Disabled Scopes - User Managed App

API and Webhooks
,
1

We’re building a user managed marketplace app

Our application serves as an Applicant Tracking System (ATS), offering the functionality to schedule and conduct virtual interviews seamlessly. Through our platform, users can create events and conduct them virtually using a dedicated screen, which integrates with the React Zoom Meeting SDK and component view. When a user schedules a virtual meeting (e.g., Zoom) within our platform, we automatically link this event to a corresponding Zoom meeting. Any modifications made to these events (such as creation, updates, or cancellations) are promptly reflected in the associated Zoom meeting. Moreover, our system supports webhooks, enabling automatic cancellation of associated events in case a user cancels the Zoom meeting through any of Zoom’s platforms.

The APIs that we use are:

  1. Scheduling meetings: https://api.zoom.us/v2/users/me/meetings
  2. Cancelling and rescheduling meetings: https://api.zoom.us/v2/meetings/#{meeting_id}
  3. Instant meetings: https://api.zoom.us/v2/users/me/meetings
  4. Access and refresh token generation: https://zoom.us/oauth/token
  5. To get user profile: https://api.zoom.us/v2/users/me

The hooks that we subscribe to are:

  • To cancel associated events:
  1. meeting.deleted
  • To disconnect the integration for our users from our side:
  1. user.deleted
  2. user.deactivated
  3. app_deauthorized
  • To show the recording link for meetings recorded on the cloud after they get sent to us:
  1. recording.completed

Our account type (role): Developer

The scopes that we currently use are:

  1. meeting:write:meeting
  2. meeting:update:status (not sure if needed)
  3. meeting:update:meeting
  4. meeting:delete:meeting
  5. user:read:token
  6. User:read:zak
  7. zoomapp:inmeeting
  8. cloud_recording:read:list_user_recordings (not sure if this is the right one for the webhook)
  9. user:read:user
  10. zoomapp:inmeeting

The problems that we’re facing now with the new account are:

  1. Meeting:read:meeting scope can be found, but it’s disabled, and we can’t start a meeting without it.
  2. How can we till if a certain scope requires admin access, though we have checked using our admin account and faced the same blocked scope issue
  3. How can we determine what scopes are needed by the webhooks and APIs we’re using?
  4. How can we till if all the scopes needed are rolled out or still under development?

** Questions **

  1. Regarding the Deauthorization Notification and the rest of the hooks, we have a separate server and subdomain for our Saudi server. That is, our app serves under app.zenats.com worldwide, while it serves under sa.app.zenats.com in Saudi Arabia. Do we need to create 2 Zoom marketplace apps?
  2. Is it possible to conduct a meeting to show you what we currently have and our technical documentation so that you can guide us on how to proceed?
3

In the role settings on the UI portal, make sure it’s turned on for the type of access you need:

image
image1926×630 56.1 KB

This leads me to believe that the account owner has to edit the role for admin as well for permissions for meeting read rights.

Click on each endpoint in the documentation and see the scopes right above “rate limit”. For example: Zoom Meeting API

Check this page for available granular scopes: Integrations - Granular scopes

It’s being updated regularly.

These questions are best for App Marketplace as they review the apps. I believe we recently changed the rules on supporting multiple environments. They can provide a more in-depth responce :slight_smile: