How to support multiple domains for OAuth redirect URLs in Production?

App Marketplace
1

API Endpoint(s) and/or Zoom API Event(s)
OAuth 2.0 Authorization Flow
https://zoom.us/oauth/authorize

Description
We are integrating Zoom OAuth into a multi-tenant platform that runs on different domains (e.g., example1.com, example2.com, etc.).

During development, we successfully added multiple redirect URIs in the “OAuth Allow List URLs” and tested across various domains:

bash

CopyEdit

https://example1.com/
https://example1.com/restricted/v2/zoom-test.html
https://example2.com/
https://example2.com/oauth/callback

However, when preparing for Production, the OAuth configuration UI allows us to input only one redirect URI, which is restrictive for our use case. We also noticed that enabling Strict Mode and Subdomain Check enforces exact matches, making this limitation more challenging.

We do not want to use an intermediate redirect handler due to internal policy and infrastructure constraints.

Error?
No specific error yet — looking for best practice guidance before going live.
We are concerned we may hit redirect_uri_mismatch errors once we go live across domains.

How To Reproduce

  1. Go to Zoom App Marketplace > Manage > [Your OAuth App] > Production
  2. Try to add more than one OAuth Redirect URL
  3. You can only specify a single URL
  4. Enable “Strict Mode” and “Subdomain Check” to observe strict enforcement

:red_question_mark:Question

How can we support multiple domains or redirect URLs in Production without using an intermediate redirect page?

  • Is it possible to register multiple production redirect URLs (just like in Development)?
  • Is there a workaround recommended by Zoom for multi-tenant or multi-domain systems that must avoid central redirect logic?
2 Likes
2

Hello, first of all, I want to thank you for maximizing your application and using all of our available resources to potentially resolve a system limitation.

Unfortunately, we do not currently have a solution for this, but we are working on a resolution before the end of the year. I will make sure you’re notified when that is available

2 Likes
4

Thank you very much for your prompt response, Kwaku!

I really appreciate the transparency and the ongoing effort your team is making to resolve this limitation.

In the meantime, is there any recommended workaround or best practice for supporting multiple production domains without relying on an intermediate redirect handler?

For context:
We are currently deploying our Zoom OAuth integration on three different domains (e.g., example1.com, example2.com, and example3.com) for distinct tenants. Each of them needs its own redirect URI due to separate authentication flows and infrastructure requirements.

If there’s any Zoom-recommended strategy to handle this kind of multi-domain use case—within the current production OAuth limits—I’d be very grateful to hear about it.

Thanks again for your support!