Documentation for OAuth Scopes


#1

Hi folks, I cannot find any documentation for the OAuth scopes that you support. Specifically, I am looking for

  • an explanation of what scopes like meeting:write user:read recording:write webinar:write do
  • discussion of whether it is possible to request different scopes other than all of the above (either a subset thereof, or others not listed)
  • explanation of whether these scopes permit the authenticated user to manage their data alone, or that of their whole company (i.e. other users at their domain who are also using Zoom)

This documentation might look like this (but for your API).


#2

On each API we list the scopes in the description section. Does this solve your requirement or do you need a more high-level?


#3

Thanks for your reply Tim. When you write

On each API we list the scopes in the description section

where can I find this?

For example, if I visit https://zoom.github.io/api/#create-a-meeting, I assume that that API requires the meeting:write scope but I don’t find that discussed anywhere on the page.


#4

Hi @jeff,

We have a new API reference page, please refer here - https://marketplace.zoom.us/docs/api-reference/zoom-api/meetings/meetingcreate


#5

@Michael_Purnell, thanks for your reply. I see that that page states that POST /users/{userId}/meetings requires the user:write:admin user:write scopes. However that still does not help me answer my questions:

  • what do those scopes do (what resources do they allow access to)? I wish to know this for all scopes because you have multiple; in particular our tokens have the scopes meeting:write user:read recording:write webinar:write.
  • is it possible to request different scopes to use POST /users/{userId}/meetings? I suspect the answer is yes, because our access tokens do not have the scopes given here—rather they have the scopes meeting:write user:read recording:write webinar:write—and we are still able to use that API.
  • do any of the scopes above permit the authenticated user to manage their data alone, or that of their whole company (i.e. other users at their domain who are also using Zoom)
  • if any of the scopes above permit the authenticated user to manage the whole company’s data, are there equivalent scopes (for purposes of using POST /users/{userId}/meetings and PATCH /meetings/{meetingId}) that only allow the user to manage their individual data?

I would be much obliged if you would answer those questions directly, without reference to further documentation pages, unless those pages definitely have answers to those questions. Thanks.


#6

Hey Jeff,

I have been out on vacation sorry for the late response.

So, our scopes have two “types” there are user level scopes and account level scopes. User-level scopes are the ones you are mentioning above. Account level scopes however will have :admin appended to the scope. These are the scopes that allow data manipulation for other accounts. So, in your case these scopes will only be able to manipulate the data associated with the account.

The rest of the scope “forumla” is pretty straight forward. webinar:write for isntance could create webinars and webinar:read can read webinar info from the account.


#7

@tim.slagle, that answers all my questions. Thanks!