Create an SDK App

Zoom SDKs provide a subset of features that are available in the Zoom Client app that can be integrated into your native apps. Zoom SDKs offer video-conferencing features that mirror the meeting experience in the Zoom Client and are compatible with various languages, platforms, and frameworks. Explore our available Zoom SDKs for more specific platform information.

Creating a Web SDK app

The Web SDK uses an API Key & Secret for authentication. Login to the Zoom Marketplace and Create a JWT App to get API Keys & Secrets.

Register Your App

To register your app, visit the Zoom App Marketplace and click on the Develop option in the dropdown on the top-right corner and select Build App. A page with various app types will be displayed. Select SDK as the app type and click on Create.

Add your app name

Add a name for your app, up to 50 characters. This will be displayed on Marketplace.

Click Create.

Choose your app credential type

Choose the credential type for your app:

  • Legacy SDK app — SDK apps previously were Account-level apps, installed and managed by account admins. But with OAuth, SDK apps can now be user-managed apps.

Note: This Legacy credential type preserves the previous behavior for SDK apps, but it will soon be deprecated and no longer supported. We encourage you to choose User-managed OAuth app, described below.

  • User-managed OAuth app — The app is installed and authorized by individual users. Your app only has access to authenticated users’ data.

If you chose User-managed OAuth app, click Enable to confirm. Click Continue.

Select an OAuth flow

  • Server-to-server — use your own server to handle OAuth authorization from the user.
    • This is the traditional OAuth flow, where you can use your web-based application to manage the redirect after a successful user authorization.
  • PKCE (Proof Key for Code Exchange) — Complete the OAuth flow without a backend server, using your locally installed native SDK app with a non-https private-use URI scheme to the Zoom service with code verifier and code challenge.
    • There are risks associated with this option, namely that data can be intercepted and you must store your Developer credentials within your app (the client).

Note: If you chose to use PKCE, domain validation will fail. This is a known issue that will be fixed in a future release. You can still choose this option for development. Keep an eye on the Developer changelog for updates.

Publish on Zoom App Marketplace

By default, Zoom will publish your SDK app on the Zoom App Marketplace, where users can discover and install it.

Note: Currently there is no option to not publish your app, but if you want to keep your app private, you can just choose not to submit your app to the Zoom App Marketplace team for review. Your app will not be published live until you receive approval from the Zoom App Marketplace team. If you do not submit it for review, this effectively puts it into a holding state. You can use the Publishable URL internally to install it for users on your account.

Confirm Enable OAuth

Click Enable to confirm.

Once you create or convert your existing SDK app to a user-managed OAuth app, you will no longer see the App Type menu in your app details. You’ll also see tags under your app name:

  • Intend to publish: Yes
  • User managed app
  • SDK OAuth credentials

Add app information

Fill out descriptive and contact information for your app.

  • Enter a short description.
  • Make any edits to your app name.
  • Add a long description and any marketing content that you’d like to share with others when they find your app on the Marketplace.
  • Preview content — upload a maximum of six visual assets for your app’s detail page. The Marketplace supports JPG/JPEG, GIF, PNG, and MP4 file formats. Image resolution must be 1200 by 780 pixels. The maximum video size is 40 MB.
  • Category, Vertical — Choose a category and industry vertical. See the form for details.
  • Company Name — Add your company name, which will appear on the Marketplace homepage and in the app’s detail page.

Developer contact information

Fill out your contact information for service announcements, Marketplace and API updates, and other information that may impact your app or Marketplace listing. You must provide a Name and email address.

Links

Add required links to your privacy policy, terms of use, and support pages, and optional links to your documentation and configuration pages.

Installing your app

Your app’s detail page will include a Visit Site to Install button that will send users to your site to install your app. Include a required direct landing URL for this page in this field.

Deauthorization notification

Provide an endpoint to receive event notifications when users uninstall your app. See Deauthorization Event Notifications for details.

Click Continue.

Download the SDK

Download the SDKs for the OSes that your app will support. See Zoom Meeting SDKs for details.

