Deauthorization event has empty body

App Deauthorization Event Notification is sent with empty body

Response body object is simply empty:
body: {},

Which App Type (OAuth / Chatbot / JWT / Webhook)?
Authorization done using OAuth(not published yet), and revoking access from App Marketplace

How To Reproduce (If applicable)
Steps to reproduce the behavior:

  1. Authorize app using OAuth
  2. Revoke access from “Installed apps”: App Marketplace

Hi @jokuja,

Can you confirm that you’re testing with your Production/Publishable URL when installing and then uninstalling your app?


I am testing installation using publishable URL, but there is no publishable URL for deauthorization, therefor I am doing it from my Zoom profile → installed apps, where the app appears:

If there is any other way how to trigger “deauthorization” event please let me know.

I also tried “Test the App Locally” but this doesnt trigger any events towards my API (at least not when using ngrok)

Hi @jokuja,

You can also revoke an access_token / deauthorize an app using this flow:

Have you tried this?


Thanks for this, but I want to test a scenario when users will revoke access from Zoom dashboard before having Zoom app in production.
Revoking using API is not a problem.

Hi @jokuja,

It should still be possible to test this by uninstalling the production instance of the app from the user’s dashboard in the marketplace. If you’re still seeing the empty deauthorization event, can you share an example with us by opening up a request here?

Please include the authorization URL that was used, the test user, and the timestamp of the event with the empty payload.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.