How can I use mutable subdomain for Deauthorization Notification Webhook URL?

tuancode · April 20, 2020, 1:38pm

Description
Hi team,

Our product is an SaaS, hence, there are thousand of clients using the software distinguishing by subdomain. E.g. https://client1.product.com, https://client2.product.com.

I’m trying to integrate Zoom to provide our clients as a video conference tool in our system. However, it seems I can provide only 1 URL for Deauthorization Notification. This leads to a limit on my implementation for multiple clients based on 1 Zoom Oauth App.

Do you have any suggestion for this case?

Which App Type ?
OAuth & Webhook

Thanks!

michael.zoom · April 21, 2020, 12:00am

Hi @tuancode, reference our OAuth docs section on Using Multiple Environments:

To support multiple subdomain environments for your users, add any as the subdomain of your Redirect URL (development & production).

Example: https://any.yourapp.com.

In your install link, dynamically set the respective subdomain on the redirect_uri param:

For https://sub1.yourapp.com:

https://zoom.us/oauth/authorize?response_type=code&client_id=7lstjK9NTyett_oeXtFiEQ&redirect_uri=https://sub1.yourapp.com

For https://sub2.yourapp.com:

https://zoom.us/oauth/authorize?response_type=code&client_id=7lstjK9NTyett_oeXtFiEQ&redirect_uri=https://sub2.yourapp.com

For deauthorization, I do not believe we support the same use of multiple environments, but I will confirm this. Each deauthorization event includes a userID; I would handle each userID and direct them to the appropriate environment/database.

Let us know if this helps; I’ll confirm further.

tuancode · April 21, 2020, 12:52am

Hi @michael.zoom,

Thank you. I think it’s quite impossible because of the event. It is impossible to Zoom can know which user belong to which subdomain. Therefore, the only solution I realise is that I have to implement a Centric API to redirect to corresponding Deauthorization Notification Subdomain URL.

tommy · April 21, 2020, 9:47am

Hey @tuancode,

As a workaround, you can have one deauth endpoint, that reads the body and then determines which subdomain the respective user_id or account_id is in, then make a request to the respective sub domain to complete the data compliance flow.

Thanks.
Tommy

kay.gibbs · March 15, 2021, 2:05pm

Is there any update on this?
It looks like there is a workaround, but is there the possibility of not limiting the deauth endpoint in the near future?

tommy · March 16, 2021, 5:57pm

Hey @kay.gibbs ,

We are considering adding this in the future. Can you please share this and your use case here: #feature-requests

Thanks,
Tommy

Topic		Replies	Views
Deauth API for subdomain with different databases API and Webhooks	2	468	March 6, 2021
Event notifications and subdomains API and Webhooks	2	810	December 21, 2020
OAuth and webhooks in multiple environments App Marketplace	12	798	September 11, 2023
Using Multiple Environments for the same user API and Webhooks	2	618	October 29, 2020
Questions about published app install link of user managed Oauth app API and Webhooks faq	7	372	May 2, 2021

How can I use mutable subdomain for Deauthorization Notification Webhook URL?

Related Topics