Account-level OAuth and/or User-Managed. Neither does all we need

Description
Hello, we are currently developing a Zoom App that allows customers to see their past Video Meetings in our Productivity App, but we hit a snag within our implementation in regards of the App Type as none delivers all features we need.

Since there is no endpoint to fetch past (instant) video calls for a user we have to use webhooks to generate such list ourselves (participant joined/left).

If a customer of ours connects to zoom we want these webhooks to be active for all users within the zoom account.
Our testing shows that that seems only be possible with an Account-level OAuth App since Webhook-only Apps are only for our own account.
We need it for all users within the account so we can receive webhooks no matter who initiates the (instant) video call (as long as they are part of the account). Test have shown that user-managed will only trigger webhooks for users who have authorized our app, but we cannot force all users to do this.
But the documentation states “The meeting host must be a user in your account” but that seems to not be fully true with user-managed OAuth apps.
It might also be important, that we do not need to call any API endpoint in the webhook endpoints, all we do is save the meeting and user id as well as start and endtime, we do not need any more data.

But we also want that a user of that customers zoom account can connect to zoom from within our app and we then pull data from this users /me endpoints such as the phone call history. For that we need a User-Managed OAuth App.
If our App is Account-level a user cannot authenticate themselves and trigger calls to the /me endpoint, but we would need account-level for the webhooks.

This would mean we need 2 Apps. This would lead to two Marketplace entries. Since in our App the Zoom integration would only be one App this will confuse our customers, and we only want one entry in you Marketplace.

We are unsure if we can achieve our needs with one App or if we can have one listing only with the two App approach, but basically this is what we think we need:

There is one listing the Marketplace which would lead to our website for the Zoom Connection. An Admin can activate this for their account This will enable the webhooks for all users in the zoom account (account-level OAuth).
At this point our App would also allow the users to connect to Zoom via the User-Managed OAuth App and once that has happened our App can connect the information gathered via both Apps.

So the question is: have we missed something and is it possible to only have one of the two published Apps be listed in the Marketplace.
Would the above solution in general be “allowed” (even with two listings)

I have seen Topics where apps were rejected because they hat both account-level and user-managed (Account-Level OAuth App to Authenticate Non-Admin Users).
And I have red that one should choose between one of these two, and not have both. So how can we have such flow with only one OAuth App where users authenticate themselves and were webhooks should always trigger for all users (of an account) ?

Issues

• Webhooks for all users within an account are Account-level OAuth
• /me endpoints and user authentication are User-Managed OAuth
• we only want one listing in the Marketplace.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth, but that is part of the question, I guess

Hey @bastian.brodbeck,

Thanks for sharing your use case in such detail (and so clearly ) — I can definitely appreciate where you’re coming from here, and you raise a great set of questions.

To be completely transparent upfront, I don’t know that we have the exact solution you’re looking for at the moment: the ability to have just 1 published Zoom Marketplace app, with the ability to leverage an account-level scope for your webhooks and a user-level scope for pulling user level data.

At the moment, our Marketplace only supports published apps, meaning that any app that you create and wish to use outside of your own account will need to be published publicly. And since our two OAuth app types are split by the two scopes you need, this means you would need to create 1 app for each of the two purposes outlined above. Ultimately, in order to accomplish this with our current setup, you will need to create and publish one Account Level OAuth app and one User Level OAuth app, and users will need to authorize both.

Having said this, it is on our roadmap to add greater flexibility to our app types to accommodate use cases like yours. You’re also welcome to submit this as a feature request here as well, in the meantime: #feature-requests

While I realize this isn’t the exact answer you were probably hoping for, I do hope it helps to clarify.

But let me know,
Will

@will.zoom

Hello Will, thank you for your response and good to hear that Zoom has acknowledged such use-cases and considers more flexibility in the future.
I think, in the end I do not mind if we have two Apps, and we can live with them both be published if this is the way to go. But we would need to know if that is allowed, as both Apps will (kinda) act as one.
We have read reports that Apps got rejected because they already had another App published, so we are concerned that we cannot publish an Account-level and User Managed App for our Scenario.

What are the chances of being rejected for this?

Hi @bastian.brodbeck,

I do not believe that this is explicitly not allowed, but rather depends case by case. If you wish to further confirm this, I recommend emailing our Marketplace team directly at marketplace-support@zoom.us.

Thanks,
Will

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.