Announcing platform support for oAuth 2.0

February 1, 2018

We are glad to announce the support for oAuth 2.0 on our platform. This has been a frequent request and is going to simplify your application workflows. I will go over the critical pieces in this post specific to Zoom implementation but we recommend taking a look at the following RFCs to understand how oAuth 2.0 works. We have added support forĀ  both the implicit and authorization code grant types.

The OAuth 2.0 Authorization Framework

Bearer Token Usage

JSON Web Token

Zoom Framework

We have provided the details and oAuth steps in our documentation.

Here's a quick recap of our oAuth dance. Note that we highly recommend you to use Auth code grant flow for security reasons.

Scopes

By default, when you get the auth token, your app has the following scopes:

User APIs: read only (your app cannot modify the user profile data)

Meeting/Webinar APIs: read and write (your app can get meeting info as well as create meeting/webinars)

Recording APIs: read and write (your app can call any of the recording APIs - it's mostly a read)

API Support for OAuth

The following APIs are currently supported with oAuth token (which you need to include in the Authorization header as described in our spec). Other than the API end point name ('/me') and the fact that you need to now provide the oAuth token (instead of the jwt) in the Authorization header, the API contracts are what has been provided in our v2 documentation.

User APIs

Meeting APIs

Webinar APIs

Cloud Recording

As always, we look for your feedback and don't hesitate to reach out to our developer advocates through community forums if you have questions.

Thiya Ramalingam
Thiya heads the platforms, integrations, product partnerships and private cloud engineering @ Zoom. Thiya is a published author, speaker and has several issued patents in the collaboration space.