Group-Read API Access

We’re in the process of scoping a reporting tool that would act as Unified Presence Indication for a specific department within our company, and would like to incorporate the user.presence_status_updated Webhook from both the Zoom Meetings API and the Zoom Contact Center API.

While scoping this project with our IT team, we’ve run into some issues regarding granularity in authorization for the reporting tool. We’re trying to understand if there’s a combination of API scopes and general user-role permissions that could land the reporting tool with something like a group-level, read-only. Basically we need the tool-user to have the following authorization level:

  • Can receive user.presence_status_updated for all users in a specific group.
  • Does not have edit access to any user.
  • Does not have any access to users not in the specified group.

The webhook itself only requires a user:read scope, but I’m struggling to find a way to apply this across an entire group, and only for that specific group, without giving any write access AND without having to manually provide access to new users (the access should be automatically inherited when they’re assigned to the group).

Is this level of access granularity currently available?

Hi @atac_bi
Thanks for reaching out to the Zoom Developer Forum and welcome to our community! I am happy to help here!

If you are relying your integration only on the different Webhooks that we provide, you can go ahead and create a Webhook-Only app:

With this type of app, you will only be receiving information about specific events and this app won’t allow you to modify data of any kind.

It is important to note that this app type will apply to all the account, what I mean by this is that if you want to receive events for a certain group, there is no way to filter the events you are receiving and you will be receiving events for every user in your account.

I hope this helps but let me know if you have further questions.
Best,
Elisa