Create an OAuth App
OAuth 2.0 is the industry-standard authorization protocol that allows applications to obtain requested access to user accounts over the HTTP service with the user’s approval.
By creating an OAuth app on the Zoom App Marketplace, you can securely integrate with Zoom APIs and access users’ authorized data using a user-based authentication approach. This app can either be installed and managed across an account by account admins (account-level app) or by users individually (user-managed app).
Register Your App
To register your app, visit the Zoom App Marketplace and click on the Develop option in the dropdown on the top-right corner and select Build App. A page with various app types will be displayed. Select OAuth as the app type and click on Create.
Provide app related information and get client credentials
The windows that follow will ask you to provide a series of information. All fields are required unless otherwise noted. Descriptions of each field are provided below:
App Name: Provide your app’s name here.
App Type: There are two types of OAuth apps in Zoom:
- Account-level app: Choose this option if your app will manage users across an entire account. An admin will control the installation and management of this app across users in the same account.
- User-managed app: Choose this option if your app will be installed and authorized by users individually and your app will only have access to the authenticated users’ data.
Generate App Credentials
After you provide the information mentioned above, app credentials (Client ID/ Client Secret) will be automatically generated for your app. You can see development and production credentials. Use development credentials while you are building and testing your app. Use production credentials once you are ready to publish your app on the Marketplace.
Redirect URL for OAuth: Provide a valid URL secured with HTTPS to which users will be redirected to after they successfully authorize your application.
Whitelist URL: Add all unique URLs that Zoom should whitelist as valid Redirect URLs for your OAuth flows. This additional security measure ensures that users are only redirected to the pre-approved endpoints provided under the Whitelist. Make sure to include either the complete URL(
https://[subdomain.]domain.tld/path/to/oauth/callback) or the base URL, omitting the path and/or query parameters(
This is a required step to secure your app and prevent unwanted tampering with your app during installation. To minimize the risk of sensitive data leakage, only include URLs that you have provided in the Redirect URL for OAuth field.
In this page, you must provide some basic information about your app including short and long descriptions about your app that provides users with a general idea about why they would want to use your app. You can select up to three categories that your app falls under.
Additionally, provide preview images of your app (optional), your contact information, helpful links, installation site and a Deauthorization endpoint URL where your app will receive notifications every time a user uninstalls your app.
In this page, you can optionally enable some additional features such as Event Subscriptions and Chat subscriptions for your app.
Event Subscriptions are optional features which allow apps to use Zoom’s webhooks to return information when a certain event or action is triggered. In many cases, Event Subscriptions can replace the need for repeated API calls. For example, you might want to add a feature that sends automated notifications to your app every time a User has activated their account or every time a Recording has started.
To create an Event Subscription, click the toggle on. Click + Add new event subscription. Choose an optional Subscription Name, and add an Event Notification Endpoint URL for both development and production. These URLs will receive POST requests containing data on the notification for each subscribed event. Note: Event Notification Endpoint URLs must be secured over HTTPS.
Note: Event Subscription names have no effect on the payload of the request.
Add the event types for this Event Subscription and click Save.
To add additional Event Subscriptions, click + Add new event subscription again. Although you can subscribe to as many events as needed for each event subscription, you can only have a maximum of ten event subscriptions per app.
Event subscriptions can have duplicate Events. For example, one Event Subscription could have Meetings and User Events, and a second Event Subscription can have Meetings and Recordings events.
To utilize Event Subscriptions, you will need to provide a Event Endpoint URL to receive incoming events from Zoom. This could be a URL like ‘https://www.yourcompany.com/useradded’, which we explore in our Webhook reference.
Note: This URL must be secured over HTTPS.
Once you enter your Event types and Destination URL, you must click Save.
Scopes define the API endpoints/methods that your app is allowed to use in order to access specified resources pertaining to your users.
To explore and add available Scopes, click “Add Scopes” and scroll through the available access points your app will need.
Once your app is published, it will only be permitted to access the resources granted to it by its authorized scopes. Each request for a scope will be specifically reviewed by the Zoom Marketplace team on submission.
Create local test URLs to test your app locally in your dev environment.
After this step, your app will be registered as a draft app and you will be able to integrate Zoom services and APIs in your application’s code.
Note: Proceed to the Submit page if you would like to make your app publicly available by publishing it through Marketplace or if you would like to request Zoom to make the app shareable within an account for testing purposes.
Request publication once your development is complete if you intend to publish your app in the Zoom Marketplace. If you do not intend to publish your app, you can still use the Publishable URL that can be generated in the Submit page to activate your production credentials.