Domain validation with multiple managed clients

We are adding Zoom integration to our semi-SaaS app. We have multiple clients, each with their own deployment, including a unique domain. These domains start as something generic, like, but eventually get switched to a vanity domain like

Which brings me to the two problems we have. For examples I will assume our company is “company” and the client is “school”. We already know we need one app per client.

  1. If I configure the app and all domains as, and validate the domain, and then the client later changes to the vanity domain, and we update OAuth redirect URLs, will we need to re-validate the domain?

  2. Our help centre, privacy policy, and terms of use are all hosted on a single domain that our company owns (e.g., which is different to the domain of all our clients. Is the only solution to this to set up redirects?

Can you also tell me how long domain validation by email takes, and what constitutes as proof of ownership? Given our situation and our development/deployment workflow, putting a unique file at the root of each domain is not practical (especially if we need to re-validate for vanity domains).

Hey @huon,

I suggest handling the redirects on your end instead of adding all the redirect URLs into Zoom.

Only use your company domains for OAuth, and then use the state query param to know which of the clients is installing the app, and once they land on your company redirect url, read the state query param in the url and redirect back to the client site.

I think my post above might answer your question. :slight_smile:

We can simply validate the domain via a dns txt file. Please reach out to for instructions.


Thanks Tommy, it’s good to know we can use DNS TXT records for validation, that will make it much easier. Will reach out soon. I assume “” is meant to be an email address?

Regarding the domains and revalidation - we cannot have a single app for multiple clients, because the redirect URI needs to go to the client’s API server. We need one app per client.
So when we first set up a client it would be everywhere. Then they want to switch to vanity domain, and the domain (nothing else) changes to We would switch all the URLs in the app to use the new domain, and nothing else would change.
My question now is: will we have to re-validate the domain, and assuming yes, if we already had a DNS TXT record in place, can we use the same TXT record to validate the vanity domain?

EDIT: another important question - the validation code (e.g. in the HTML file) - does that ever change? If we have 10 apps, can we use the same code to validate all domains?

As a point of comparison, we have the exact same setup for Microsoft / Azure OAuth integration, however they do not need domain validation.

Hey @huon,

Yes, apologies: :slight_smile:

Okay, you will have to have multiple OAuth apps then. You can confirm this with during the app review process.

Yes, it is unique to each OAuth app.


This is confusing, and the “yes” contradicts the rest of your sentence.
What I have noticed so far is that the validation code stays the same, even across apps.

But what I really want to know, and I didn’t get an answer to, is if we have an app that has been fully published, and then want to change the domain of all URLs - what happens? Do we have to get a re-review? Validate the new domains? Note that nothing is changing except the domain.

Hey @huon,

They are in fact different for each domain name that you are validating in your apps.

Are you seeing the same code across OAuth apps that have the same domain names?

You will need to submit an update request for our App Marketplace team to review.

Yes, you will have to validate the new domains.