Confusion about marketplace apps vs regular API integration


#1

I have noticed on the developer page the big warning about “migrating this to the marketplace”. We are currently re-writing some code to move from API v1 to v2, and are not sure how (or when) this is going to effect us. We want to avoid doing another code rewrite in a couple months for a “marketplace app”. If that is the case we would rather just do it now.

 

The problem with the marketplace app is that it is setup for an end-user/client experience, whereas we just want a simple API and Webhook integration from our web server to Zoom. There does not seem to be a way to get a typical server-to-server app authenticated properly. And we surely do not want it submitted to an open marketplace.

 

The reason I ended up in the marketplace is because we would like to enable multiple webhooks. And this post (https://support.zoom.us/hc/en-us/community/posts/360024933872-Only-1-webhook-allowed-) says they are only available for marketplace apps. But the entire marketplace authentication flow (OAuth) is considerably different from the JWT based server-to-server communication.

 

My questions are:

  1. Is the expectation that all current “regular API” integrations be moved to marketplace apps?
  2. If so, how are we supposed to authenticate our server based app? The current OAuth flow does not seem to support this. Is it even possible to setup an app for a whole account? All the OAuth documentation is aimed at handling individual users.
  3. What is the time frame on this change?
  4. Is there any plan to support multiple webhooks for simple API integrations if they are not being completely retired?

 

This whole thing is very confusing and I do not feel like the expectations have been communicated well to developers. The marketplace apps are a great addition to Zoom, but in their current form they do not fill the same role that our simpler server-to-server API integration does. On the other hand, they offer better webhook support which we want to make use of. It is ridiculous to say “oh we offer this in the marketplace now”, but the entire thing is broken for server-to-server use cases.

 

I found this post (https://support.zoom.us/hc/en-us/community/posts/360017928426-OAuth-redirect-and-JWT-support) which suggests there is currently no plan to sunset JWT based auth… is that still accurate?

 

Any clarification on these points would be hugely appreciated.

Thanks


#2

Hi Alex, 

Thanks for writing us about your concerns about marketplace. To answer your questions

  1. We are moving the developing experience under our new marketplace branding, however this does not effect apps/accounts such as yours who are doing server to server integrations with JWT. For existing accounts such as yours you still will be able to access our APIs the same way using JWT and you will not have to publish your app as this is for customers who want their app seen in the marketplace. You will just have to login to marketplace to credentials info instead of developer.zoom.us in the future. 

  2. We will have support for JWT apps as well as OAuth. JWT is not going away as it fits the scenario for server to server integration. 

  3. The timeframe will be a few more months, we’ll send out a formal communication coming soon. 

  4. For existing accounts or account using JWT we will only support one web hook at this time similar to what we have at developer.zoom.us. Only new publishable marketplace apps will have multiple web hooks for development and production. 

I hope this helps out, feel free to ask any other questions. 

Thanks