1. Sign Marketplace Developer Agreement
The Zoom Marketplace Developer Agreement must be completed and signed by an Authorized Signing Agent of the company developing and submitting an app. An Authorized Signing Agent is typically a member of a Legal team or executive of the company. The document may be signed digitally using DocuSign.
2. Complete App Descriptions
There are two descriptions available for developers, the Short Description and Long Description, each with a distinct purpose:
The Short Description (text-only) provides information about your business’s core purpose for customers. It should be 1-2 sentences.
The Long Description should provide detailed information about the business value of the app, including its primary use cases, specific features, any requirements/prerequisites for users to consider. It should also provide links/information for additional details and resources users will need to know, including pricing/plans, FAQs, and support options.
Long Descriptions can commonly cause an app submission to be denied if it does not provide users with sufficient insight and information about the app and its functionality.
3. Add Images / Videos
Images are required to show users what to expect when using the submitted app, including function and user-interfaces examples. Videos (up to 10MB) provide expected app usage and user-interface interaction.
For an example of high-quality image/video content, reference the Hubspot app on the Zoom Marketplace.
If your app tracks user activity, you must provide examples of the activities that are tracked and the information that is collected from the activity. If your app provides a way for users to manage and control the permissions that have been granted, you must list out the steps that users can follow to do so.
Description of Service and Usage Limitation: Include brief information on the services that your app provides to the users. If any of the services are to be used only for personal needs and not commercial usage, include this information in the ToU. If there are specific practices that you want the users to avoid while using your app, clearly state them in the ToU.
Description of Expected Procedures and Liability: If your app has certain maintenance windows during which the guaranteed uptime can deflect, include this information on the ToU. In cases of data and business loss of your app users, state who is liable to mitigate for the loss.
Although you can refer to these instructions for getting started with writing your ToU, it should not be treated as an exhaustive list. Consult with your company’s legal team to get support authoring a ToU that best meets your app and business requirements.
7. Provide Deauthorization Event URL for Testing
All apps must provide the proper ability for the User to uninstall or deauthorize the app in compliance with Zoom’s commitment to security and the protection of User data. For a direct guide, reference the Deauthorization documentation.
To do so, apps must provide a secured endpoint for receiving Deauthorization notifications from Zoom and respond with proper data retention practices as outlined in the Marketplace Developer Agreement.
8. Optimize App Data Fetching
Apps are expected to adhere to optimal patterns of requesting and subscribing to data from Zoom. Long-polling the Zoom API instead of subscribing to receive Webhook Event requests is considered an anti-pattern and may cause the app to be denied. There are multiple benefits to subscribe to Webhook events, the most significant being performance and monitoring. Enable Event Subscriptions for an app in the “Features” section while creating or managing the app on the App Dashboard.
9. Remove Unused Scopes from Development
Scopes added to apps expose functionality and access to Zoom APIs. Zoom expects all developers to only enable Scopes to make functional, logical, and business sense for their apps. Failure to use proper API requests for a given scope will cause an app to be denied. Zoom recommends only selecting the minimum required Scopes for app operation.
10. Optimize App Authentication and Refresh Flows
Apps should not make overly frequent requests for OAuth tokens. A token should be requested and stored to allow an app to make API requests, rather than generated on each request.
Data returned on responses from Zoom Authentication endpoints should be cached and
access_tokens should be re-used until expired. Once expired, a Refresh Token request can be sent for a new token. For more information on this flow, reference our guide to OAuth with Zoom.
11. Confirm Installation Process for Testing by Zoom
Zoom expects app installation to be quick, efficient, and in a self-service manner. Apps which have a freemium business plan model are ideal models for the Zoom App Marketplace, as they typically allow for self-service account creation tools.
A Configuration URL should be set to allow users to easily access configuration settings for the app/integration within the Zoom Marketplace. This is particularly important for apps which have chosen the “Install from Landing Page” feature.
12. Secure Confidential Information
In addition to following the steps listed above, ensure that the contents that you submit for publication such as app descriptions, support documentation, images and video files, do not expose your App Credentials and other private information. Blur all mentions of information such as tokens, passwords, and keys to secure confidential data.
The first place to look for help is on our Developer Forum, where Zoom Marketplace Developers can ask questions for public answers.
If you can’t find the answer in the Developer Forum or your request requires sensitive information to be relayed, please email us at email@example.com.