Meeting SDK cross-account join policy

Hello @giuggio

I will DM you regarding the domain validation section.
I understand that the app is a standalone MacOS app. However, if you are using the Meeting SDK to join external meetings, it still needs to go through the review process.
I recommend reviewing our SDK App Review process here: Zoom SDK App Review Process

Regards,
Yoon

Thank you for your patience. The answers you want are in bold. Let me know if you need further clarification.

• Among the items in the checklist that require explanations or documentation, which ones need to be submitted in English? Are there any that can be in Japanese?It was mentioned that the app description must be in English to avoid review comments, but there is no clarification for other items.

You must include a note in bold at the top of your Long Description that the app is only for that region/language. Your Short and Long description information must be in English, or contain an English description directly following any content in the foreign language provided.

• 1-a. Especially, can the Terms of use and Privacy Policy be submitted in Japanese?

If you include the language disclaimer, we can accept resource content (Privacy Policy, Zoom Documentation, and Support Page) in the specified language.

• Can apps of types other than General App also undergo the review process?

Yes, if they were originally created as a legacy app

• 2-a. If a new General App needs to be created, is there a designated transition period from the old app to the new app?

We accept legacy app submissions, but all apps will be asked to convert to General app in the future

• Regarding checklist items 7 and 13, our app does not distribute online and we install it on devices ourselves using adb commands. Do we still need to provide documentation on how to add the app or a landing page?

Landing Page = Yes, the landing page should inform users how to begin the purchase/enablement process, if they need to contact your team to do so, the landing page should specify this.

Documentation Page = Yes, if the user encounters any issues after enablement, this serves as a resource for them. Additionally, users need to be provided instructions on how to deauthorize app access to their Zoom account should they need to

• We plan to set up a development server to comply with checklist item 8. Are there any specific requirements for this?

Deauthorization URL is optional, documentation will be updated to say, “To do so, apps may provide a secure endpoint”

• Regarding checklist item 8, what should be done upon receiving a notification for authentication revocation?

You should delete the specified user’s Zoom data from your systems in accordance with your Privacy Policy and TOU

https://developers.zoom.us/docs/integrations/end-user-auth/#deauthorization

• Regarding checklist item 9, we have separately created a Webhook in February 2022, and the Meeting SDK app is designed not to directly integrate with the Webhook. In this case, is it necessary to configure Event Subscriptions?

It is only necessary if your Meeting SDK app is long-polling our API or making scheduled GET requests every X minutes. If you are not doing this, web hooks are not required, but recommended

• Regarding checklist items 11 and 12, Do we need to provide OAuth URL settings and flows even if we haven’t created an OAuth App?Our app only allows guest participation, and we do not require authentication for joining meeting. While we have implemented JWT generation and usage similar to the link provided, we do not utilize OAuth flows or ZAK tokens.

No you do not, we will update this doc to reflect SDK requirements

• Regarding the UI legal notices requirement for the Meeting SDK app, how should we handle devices without displays?Since the devices do not have displays, users cannot view the UI or access the meeting chat. Therefore, we cannot display various notices to the users and have implemented automatic consent if prompted. For commercial use, we explain the data usage to customers and obtain their consent.

UI legal notices are for other participants who may be joining the meeting from a regular device. If your SDK app is in the call, it needs to notify the other participants via AAN

Aung,

When was your app reviewed and published? If it has not been within the six months, then you should read the Meeting SDK policy and make sure you adhere to it. I don’t know your codebase, but most devs were not doing the things that were needed to be in compliance with the policy

Hi @shariq.torres I have a question.

We have an unlisted app on Zoom where there we see buttons that says “Start conversion”, I don’t see any button that says “Publish the app by myself”.

We have a pretty complex setup and our clients use our Zoom developer keys on mobile and other app platforms to access webinars from their own Zoom account.

Does this policy effect us? we have no intention to get listed on the Zoom app marketplace and we are an unlisted app and we don’t see Publish the app by myself.

Thanks.

@shariq.torres are you able to get back to our message?

Dear @shariq.torres ,

Our team has received the email about changing the Meeting SDK app to be an unlisted app. Our Meeting SDK app was previously approved. My question is - when we resubmit the app with the Publish App Preference set to ‘Unlisted’ and it goes through the review process again, will the Meeting SDK app be able to function normally during this review period?

Thanks,
Katy

Katy,

The marketplace team will not have to review your app again when you transition to the unlisted option. Your app should continue to function normally.

Kaitlyn,

I apologize for the late reply. You are affected by this policy because your app – based on the description that you gave – joins meetings outside of the account that created it. Your app will have to go through marketplace review but you can still have it unlisted.

Hello @shariq.torres @donte.zoom

Currently I have a legacy SDK app and was flagged for a review process.
It seems like in the app build flow, there is no way to initiate this review process for legacy SDK apps.

In the open hours call, it came to light that this app review process is available for “UBF” apps and not legacy SDK apps. I have a couple questions:

1. Am I expected to sunset my SDK app and create a new app in order to enter a review process? Am I not able to receive a review for my existing app?

2. When will these legacy SDK apps not be supported anymore?

Thank you so much!

@shariq.torres We are in the same boat as @kurt2 and are completely blindsided by this we have a legacy app.

We are concerned about the ‘Start conversion’ button as we believe if we convert it will entirely break all existing functionally if we switch.

@shariq.torres is conversion needed for a marketplace review on a legacy zoom app, if we make the conversion will everything stay the same or break, this is too much of a risk for us if we don’t know.

Thank you for tagging me, @kurt2 . After taking a closer look, it appears that you’re unable to submit for review because your app is currently set to ‘intend not to publish’. Here’s what you need to do:

First, add the missing information:

1. Redirect URL for OAuth

2. OAuth Allow List

Then, on the SDK Activation page, enable publishing. After doing these steps, you should be able to submit for review. For further guidance, you can refer to our support documentation on updating the Zoom Marketplace App:

Also, note that there are several publishing options you can select. I’ve linked the support page which includes more details:

image886×502 60.1 KB

Kaitlyn,

You DO NOT have to convert your app to have your submitted for review. You can read @donte.zoom 's answer below ( Meeting SDK cross-account join policy - #33 by donte.zoom ) if you have issues submitting for review.

@yoon.conner Can you DM us about this and the domain verification, we have macOS like @giuggio, Windows, iOS and Android apps that use Zoom and do NOT use the end to end flow and all of this stuff we don’t use, yet we are asked all this information that we do not have as this app is meant to be unlisted but still have to go through app review.

We are concerned that going through this will now break ALL our existing production functionality since this app is in a draft state and we were not aware of this at all.

I wish Zoom was more clearer about this BEFORE we did this, it doesn’t make sense for an unlisted / private Zoom app that uses goes through Meeting ID, Password route to go through app review.