Chatbots and geo fencing data

clippermadness · August 12, 2019, 10:44pm

Hey Zoom Devs,

We’re creating a chat bot, which we intend to put through the marketplace app approval process and release to the public. However, we need some guidance on how to create a Zoom Chat Bot app that aligns with our product architecture.

We sell to regulated companies like financial institutions. They commonly have requirements that mandate data locality: i.e. all my data has to stay in the US or the UK or the EU. To meet that requirement, we have completely separate data centers that we deploy our customers into, with no shared components or infrastructure.

Accordingly, we’d like to have separate Zoom apps for each geo, so we can register geo specific callback endpoints. We will direct our customers to install the correct app based on their geo.

Our chat bot in Microsoft Teams works like this, so we’ve already successfully established the pattern with other platforms.

Will we need to go through the review, testing and security process for each one?

tommy · August 12, 2019, 11:12pm

Hey @clippermadness, thanks for reaching out, this is an interesting use case!

I will ask our security / app approval team.

Although, I would suggest using the following flow to accomplish this:

Create 1 Chatbot App and on the “Information” page check the “Visit Site to Install” option.

When a user visits your Chatbot App on the Zoom App Marketplace, and clicks “Visit Site to Install”, they will be taken to a page you make that has a dropdown of your regions: US, UK, EU.

Once they choose a region, then install the Chatbot app by navigating the user to your “Publishable URL” (found on the “Submit” page) which starts the Zoom OAuth flow.

On successful OAuth, save the region the user selected, the access_token, refresh_token, accountID, and or userID (found by JWT parsing the access_token) in your database.

When a user calls your Chatbot via the Bot Endpoint Url, use their accountID/userID to lookup their region in your database and then based on the region, make calls to the respective data center.

OR,

You create 1 Chatbot App, check the “Install” from marketplace option on the “Information” page, and after successful install the user will land on your redirect url where you display the dropdown of regions for the user to select. Again, saving the region the user selected, the access_token, refresh_token, accountID, and or userID (found by JWT parsing the access_token) in your database.

When a user calls your Chatbot via the Bot Endpoint Url, use their accountID/userID to lookup their region in your database and then based on the region, make calls to the respective data center.

A good example of this is the Zoom Youtube App. You OAuth with Zoom, then the redirect url takes you to OAuth with Youtube to connect your Youtube account. In your case, instead of connecting your Youtube account, you would redirect to a page that displays the dropdown of regions, saving the region the user selects.

Let me know if this helps!

Thanks,
Tommy

clippermadness · August 12, 2019, 11:57pm

Thanks, Tommy. I understand your recommendations, but building that type of proxy capability is the kind of coupling that I’m trying to avoid.

Will the Zoom callbacks respond to a 302 redirect? Could I redirect them based on an account identifier?

tommy · August 13, 2019, 4:11pm

Hey @clippermadness, okay so I would go with multiple Marketplace Apps then.

Answer from our security / app review team: “Yes they will be reviewed/tested on a per app basis, if everything is on point this should be pretty quick - a couple of days”

Can you give me an example?

Thanks,
Tommy

clippermadness · August 13, 2019, 4:44pm

Re: apps = ok got it. We’ve gone through the process for other apps already, so I’m confident it will be realtively painless.

tommy · August 13, 2019, 5:02pm

Painless indeed

Let us know if you have any other questions!

Thanks,
Tommy

clippermadness · August 13, 2019, 5:42pm

Just to follow up on the redirects topic, which is continuing down the possible path of “one app, route callbacks based on account id”:

When the Zoom infrastructure issues the callback, can my endpoint return a redirect (probably a 307 temporary redirect), and will the Zoom callback infrastructure actually respect the redirect and call the endpoint I redirect to? Or would I have to proxy the call and forward the request myself?

tommy · August 13, 2019, 6:23pm

Hey @clippermadness, thanks for more details.

When you say “callback” are you talking about the Redirect URL (on the App Credentials page),

35%20PM

or the Bot Endpoint URL (on the Features page)?

54%20PM

Thanks,
Tommy

clippermadness · August 13, 2019, 6:50pm

The bot endpoint URL

tommy · August 13, 2019, 7:26pm

Hey @clippermadness,

I just tested by creating a redirect (301) for my Bot Endpoint URL using https://bitly.com/ and it did not work.

^ Yes. To have 1 Zoom Marketplace App you will have to handle with your own code/server.

-Tommy

clippermadness · August 13, 2019, 7:41pm

Thanks Tommy. This is very helpful info and I appreciate the timely responses.

tommy · August 13, 2019, 8:07pm

You are welcome! Happy to help!

Let us know if you have any other questions!

Thanks,
Tommy

Topic		Replies	Views
Locally Testing a Newly Made Chatbot API and Webhooks	7	479	October 21, 2021
Multi environment chatbot API and Webhooks	9	433	October 31, 2020
What are the minimal routes a chatbot app must implement for it to be installable? API and Webhooks	2	268	February 19, 2021
Support for Chatbots in Zoom China tenant? API and Webhooks	4	139	March 29, 2024
Chatbot Integration Question API and Webhooks	2	255	September 26, 2020

Chatbots and geo fencing data

Related Topics