OAuth 2.0 is the industry-standard authorization protocol that allows applications to obtain requested access to user accounts over the HTTP service with the user’s approval.
An OAuth app lets you to utilize event subscriptions (webhooks) for your app.
By creating an OAuth app on the Zoom App Marketplace, you can securely integrate with Zoom APIs and access users' authorized data using a user-based authentication approach. This app type can be either added and managed across an account by account admins (account-level app) or by users individually (user-managed app).
Note: To build an app that provides server-to-server interaction with Zoom APIs to manage your account, you may want to build an app using JSON Web Tokens (JWT).
To register your app, visit the Zoom App Marketplace and click Develop in the dropdown menu in the top-right corner of the page. Select Build App. A new page will appear displaying the available app types. Click Create in the OAuth option to continue.
In this step, you will need to provide the following app information:
- App Name — The app's name.
- App Type — There are two types of available OAuth apps:
- Account-level app — The admin manages users' across an entire account. An admin also controls adding and managing apps across users in the same account.
- User-managed app — The app is added and authorized by individual users. Your app only has access to authenticated users' data.
- Distribution — Set this toggle to enabled to make the app publicly available in the Zoom App Marketplace.
When finished, click Create. A new window displaying your new OAuth app will appear.
When you create your app, the system automatically generates the Client ID and Client Secret for your app.
- Use development credentials to build and test your app.
- Use production credentials when you publish your app on Zoom App Marketplace.
In the App credentials tab you must provide the following information:
Provide a valid, HTTPS-secure URL to which users will be redirected to after successfully authorizing your application. For example, the
If you choose to publish your app, this section generates the necessary Client ID and Client Secret to publish on the Zoom App Marketplace.
This section contains the following settings:
This section contains settings to help prohibit others from tampering with your app's redirect URLs:
- Subdomain check — Set this toggle to enabled to only allow redirects matching the subdomain of the Redirect URL for OAuth URL.
In this section, add any unique URLs that Zoom should allow as valid redirect URLs for your OAuth flows. This additional security measure ensures that users are only redirected to the provided pre-approved endpoints.
To add additional URLs, click Add a new one.
Make sure to include either the complete URL (
https://subdomain.domain.tld/path/to/oauth/callback) or the base URL without the path and/or query parameters (
This is a required step to secure your app and prevent unwanted tampering with your app as it is added to your account. To minimize the risk of sensitive data leakage, only include the URLs you provided in the Add allow lists field.
In the Information tab you must provide basic app information. This provides users with a general idea about why they would want to use your app. You can select up to three categories that your app falls under.
Additionally, provide app preview images, your contact information, helpful links, the app authorization site (where the user can add it), and an app deauthorization endpoint URL where your app will receive notifications every time a user removes your app.
The Feature tab lets you add features to your app.
The Event subscriptions feature allows apps to use Zoom’s webhooks to return information when a certain event or action is triggered.
Event subscriptions can replace the need for repeated API calls. For example, you can add a feature that sends notifications to your app every time a user activates their account or every time a meeting recording begins.
To enable this feature, set the toggle to enabled and click Add Event Subscription. Then, provide the following event subscription information:
The event subscription's unique name. For example, Meeting events. This field is optional.
Provide the development and production endpoint HTTPS URLs (for example,
https://example.com). The provided URLs receive POST requests containing data on the notification for each subscribed event.
Click Add Events to subscribe your app to events. A new window will appear that displays the available event subscriptions.
Event subscriptions can have duplicate events. For example, one event subscription can have Meetings and User events, and a second event subscription can have Meetings and Recordings events.
After selecting the event subscriptions for your app, click Save.
After you subscribe your app to events, the Feature tab provides a verification token. You can use this token to validate event notification requests for your app.
Note: Event notification endpoint URLs must be secured over HTTPS. Event subscription names have no effect on the payload of the request.
The Scopes tab lets you define the API endpoints/methods that your app is allowed to use to access the specific user resources.
To add scopes to your app, click Add Scopes. Select the desired scopes for your app, then click Done. For each scope, you must provide a description for how your app uses the scope.
Note: Some event subscriptions require specific scopes. Required scopes are automatically added to your app and cannot be removed.
Once your app is published, it will only be allowed to access the resources granted to it by its authorized scopes. Each request for a scope is reviewed by the Zoom App Marketplace team upon app submission.
The Local test tab lets you generate local test credentials and preview your app in the Marketplace.
After this step, your app will be registered as a draft app and you will be able to integrate Zoom services and APIs in your application’s code.
The Local test section contains the following:
Use this section to test your app's authorization.
Use this section to generate a test URL to share with others in your account. This lets you test your app locally in a development environment.
The Preview My App link lets you preview your app as it would appear in the Zoom App Marketplace. This link is generated when you create a publishable URL or upon app submission.
Note: You can use the Submit tab to request that Zoom to make the app shareable within an account for testing purposes.
Use the Submit tab to review and submit your app for publication in the Zoom App Marketplace. You must review and complete any missing information before you can submit your app for review.
If you do not intend to publish your app, you can use the generated Publishable URL in this section to activate your production credentials.