App Permissions

For your app to be enabled for an end user, it will need to be pre-approved by an account admin or a user with marketplace permissions for their Zoom Account.

For more information on Pre-approval, please see our guide on End User Authorization Flows.

Prerequisites and Scopes

Zoom utilizes OAuth 2.0 to authorize a Zoom user to enable your app without exposing their login information.

To leverage OAuth 2.0, you will need to inform users what information your app needs in order to access user or account information. This will require establishing clear authorization Scopes, which define the resources and API methods used by your App. To ensure user protection, the Zoom Marketplace Team will review and approve each requested scope in order for your app to be available on the Marketplace.

Tip: Limit the scopes

Any app that asks for broader scopes will go through an extensive periodic scrutiny process by the Zoom App security team. We recommend not asking for a broader scope if your app does not need it.

Note: Updating scopes after you generate a Publishable URL will require you to generate a new Publishable URL.

Account-level App Scopes

Account-level scopes are all mapped to management based APIs, and allow admins to take advantage of general account management. All scopes below are installed on an administrative level:

Scope	Description	Accessible APIs
imchat:bot	Add a bot feature	GET account settings
account:read:admin	View account information	GET account settings
account:write:admin	View and manage account information	All Account APIs
dashboard:read:admin	View Dashboard data	All Dashboard APIss
group:read:admin	View user groups	GET Groups APIs
group:write:admin	View and manage user groups	All Group APIs
imchat:read:admin	View all users history and channels	GET IM Chat APIs
imchat:write:admin	Send messages to chat group or user through a Bot	All IM Chat APIs
imgroup:read:admin	View IM Group information	GET IM Groups APIs
imgroup:write:admin	View and manage IM Groups	ALL IM Groups APIs
meeting:read:admin	View all users’ meetings	GET Meeting APIs
meeting:write:admin	View and manage all users’ meetings	ALL Meeting APIs
recording:read:admin	View all users’ recordings	GET Cloud Recording APIs
recording:write:admin	View and manage all users’ recordings	GET Cloud Recordings
report:read:admin	View report data	GET Reports APIs
scim2	Call Zoom’s SCIM2 API
tsp:read:admin	View TSP information	GET TSP APIs
tsp:write:admin	View and manage TSP information	All TSP APIs
user:read:admin	View all users’ information	GET Users APIs
user:write:admin	View and manage all users and users’ information	All Users APIs
webinar:read:admin	View all users’ Webinars	GET Webinars APIs
webinar:write:admin	View and manage all users’ Webinars	All Webinars APIs

User-managed App Scopes

User-managed App Scopes are apps which require OAuth authentication and allow apps to manage and view an individual Zoom user’s information. All scopes below are available exclusively to users who have authorized the app to access the data:

Scope	Description	Accessible APIs
imchat:bot	Add a bot feature
imchat:read	View the user’s channels	GET IM Chat APIs
imchat:write	Send a message to a chat group or user through a Bot	All IM Chat APIs
meeting:read	View the user’s meetings	GET Meeting APIs
meeting:write	View and manage the user’s meetings	All Meeting APIs
recording:read	View the user’s recordings	GET Cloud Recording APIs
recording:write	View and manage the user’s recordings	All Cloud Recording APIs
tsp:read	View the user’s TSP account information	GET TSP APIs
tsp:write	View and manage the user’s TSP account information	All TSP APIs
user:read	View the user’s information	GET Users APIs
user:write	View and manage the user’s information	All Users APIs
webinar:read	View the user’s webinars	GET Webinars APIs
webinar:write	View and manage the user’s webinars	All Webinars APIs

OAuth API Availability

OAuth APIs allow apps which have been authorized by individual end-users to manage that user’s Zoom data. The following endpoints are available:

Method	URL (v2)
GET	/v2/users/me
PATCH	/v2/users/me
GET	/v2/users/me/settings
PATCH	/v2/users/me/settings
GET	/v2/users/me/assistants
POST	/v2/users/me/assistants
DELETE	/v2/users/me/assistants
DELETE	/v2/users/me/assistants/{assistantId}
GET	/v2/users/me/token
DELETE	/v2/users/me/token

Meetings API

Meetings APIs allow apps to read, create, update, and delete Zoom Meetings either for the authorized user or by meetingID. The following endpoints are available:

Method	URL(v2)
GET	/v2/users/me/meetings
POST	/v2/users/me/meetings
GET	/v2/meetings/{meetingId}
PATCH	/v2/meetings/{meetingId}
DELETE	/v2/meetings/{meetingId}
PUT	/v2/meetings/{meetingId}/status
POST	/v2/meetings/{meetingId}/registrants
GET	/v2/meetings/{meetingId}/registrants
PUT	/v2/meetings/{meetingId}/registrants/status

Webinar API

Webinar APIs allow apps to read, create, update, The following endpoints are available:

Method	URL(v2)
GET	/v2/users/me/webinars
POST	/v2/users/me/webinars
GET	/v2/webinars/{webinarId}
PATCH	/v2/webinars/{webinarId}
DELETE	/v2/webinars/{webinarId}
PUT	/v2/webinars/{webinarId}/status
POST	/v2/webinars/{webinarId}/registrants
GET	/v2/webinars/{webinarId}/registrants
PUT	/v2/webinars/{webinarId}/registrants/status
GET	/v2/webinars/{webinarId}/panelists
POST	/v2/webinars/{webinarId}/panelists
DELETE	/v2/webinars/{webinarId}/panelists
DELETE	/v2/webinars/{webinarId}/panelists/{panelistId}

Cloud Recording API

Cloud Recording APIs allow apps to read and delete recorded Zoom Meetings for the authorized user or by meetingID. The following endpoints are available:

Method	URL(v2)
GET	/v2/users/me/recordings
GET	/v2/meetings/{meetingId}/recordings
DELETE	/v2/meetings/{meetingId}/recordings
DELETE	/v2/meetings/{meetingId}/recordings/{recordingId}