Meeting SDK cross-account join policy

Under a new policy all Meeting SDK apps are required to go through app review to access meetings outside of the developer account used to create it. Your app can choose to be on the app marketplace for discovery and distribution. If this is not required, then you can choose to have your app be unlisted.

If you were contacted via email about your Meeting SDK app, this is the place to ask your questions. Let’s keep thread on topic. Any questions that you have, whether they be technical or policy-based can be posted here.

3 Likes

I checked the review process and checklist mentioned in this URL, but I have some questions regarding our own app. Could you please provide answers?

Description of our app:

  • We have created a User Managed App in February 2022, and the type is Meeting SDK. We plan to submit this app for review.
  • We are developing an Android app to be installed on “THINKLET” devices. Please note that it is a different product from Fairy Devices’ “LINKLET.”
  • Meetings will be hosted by external accounts, and the devices with the installed app will participate as guests. We will not participate in meetings that require authentication.
  • We are developing this app for use only in Japan. All documentation and communication with customers are conducted in Japanese.

SDK Version

v5.16.10

About THINKLET device

The OS of THINKLET device is a proprietary OS based on AOSP (Android Open Source Project).
This device does not have a display, and users cannot view or interact with the UI.
Any settings that require user interaction are performed by our company using adb commands or screen mirroring tools during commercial shipment.
For more Details about THINKLET Device, please check it.

If you have any further questions or uncertainties regarding the device, please feel free to ask in this thread.

Questions

  1. Among the items in the checklist that require explanations or documentation, which ones need to be submitted in English? Are there any that can be in Japanese?
    It was mentioned that the app description must be in English to avoid review comments, but there is no clarification for other items.

    • 1-a. Especially, can the Terms of use and Privacy Policy be submitted in Japanese?
  2. Can apps of types other than General App also undergo the review process?

    • 2-a. If a new General App needs to be created, is there a designated transition period from the old app to the new app?
  3. Regarding checklist items 7 and 13, our app does not distribute online and we install it on devices ourselves using adb commands. Do we still need to provide documentation on how to add the app or a landing page?

  4. We plan to set up a development server to comply with checklist item 8. Are there any specific requirements for this?

  5. Regarding checklist item 8, what should be done upon receiving a notification for authentication revocation?

    • (e.g., returning a 200 OK response, notifying the administrator, etc.)
  6. Regarding checklist item 9, we have separately created a Webhook in February 2022, and the Meeting SDK app is designed not to directly integrate with the Webhook. In this case, is it necessary to configure Event Subscriptions?

  7. Regarding checklist items 11 and 12, Do we need to provide OAuth URL settings and flows even if we haven’t created an OAuth App?
    Our app only allows guest participation, and we do not require authentication for joining meeting. While we have implemented JWT generation and usage similar to the link provided, we do not utilize OAuth flows or ZAK tokens.

  8. Regarding the UI legal notices requirement for the Meeting SDK app, how should we handle devices without displays?
    Since the devices do not have displays, users cannot view the UI or access the meeting chat. Therefore, we cannot display various notices to the users and have implemented automatic consent if prompted. For commercial use, we explain the data usage to customers and obtain their consent.

Hi Shariq,

I work at a university doing research. We worked with the University to have them make us what they call a Zoom sub account. Its essentially part of the same organization but the accounts to sign in are different. They didn’t want us on the SDK of the main account.

Our app uses the SDK from the sub account but meetings we created in the university’s main account. Are we still subject to needing to go through this review process based on this information?

Thanks
Jon

@shariq.torres
Could you please confirm if you have reviewed this post?
It would be greatly appreciated if we could receive a response as soon as possible, as it also affects the schedule for the review process.

@shariq.torres, Hi Shariq

Some questions to avoid misunderstanding and any downtime. Our app has been already published to the Marketplace under the new Unified Build Flow. The app includes the Meeting SDK under the Embed functionality.

Does the change of the Meeting SDK Policy in any way affect already published Apps under the Unified Build Flow?

Hi @shariq.torres and @michael.zoom . Is it possible to setup a call to discuss the app review process and ask a few questions? I attended the office hours but would like a more private conversation.

Thanks
Jon

hi @shariq.torres

I received the email with subject “Action Required: Zoom Meeting SDK Policy” earlier this month, but I’m not sure if we need to take action or not. Maybe you can help me understand?

I maintain a private Meeting SDK app. We have no intention to publish to the marketplace.

Do we still need to go through the review process? Or does this policy change not affect us?

Thank you

Hi @shariq.torres! We use Meeting SDK for our iOS app. In Zoom’s documentation I see mentioning of OAuth token. IS it required to use OAuth token for publishing? We still generate JWT token using Client ID and Client Secret. Is it ok?

1 Like

Hello Shariq

I also received the email about the new policy, but I’m in doubt about the content.
As many here in the forum, I have also produced a private macOS app for private use only, which is not available to the public. This app has not all the issues the submission form requires simply because it does not use that functionality. It has not a redirect URL nor uses any form of authentication, just to mention an example.

My app only joins a meeting using the ID and password the user types in and when connected shows the spotlight on a second screen. That’s it. The app uses a JWT token in order to use the service and that’s all.

I’m pretty confused because I understand I have to submit the app anyway even though I cannot answer to all the questions and requirements the submission wants.

I have reviewed the post and am talking to other team members to get some answers as your product is an edge case. I will get back to you promptly

Yes, the cross join policy still applies to the sub account. You would have to go through the review process if you wanted the app to join meetings on the main account.

George,

If you want your Meeting SDK app to join meetings outside of the account that created it, then you will have to go through the review process. Going through the review process does not mean that you app will be published on the marketplace though. You can always opt for an unlisted app.

1 Like

Aung,

If your app wants to join meetings outside of the account that created it, then you will have to go through the app submission process to continue to take those meetings.

@shariq.torres , so it means if our Meeting SDK has already been reviewed and published on Marketplace as part of the Unified Workflow, then it would not require another review anymore, right?

Hello @BZone

If your app does not have an end-user authorization flow, that’s okay. You’ll notice that the ‘zak’ scope is automatically added, which you can clarify in the scope description field as not being used.

You can use your documentation URL for the OAuth Redirect and Direct Landing URL fields during submission.

Since your app does not include the OAuth flow, you can describe in your documentation how end-users can utilize your app’s features related to Zoom meetings.

Regards,
Yoon

Hello @giuggio

If your app does not have an end-user authorization flow, that’s okay. You’ll notice that the ‘zak’ scope is automatically added, which you can clarify in the scope description field as not being used.

You can use your documentation URL for the OAuth Redirect and Direct Landing URL fields during submission.

Since your app does not include the OAuth flow, you can describe in your documentation how end-users can utilize your app’s features related to Zoom meetings.

Please note that you do not need to publish your app to the marketplace by choosing to ‘unlist’ your app: Publish your apps

However, your app will still need to go through the review process if you are using the app to join meetings created outside of your developer account.

Regards,
Yoon

1 Like

Hello @yoon.conner

Thanks for your reply. But again, the approval form requires data and information that I don’t have at all. Without that data I cannot submit the form. It requires a web server with a domain verification. Moreover, my application is - as said - a stand-alone macOS application and it’s not downloadable anywhere.

Best regards,
Angelo