Hello,
Our client has requested that we integrate their chatbot with Zoom.
To achieve this, we initially created a General App in the Zoom Marketplace for testing purposes. This application has the following configuration:
-
Type: General App
-
Basic Information:
-
Selected: User-managed
-
Configured the OAuth Redirect URL
-
-
Access:
- Configured 4 events and a Webhook URL
-
Surface:
-
Set the app usage as Team Chat
-
Enabled Team Chat Subscription and configured the Bot Endpoint URL
-
-
Scopes:
-
Chat
- imchat:userapp
-
Message
-
message:write:content
-
message:read:content
-
-
Team Chat
-
team_chat:update:user_message
-
team_chat:delete:user_message
-
team_chat:update:message_status
-
team_chat:update:message_emoji
-
team_chat:write:files
-
team_chat:write:message_files
-
team_chat:read:list_scheduled_messages
-
team_chat:update:bookmark
-
team_chat:write:reminder
-
team_chat:delete:scheduled_message
-
team_chat:delete:reminder
-
team_chat:read:list_user_channels
-
team_chat:read:contact
-
team_chat:read:thread_message
-
team_chat:read:list_user_sessions
-
team_chat:read:list_user_messages
-
team_chat:read:user_message
-
-
User
-
user:read:user
-
user:read:presence_status
-
-
Once this setup was completed, we added the app for local testing.
In parallel, we created a small Node.js application to test the integration.
This app uses the CLIENT_ID, CLIENT_SECRET, and WEBHOOK_SECRET_TOKEN from our Zoom app, and calls the endpoint:
https://zoom.us/oauth/token
with Basic Authentication and grant_type=client_credentials
.
In the response payload, along with the access token, we receive the following scopes:
marketplace:delete:event_subscription
marketplace:read:list_event_subscriptions
marketplace:update:client_secret
marketplace:update:event_subscription
marketplace:write:event_subscription
marketplace:write:websocket_connection
imchat:userapp
At first glance, everything seems to work:
-
The user installs the application.
-
The user can chat with our chatbot through the integration.
-
Our application receives the
bot_notification
event via webhook and responds correctly.
The problem:
We need to retrieve additional user information. We are trying to call:
GET https://api.zoom.us/v2/users/{userId}
using the token generated earlier. However, the API returns the following error:
{
"code": 124,
"message": "This API does not support client credentials for authorization."
}
Although our app has the scope user:read:user
, this scope does not appear in the token response.
My questions:
-
Why are we unable to access user data with the current setup?
-
Is this a permissions issue with the app owner?
-
Do we need to create a different type of application to perform these user data queries? If so, which type of app should we create, and what is the correct approach?
-
Or am I missing something in the way I am performing the request?
In summary: Could someone clarify what I am missing or doing wrong?
Thank you in advance.