Description
Hello, we are currently developing a Zoom App that allows customers to see their past Video Meetings in our Productivity App, but we hit a snag within our implementation in regards of the App Type as none delivers all features we need.
Since there is no endpoint to fetch past (instant) video calls for a user we have to use webhooks to generate such list ourselves (participant joined/left).
If a customer of ours connects to zoom we want these webhooks to be active for all users within the zoom account.
Our testing shows that that seems only be possible with an Account-level OAuth App since Webhook-only Apps are only for our own account.
We need it for all users within the account so we can receive webhooks no matter who initiates the (instant) video call (as long as they are part of the account). Test have shown that user-managed will only trigger webhooks for users who have authorized our app, but we cannot force all users to do this.
But the documentation states “The meeting host must be a user in your account” but that seems to not be fully true with user-managed OAuth apps.
It might also be important, that we do not need to call any API endpoint in the webhook endpoints, all we do is save the meeting and user id as well as start and endtime, we do not need any more data.
But we also want that a user of that customers zoom account can connect to zoom from within our app and we then pull data from this users /me endpoints such as the phone call history. For that we need a User-Managed OAuth App.
If our App is Account-level a user cannot authenticate themselves and trigger calls to the /me endpoint, but we would need account-level for the webhooks.
This would mean we need 2 Apps. This would lead to two Marketplace entries. Since in our App the Zoom integration would only be one App this will confuse our customers, and we only want one entry in you Marketplace.
We are unsure if we can achieve our needs with one App or if we can have one listing only with the two App approach, but basically this is what we think we need:
There is one listing the Marketplace which would lead to our website for the Zoom Connection. An Admin can activate this for their account This will enable the webhooks for all users in the zoom account (account-level OAuth).
At this point our App would also allow the users to connect to Zoom via the User-Managed OAuth App and once that has happened our App can connect the information gathered via both Apps.
So the question is: have we missed something and is it possible to only have one of the two published Apps be listed in the Marketplace.
Would the above solution in general be “allowed” (even with two listings)
I have seen Topics where apps were rejected because they hat both account-level and user-managed (Account-Level OAuth App to Authenticate Non-Admin Users).
And I have red that one should choose between one of these two, and not have both. So how can we have such flow with only one OAuth App where users authenticate themselves and were webhooks should always trigger for all users (of an account) ?
Issues
- Webhooks for all users within an account are Account-level OAuth
- /me endpoints and user authentication are User-Managed OAuth
- we only want one listing in the Marketplace.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth, but that is part of the question, I guess