Do I need to POST to the Data Compliance API when I make a Revoking request?

Marketplace Apps
#1

Description
Hi,
Our application provides users with the ability to de-authenticate.
Currently, it is implemented in the following flow.

  1. the user presses the deactivation button.
  2. use the user’s access token to send a revoke request to ‘https://zoom.us/oauth/revoke’.
  3. then delete the user’s data that we hold

So, I have two questions.

After deleting the user’s data, is it necessary to notify the ‘Data Compliance API’ that the user’s data has been deleted?
When I send a revoke request, will the ‘deauthorization endpoint URL’ receive a notification?

I’m sorry if there are any expressions that don’t come across.

Thanks,

Which App?
OAuth App on Zoom Market Place

#2

Hey @ectech_zoomdemo,

You do not need to delete user data after you revoke their access token. The purpose of revoking the access token is for security breaches where you believe the token was exposed. Revoking the token also does not uninstall the app.

If you would like your users to uninstall the app rather then have their tokens revoked, you can direct them to uninstall the app here: https://marketplace.zoom.us/user/installed

Thanks,
Tommy

#3

Hi Tommy,
Thank you for answering!

That cleared up a lot of questions for me!

I just want to check one thing.

I tried the revoke request on a test account.
Then, our app was uninstalled from the marketplace (it was missing from the marketplace’s installed apps). (They were missing from the marketplace installed apps.)

Is this a special behavior before the app was released to the public?

Thanks,
Tasuku

#4

Hey @ectech_zoomdemo,

You are welcome! :slight_smile:

Apologies for the confusion, when calling the revoke endpoint, it actually does uninstall the app, and send the deauth webhook, after which you need to make the Data Compliance request.

So the answer is yes, you need to POST to the Data Compliance endpoint when revoking an access token.

We will update our docs to mention this. (DEVELOPERS-810)

Thanks,
Tommy

Zoom API : How to revoke App Access when user wants to disconnect your app and Zoom app
#5

Hi Tommy,

Thank you so much!

All of my questions have been answered!

Thanks,
Tasuku

1 Like
#6

You are so welcome! :slight_smile:

Let us know if you need anything else!

Thanks,
Tommy