Generate SDK and OAuth credentials

The Zoom platform generates SDK credentials that you can use to access the Zoom SDKs and OAuth credentials for authentication during development and production.

SDK credentials

In order to allow your app to integrate, the Zoom platform generates a set of unique credentials used to generate the tokens needed to authorize each request.

Here you will see a unique set of App Credentials generated for you by the Zoom Marketplace including an SDK Key and SDK Secret.

Once you have accessed these credentials, copy them over or refer back for usage during development.

Note: If you have previously created an SDK app on the Zoom Marketplace, your SDK Key and Secret will be shared between apps, and can be accessed by logging into Marketplace and clicking Manage.

OAuth credentials

You’ll see two sets of OAuth credentials, one for development and one for production. Zoom automatically generates the Client ID and Client Secret for both.

  • Use development credentials to build and test your app. The Zoom App Marketplace team will also use these to test your app.
  • Use production credentials when you publish your app on Zoom App Marketplace.

Redirect URL for OAuth

For your development and production credentials, provide a valid, HTTPS-secure URL to which users will be redirected to after successfully authorizing your application. For example, the https://example.com URL.

OAuth allow list

Add any unique URLs that Zoom should allow as valid redirect URLs for your OAuth flows. This additional security measure ensures that users are only redirected to the provided pre-approved endpoints.

After you enter the URL, you do not need to press a button to save it. To add additional URLs, click Add a new one. Click Remove to remove one.

Make sure to include either the complete URL (https://subdomain.domain.tld/path/to/oauth/callback) or the base URL without the path and/or query parameters (https://subdomain.domain.tld).

This is a required step to secure your app and prevent unwanted tampering with your app during installation. To minimize the risk of sensitive data leakage, only include the URLs you provided in the Add allow lists field.

Scopes

The Scopes tab lets you define the API endpoints that your app is allowed to use to access specific user resources.

To add scopes to your app, click Add Scopes. Select the desired scopes for your app, then click Done.

The Scopes tab will display all the scopes chosen for your app:

For each scope, you must provide a description for how your app uses the scope.

For SDK user authorization, you must include the “View user’s zak token” scope.

Once your app is published, it will only be allowed to access the resources granted to it by its authorized scopes. Each request for a scope is reviewed by the Zoom App Marketplace team upon app submission.

Local test

The SDK OAuth Local tab lets you generate local test credentials and preview your app in the Marketplace.

After this step, your app will be registered as a draft app and you will be able to integrate Zoom services and APIs in your application’s code.

See Supporting OAuth in your SDK app for details.

The Local test section contains the following:

Test the App Locally

Use the install and uninstall buttons in this section to test your app’s authorization.

Testable URL

Use this section to generate a test URL to share with others in your account. This lets you test your app locally in a development environment. Click Generate to generate a testable URL.

Preview URL

Use this URL to preview your app.

Submit

Use the Submit tab to review and submit your app for publication in the Zoom App Marketplace. You must review and complete any missing information before you can submit your app for review.

Note: Currently there is no option to not publish your app, but if you want to keep your app private, you can just choose not to submit your app to the Zoom App Marketplace team for review. Your app will not be published live until you receive approval from the Zoom App Marketplace team. If you do not submit it for review, this effectively puts it into a holding state. You can use the Publishable URL internally to install it for users on your account.

If you do not intend to publish your app, you can use the generated Publishable URL in this section to activate your production credentials.

Note: If you chose to use PKCE, domain validation will fail. This is a known issue that will be fixed in a future release. Keep an eye on the Developer changelog for updates.

Activation

Note: Activation is only available for Legacy SDK apps.

Having retrieved your SDK Key and SDK Secret, your app is all set to utilize any of the Zoom SDKs. You may want to refer back to any of the above settings to manage your app or if you need to regenerate your credentials.

You also have the option to Deactivate or Reactivate your app. If Deactivated, your app will not be authorized to make requests to the Zoom platform.