As an Admin, I’m responsible for managing various resources for our users (clinicians who are Zoom Type 1 - basic users). The resources we need to perform CRUD operations on include:
Users
Groups
Memberships (relationships between users and groups)
Meetings
Availability
Challenges & Questions
APIs Without userId Parameter:
Observation: Some APIs, like POST /users/:userId, allow specifying the user directly using the :userId parameter, and they work as expected.
Issue: Other APIs, such as POST /scheduler/availability/:availabilityId, do not have a userId attribute or parameter to specify the user context.
Question: How can we manage user-specific resources using these APIs that lack a direct userId parameter?
Using User Tokens:
Attempted Solution: I considered invoking the API using the user’s token directly. I obtained this token via the Zoom User Token API.
Problem Encountered: When using the retrieved token as a Bearer token in the API call, I received an “Invalid Token” error.
Specific Question: How does the token returned by the Zoom User Token API function? Is there a specific method or context in which this token should be used to authenticate API requests successfully?
Request for Assistance
I’m seeking guidance on:
Properly managing resources for users via Zoom APIs that don’t explicitly accept a userId.
Understanding the correct usage of tokens obtained from the Zoom User Token API to authenticate and authorize API requests.
I see how the usage of userID in the Users & Meetings APIs doesn’t match the pattern in the Scheduler APIs. This may take some adjustment to track the assignment of availabilityID to the user it was returned for.
My suggestion is to use the user_id query parameter in a GET request to /scheduler/availability (reference). This will return a list of the user’s available schedules.
{
"next_page_token": "Cj8KLwotCgsI3ujvqgYQgIXUGxIeChwKGjBzNzAyZWVtbjBzOTdlZXFhNXE1NWg4ZWJtGgwIzIPVrAYQwM3WrAPAPgE=",
"items": [
{
"availability_id": "x3h1u4id4liffdyszsp8kpxl80", // can be used in /scheduler/availability/{availabilityId}
"default": true,
"name": "Working hours",
"owner": "easonfsxsysks3lgchitiw@scheudler.zoom.us",
"segments_recurrence": {} // [...]
}
}
If you would like to then query a specific availabilityID, you may need to associate availabilityIDs with the userID (or email) returned in the list request.
This token is used by the Meeting SDK to authenticate a user into a meeting. The Meeting SDK allows applications to embed Meetings, but might not be what you are looking for here.
My suggestion is to use server-to-server OAuth as the admin of the account to get an access token that can make requests across all users on the account.
Thanks @michael.zoom for the response. We are currently using server to server oAuth.
Is there a way to create or update availability for user as admin? The docs assume that it’s updating availability to whoever the call is. Can you specify which API we need to hit?
