Submission Checklist

1. Complete App Descriptions

There are two descriptions available for developers, the Short Description and Long Description, each with a distinct purpose:

Short Description

Use the Short Description to provide information about your business’s core purpose for customers and explain what your app does in a nutshell. Highlight features or typical use cases of your app. Short descriptions should be 1-2 sentences (max 150 char), and can be updated when submitting new versions.

Long Description

Provide a Long Description which highlights the features of your app. Use this section to describe your App as a service, and your company as an organization. This is your opportunity to tell Zoom users why they should install this integration, what value does your app provide, and why your app is the right solution for them. Ideal descriptions contain a concise, informative paragraph followed by a short list of main features.

Long Descriptions can commonly cause an app submission to be denied if it lacks sufficient information about app functionality. Long Descriptions can be updated when a new version of the app is submitted.

2. Add Images / Videos

Images are required to show users what to expect when using the submitted app, including function and user-interfaces examples. Videos (up to 40MB) provide expected app usage and user-interface interaction.

For an example of high-quality image/video content, reference the Hubspot app on the Zoom Marketplace.

3. Provide a Privacy Policy URL

Provide the URL for your app’s Privacy Policy document.

A Privacy Policy document should disclose information on the kind of data you collect from your app users and the permissions that a user might have to grant in order to use your app. It should also explain the ways of data collection and the reasons behind it. For instance, if a user needs to create an account to use your service, you should list out the information that you retain from the user.

If your app tracks user activity, you must provide examples of the activities that are tracked and the information that is collected from the activity. If your app provides a way for users to manage and control the permissions that have been granted, you must list out the steps that users can follow to do so.

4. Provide a Terms of Use URL

Provide the URL for your app’s Terms of Use document.

A Terms of Use (ToU) document should include information on the legal agreements that users must be aware of and abide by while using your service. Your app’s ToU could include information such as the minimum age requirement for using the app, intellectual property disclosure, termination of service access, payment policies and more. This ToU should be unique to your Marketplace app and must address the following information at a minimum:

  • Description of Service and Usage Limitation: Include brief information on the services that your app provides to the users. If any of the services are to be used only for personal needs and not commercial usage, include this information in the ToU. If there are specific practices that you want the users to avoid while using your app, clearly state them in the ToU.

  • Description or Links to Privacy Policy: This should provide details on what information you collect from the user and how do you protect their data. Refer to the Privacy Policy section above for more information on this.

  • Description of Expected Procedures and Liability: If your app has certain maintenance windows during which the guaranteed uptime can deflect, include this information on the ToU. In cases of data and business loss of your app users, state who is liable to mitigate for the loss.

  • Description of Payment Policy: State terms of use for subscriptions, in-app purchases, trials or any other payment that a user might have to make while using your app. Provide details about the method of payment and the consequences of not making timely payments.

Although you can refer to these instructions for getting started with writing your ToU, it should not be treated as an exhaustive list. Consult with your company’s legal team to get support authoring a ToU that best meets your app and business requirements.

5. Provide Support URL

All published apps are required to provide a Support URL for individual on-going support for users of this app. Your support page must include the information outlined below to help customers understand what they can expect when engaging with your support team:

  • Hours of Your Support Team
  • First Response SLA (Maximum time a customer should expect to wait until they receive their first response from a member in your Customer Support Team)
  • Link to create a support case
  • Link to email support
  • Link to your Knowledge base or forums.
  • Link to a live customer support channel (if available)
  • Support Phone Number (if available)

By providing this information, your app is better positioned to serve our mutual customers and create a positive experience when they seek support for your app.

6. Provide Documentation URL

All published apps are required to provide a Documentation URL to guide users through app installation and usage. When creating documentation, provide the following guidelines:

Installation (Required): A step by step guide for a user to install your app. Link to an installation troubleshooting guide.

Usage (Required): For each feature or action, provide a clear use-case description and a list of any prerequisites.

Uninstallation (Required): A guide to uninstalling the app from your Zoom account. Notify the user the implications of Deauthorization, and how you will remove their data. If your app has specific requirements, be sure to include these. A simple list like the following will suffice, as uninstallation is handled by Zoom:

  1. Login to your Zoom Account and navigate to the Zoom App Marketplace.
  2. Click Manage > Installed Apps or search for the XYZ app.
  3. Click the XYZ app.
  4. Click Uninstall.

In the above list, we have used “XYZ” as a reference for an app. In your documentation, you should replace it with your app’s name.

Troubleshooting (Optional, but highly recommended): List the most common user issues and their solutions including installation issues, adding meetings, accessing recordings, etc.

FAQ - (Optional): List the most frequently asked questions, including questions on authorization, activation emails, or unsubscribing to email updates.

Contact Support (Optional): Describe what users can expect when engaging your support team including the hours of your support team and first response SLA (maximum time a user should expect to wait to hear from your support team). Provide a link to create a support case or contact support through email, KB/Forums, or phone.

