as it happens, RTMS is the purpose-built solution. It gives your app direct access to live media streams from Zoom's infrastructure without joining as a visible participant. There are no bot tiles, SDK clients, or dependencies on user devices. RTMS is designed for scale, reliability, and compliance.
Why developers choose RTMS
RTMS removes the need for bot participants, includes simple host controls for trust and adoption, and scales easily for enterprise workloads. It supports multiple Zoom products and continues streaming without relying on any single participant's device or connection. It's the recommended path for most modern, data-driven use cases. OBF remains a valid alternative when visibility and interaction are essential, and ZAK is still the right choice for host-controlled automations.
Next steps for developers:
- Review the RTMS documentation
- Getting Started with the RTMS SDK (video)
- Get Zoom transcripts in 5 lines of code (video)
- Improving user experience for meeting assistant apps with RTMS (video)
- If you're interested in moving forward with RTMS, please fill out the form linked in the docs and we'll connect you with the Zoom sales team.
OBF tokens: best for SDK apps that join as participants
OBF tokens are part of the Zoom Meeting SDK and let apps join meetings as visible participants on behalf of verified users. They're best when your integration needs to act as a participant and interact directly in the meeting.
Examples:
- Embedded meeting experiences inside your own app
- Collaboration tools that post in chat or share content
- Interactive training or classroom tools where presence matters OBF is ideal for participant based experiences, but it is not a fit for large scale automation or data driven analytics use cases.
Next steps for developers:
- Learn about Meeting SDK authorization and OBF tokens
- Join meetings and webinars with an OBF token
- Updates to Meeting SDK authorization - FAQ
ZAK tokens: best for host-controlled or internal apps
ZAK tokens represent a Zoom user, typically the host. They're ideal for internal tools or workflow systems that need host-level control.
Examples:
- Scheduling systems that start meetings automatically
- Admin dashboards that manage internal meetings
- Enterprise tools that integrate deeply with existing authentication ZAK is great for control, not content. It can't access audio or video, so it's not suitable for analytics or AI-driven use cases.
Next steps for developers:
- Learn about Meeting SDK authorization and OBF tokens
- Join meetings and webinars with a Zoom user's ZAK token
- Updates to Meeting SDK authorization - FAQ
Real world use cases
Use case 1: AI meeting assistants or note-takers
This is the clearest fit for RTMS. Picture an AI assistant that listens to meetings, creates transcripts, and summarizes decisions or action items. RTMS lets your app stream media directly from Zoom's servers in real time.
| OPTION | WHY OR WHY NOT |
|---|---|
| RTMS | The best choice for clean, scalable access to real-time data |
| OBF | Possible, but your app will join every meeting as a visible participant |
| ZAK | Not viable, since it can't access media streams |
Use case 2: compliance and policy-based recording
For many regulated industries like finance, healthcare, or legal, consistent and compliant recording is a must. RTMS streams directly from Zoom's infrastructure, allowing recording to continue even if individual participants or the host disconnect, provided the meeting continues.
| OPTION | WHY OR WHY NOT |
|---|---|
| RTMS | Best choice because it streams directly from Zoom's infrastructure |
| OBF | Depends on a participant client staying connected, which limits reliability |
| ZAK | Can start a meeting and initiate recording, but stops if the host disconnects |
RTMS is the right fit when your app needs continuous, policy-based recording that does not depend on who's still in the meeting.
Use case 3: real-time analytics and automation
Think of a platform that monitors engagement, tracks keywords, or triggers alerts when specific terms are spoken. With RTMS, your app connects over WebSockets and can process data in near real time.
| OPTION | WHY OR WHY NOT |
|---|---|
| RTMS | Best choice for continuous, high-speed analysis and automation |
| OBF | Possible, but requires a participant client for every meeting, which adds complexity |
| ZAK | Limited to host-level control and no access to live media |
RTMS is ideal when your app needs to detect patterns or take action instantly, such as in sales coaching, support monitoring, or compliance automation.
Use case 4: smart hardware and meeting devices
Some developers build hardware that supports meeting experiences, like transcription hubs or compliance recorders. These devices need low-latency access to media but shouldn't appear in the participant list.
| OPTION | WHY OR WHY NOT |
|---|---|
| RTMS | Best choice for direct, secure streaming from Zoom's servers without joining as a participant |
| OBF | Would require each device to join visibly, cluttering the meeting and adding maintenance |
| ZAK | Not viable since it doesn't grant access to audio or video data |
RTMS allows hardware developers to build smarter, always-on, compliant meeting devices that don't rely on SDK updates or user clients.
Use case 5: scheduling and automation systems
Consider a scheduling system that automatically starts meetings for users at the scheduled time. The system doesn't need to access audio or video data, only launch or manage the meeting on behalf of the host.
| OPTION | WHY OR WHY NOT |
|---|---|
| ZAK | The best choice because it provides host-level permissions to start or manage meetings programmatically |
| OBF | Adds unnecessary overhead since the app would need to join as a visible participant |
| RTMS | Not applicable because no media access is required |
ZAK is best when your app focuses on meeting control rather than meeting content.
Wrapping up and next steps
Each authorization model has a clear purpose:
- RTMS for real-time data, AI, automation, and compliance
- OBF for SDK apps that join meetings as visible participants
- ZAK for host-controlled or internal automations The goal is to match your app's purpose to the right model. If your app needs to access, understand, or act on live meeting content, RTMS is the path that scales while still supporting compliance. If it needs to participate, OBF works. If it needs to control meetings, use ZAK.
Detailed comparison matrix
| CAPABILITY / CONSIDERATION | RTMS (REALTIME MEDIA STREAMS) | OBF (ON-BEHALF-OF TOKEN, MEETING SDK) | ZAK (ZOOM ACCESS KEY) |
|---|---|---|---|
| Primary purpose | Real-time access to meeting media for AI, analytics, and automation | Join meetings as a visible participant for embedded or bot experiences | Start or manage meetings as the host for internal automation |
| Media access type | Server-side streaming (audio, video, screen share, transcript) | Client-side capture via SDK participant | Host-level control, no direct media access |
| Visibility in meeting | Does not appear as participant | Visible participant (bot or embedded user) | Host identity only |
| Supported products | Meetings, Webinars, Phone, Contact Center | Meetings, Webinars | Meetings only |
| Maintenance overhead | Low, no SDK version dependency | High, must track SDK updates | Low |
| Infrastructure requirements | Lightweight WebSocket service | Browser or SDK runtime | Minimal, API-based |
| Participant notice and consent | Built-in, standardized | Must be implemented manually | N/A (host-controlled) |
| Compliance posture | Strong, automatic attribution | Varies by implementation | Strong for internal use |
| Media composition options | Separate streams (no gallery or speaker view yet) | Pre-mixed audio/video, gallery or speaker view | None |
| Breakout room support | Not yet supported | Supported | N/A |
| Error transparency | Limited (no explicit permission errors) | Clear error codes and permission feedback | N/A |
| Scalability | High, server-side, multi-product | Moderate, per-participant scaling | High, single-account automation |
| Cost model | Paid (usage-based streaming) | Free (SDK usage) | Free (OAuth-based) |
| Ideal use cases | AI assistants, analytics, compliance recording, automation | Embedded meetings, visible bots, collaboration tools | Host-controlled scheduling, internal tools |
| Future direction | Strategic, scalable, multi-surface | Legacy for participant-based apps | Ongoing for internal automation |