App Permissions


For your app to be enabled for an end user, it will need to be pre-approved by an account admin or a user with marketplace permissions for their Zoom Account.

For more information on Pre-approval, please see our guide on End User Authorization Flows.

Prerequisites and Scopes

Zoom utilizes OAuth 2.0 to authorize a Zoom user to use your app without exposing their login information.

You will need to define your scopes to leverage OAuth 2.0 and inform users what information your app needs to access user or account information. Scopes within the app marketplace define the resources and API methods used for your app. Zoom will need to approve the scopes your app requests before it can be live in the Zoom Marketplace.

Limit the scopes

Any app that asks for broader scopes will go through an extensive periodic scrutiny process by the Zoom App security team. We recommend not asking for a broader scope if your app does not need it.

Account-level App Scopes

Account-level scopes are all mapped to management based APIs. This will allow you to take advantage of general account management. The scopes are installed on an administrative level.

The scopes are defined as follows:

Scope Description Accessible APIs
imchat:bot Add a bot feature GET account settings
account:read:admin View account information GET account settings
account:write:admin View and manage account information All Account APIs
dashboard:read:admin View Dashboard data All Dashboard APIss
group:read:admin View user groups GET Groups APIs
group:write:admin View and manage user groups All Group APIs
imchat:read:admin View all users history and channels GET IM Chat APIs
imchat:write:admin Send messages to chat group or user through a Bot All IM Chat APIs
imgroup:read:admin View IM Group information GET IM Groups APIs
imgroup:write:admin View and manage IM Groups ALL IM Groups APIs
meeting:read:admin View all users’ meetings GET Meeting APIs
meeting:write:admin View and manage all users’ meetings ALL Meeting APIs
recording:read:admin View all users’ recordings GET Cloud Recording APIs
recording:write:admin View and manage all users’ recordings GET Cloud Recordings
report:read:admin View report data GET Reports APIs
scim2 Call Zoom’s SCIM2 API
tsp:read:admin View TSP information GET TSP APIs
tsp:write:admin View and manage TSP information All TSP APIs
user:read:admin View all users’ information GET Users APIs
user:write:admin View and manage all users and users’ information All Users APIs
webinar:read:admin View all users’ Webinars GET Webinars APIs
webinar:write:admin View and manage all users’ Webinars All Webinars APIs

User-Managed App Scopes

Scope Description Accessible APIs
imchat:bot Add a bot feature
imchat:read View the user’s channels GET IM Chat APIs
imchat:write Send a message to a chat group or user through a Bot All IM Chat APIs
meeting:read View the user’s meetings GET Meeting APIs
meeting:write View and manage the user’s meetings All Meeting APIs
recording:read View the user’s recordings GET Cloud Recording APIs
recording:write View and manage the user’s recordings All Cloud Recording APIs
tsp:read View the user’s TSP account information GET TSP APIs
tsp:write View and manage the user’s TSP account information All TSP APIs
user:read View the user’s information GET Users APIs
user:write View and manage the user’s information All Users APIs
user_profile View the user’s profile information Users individual management and meeting settings.
webinar:read View the user’s webinars GET Webinars APIs
webinar:write View and manage the user’s webinars All Webinars APIs

OAuth API Availability

Method URL (v2)
GET /v2/users/me
PATCH /v2/users/me
GET /v2/users/me/settings
PATCH /v2/users/me/settings
GET /v2/users/me/assistants
POST /v2/users/me/assistants
DELETE /v2/users/me/assistants
DELETE /v2/users/me/assistants/{assistantId}
GET /v2/users/me/token
DELETE /v2/users/me/token

Meetings APIs

Method URL(v2)
GET /v2/users/me/meetings
POST /v2/users/me/meetings
GET /v2/meetings/{meetingId}
PATCH /v2/meetings/{meetingId}
DELETE /v2/meetings/{meetingId}
PUT /v2/meetings/{meetingId}/status
POST /v2/meetings/{meetingId}/registrants
GET /v2/meetings/{meetingId}/registrants
PUT /v2/meetings/{meetingId}/registrants/status

Webinar APIs

Method URL(v2)
GET /v2/users/me/webinars
POST /v2/users/me/webinars
GET /v2/webinars/{webinarId}
PATCH /v2/webinars/{webinarId}
DELETE /v2/webinars/{webinarId}
PUT /v2/webinars/{webinarId}/status
POST /v2/webinars/{webinarId}/registrants
GET /v2/webinars/{webinarId}/registrants
PUT /v2/webinars/{webinarId}/registrants/status
GET /v2/webinars/{webinarId}/panelists
POST /v2/webinars/{webinarId}/panelists
DELETE /v2/webinars/{webinarId}/panelists
DELETE /v2/webinars/{webinarId}/panelists/{panelistId}

Cloud Recording

Method URL(v2)
GET /v2/users/me/recordings
GET /v2/meetings/{meetingId}/recordings
DELETE /v2/meetings/{meetingId}/recordings
DELETE /v2/meetings/{meetingId}/recordings/{recordingId}
Note

If you update any scopes after generating a Publishable URL, you will be required to regenerate a new Publishable URL.