7. Provide Deauthorization Event URL for Testing

All apps must provide the proper ability for the User to uninstall or deauthorize the app in compliance with Zoom’s commitment to security and the protection of User data. For a direct guide, reference the Deauthorization documentation.

To do so, apps must provide a secured endpoint for receiving Deauthorization notifications from Zoom and respond with proper data retention practices as outlined in the Marketplace Developer Agreement.

8. Optimize App Data Fetching

Apps are expected to adhere to optimal patterns of requesting and subscribing to data from Zoom. Long-polling the Zoom API instead of subscribing to receive Webhook Event requests is considered an anti-pattern and may cause the app to be denied. There are multiple benefits to subscribe to Webhook events, the most significant being performance and monitoring. Enable Event Subscriptions for an app in the “Features” section while creating or managing the app on the App Dashboard.

9. Remove Unused Scopes from Development

Scopes added to apps expose functionality and access to Zoom APIs. Zoom expects all developers to only enable Scopes to make functional, logical, and business sense for their apps. Failure to use proper API requests for a given scope will cause an app to be denied. Zoom recommends only selecting the minimum required Scopes for app operation.

10. Optimize App Authentication and Refresh Flows

Apps should not make overly frequent requests for OAuth tokens. A token should be requested and stored to allow an app to make API requests, rather than generated on each request.

Data returned on responses from Zoom Authentication endpoints should be cached and access_tokens should be re-used until expired. Once expired, a Refresh Token request can be sent for a new token. For more information on this flow, reference our guide to OAuth with Zoom.

11. Whitelist OAuth Redirect URLs

In the Whitelist URL field, add all unique URLs that Zoom should whitelist as valid Redirect URLs for your OAuth flows. This additional security measure ensures that users are only redirected to the pre-approved endpoints that you provided in this field. Make sure to include either the complete URL(https://[subdomain.]domain.tld/path/to/oauth/callback) or the base URL, omitting the path and/or query parameters(https://[subdomain.]domain.tld).

This is a required step to secure your app and prevent unwanted tampering with your app during installation. To minimize the risk of sensitive data leakage, only include URLs that you have provided in the Redirect URL for OAuth field.

Prior to your app submission, ensure that you are following the guidelines listed below regarding your URLs:

  • Secure your URLs with HTTPS
  • Use FQDNs and refrain from using any localhost addresses
  • Refrain from using ngrok domains. If used, you will be required to provide proof of ownership of the specific ngrok domain.
  • Refrain from using any default Heroku App domains(example: app_name.herokuapp.com). Use custom domains instead.
    When using domains that are different from your App’s domain, you will be required to provide a justification for the addition of these to the whitelist.

12. Specify Installation Process

Zoom expects app installation to be quick, efficient, and in a self-service manner. Apps which have a freemium business plan model are ideal models for the Zoom App Marketplace, as they typically allow for self-service account creation tools.

A Configuration URL should be set to allow users to easily access configuration settings for the app/integration within the Zoom Marketplace. This is particularly important for apps which have chosen the “Install from Landing Page” feature. You can configure your app to be installed in one of the two ways: ‘From your landing page’ or ‘From marketplace’.

If you choose the ‘From Marketplace’ installation method, an ‘Install’ button will be displayed on your app listing page on the Zoom Marketplace and once users click “Install”, they will instantly be taken to the authorization page:

After clicking ‘Authorize’, users will be taken to the redirect URL you have specified in your submission to configure the app or begin using your integration.

If you select ‘From your landing page’ installation method, users will be able to click ‘Visit Site to Install’ on your app listing page and will be taken to the Landing Page URL you have specified in your submission.

The Landing Page URL must route logged in users to a page where they can authorize the integration, and it must redirect unauthenticated users to a sign in page.

Best Practice for Landing Page URLs is to use a deep-linked URL that is behind a paywall or login system (so your system can identify the user by requiring them to first authenticate), and upon successful authentication, redirect the user to your “deep-linked” Landing Page URL( Example: https://foo.tld/integrations/zoom).

Installations via Landing Page are useful if you want to restrict the authorization of your app to only users who already have an account within your system. Having the Zoom integration install link behind your own login system is ‘restricted’ since there is no way to install the app unless the end-user has an account with your company.

The ‘Visit Site to Install’ option is particularly effective if your app requires users to enter unique or organization-specific subdomains to log in to your app( Example: https://my-organization.foo.tld).

13. Secure Confidential Information

In addition to following the steps listed above, ensure that the contents that you submit for publication such as app descriptions, support documentation, images and video files, do not expose your App Credentials and other private information. Blur all mentions of information such as tokens, passwords, and keys to secure confidential data.

Want to ensure that your app is ready for submission?

Fill out this form prior to submitting your app so that you can assess your app in its current state. Once you complete the assessment, you will receive an email with a link to an auto-generated App Review Report highlighting existing issues and recommendations on how to resolve those issues.

Need help?

The first place to look is on our Developer Forum. If you can't find the answer or your request includes sensitive information, contact Developer Support.