Thanks for sharing more details with me.
When you say notification endpoint URL, are you referring to the URL that will be receiving webhook events?
And when our team reviews the app, they do it with the Production credentials, since they will be reviewing the app as if they were the final users/customers so the development credentials are specifically for you for testing purposes.
When you say notification endpoint URL, are you referring to the URL that will be receiving webhook events?
Yes, that’s right.
Of the webhook events, it is a deauthentication notification.
information > Deauthorization notification > Endpoint URL.
I am asking whether it is possible to set the deauthentication notification endpoint URL separately in the development environment and the production environment.
If it is impossible to set both in the development environment and the production environment, is the answer that if you set only the deauthentication notification endpoint URL in the production environment, you can pass the inspection without any problems?
And when our team reviews the app, they do it with the Production credentials, since they will be reviewing the app as if they were the final users/customers so the development credentials are specifically for you for testing purposes.
At the time of the review, you answered that you would use the information of the production environment, but does Zoom use the information of the development environment?
There is the following description in the APP settings.
“Zoom will only use these credentials to test App Update requests.”
We believe that Zoom will use the development environment information when updating the APP.
If you set only the deauthentication notification endpoint URL of the production environment when updating the APP, will there be any problems such as failing the review?
“Redirect URL for OAuth” or “Webhook Event notification endpoint URL”
can set two information for development environment and production environment, but it is difficult to set because only one deauthentication notification endpoint URL can be set.
About the previous questions you reached out about:
I am asking whether it is possible to set the deauthentication notification endpoint URL separately in the development environment and the production environment.
You can use separate environments yes.
If it is impossible to set both in the development environment and the production environment, is the answer that if you set only the deauthentication notification endpoint URL in the production environment, you can pass the inspection without any problems?
If the deauthentication notification endpoint URL is properly set up and working in the production environment there should be no issues with funcitonal testing.
At the time of the review, you answered that you would use the information of the production environment, but does Zoom use the information of the development environment?
Our Marketplace team only uses development credentials once your app is published in the Marketplace and you are making an Update request to your published app.
There is the following description in the APP settings.
“Zoom will only use these credentials to test App Update requests.”
We believe that Zoom will use the development environment information when updating the APP.
If you set only the deauthentication notification endpoint URL of the production environment when updating the APP, will there be any problems such as failing the review?
“Redirect URL for OAuth” or “Webhook Event notification endpoint URL”
can set two information for development environment and production environment, but it is difficult to set because only one deauthentication notification endpoint URL can be set.
I am not sure I understand this last question. But there is only one Deauthentication notification endpoint and the Redirect URL for OAuth might be different for production and development. If you are submitting your app for review, our team will use production credentials.
Once your app is published and if you want to make an update, then the team will use the development credentials.
As far as I can confirm the answer, the deauthentication notification endpoint URL (https://example.com/endpointurl) works normally, because the information in the production environment is used when conducting the APP review.
I think I will pass the examination without any problems.
However, in the future, if you make any updates to this APP and make an update request, the deauthentication notification endpoint URL (https://example.com/endpointurl) will be the information of the production environment.
It is not the development environment information (https://develop.example.com/endpointurl).
Is there a problem that the information is not in the development environment and the update request fails?
Or will the update request succeed without any problems even if it is information from the production environment?
Hi @taki22
Your understanding is correct.
The update request will be successful even if your deauthorization endpoint URL is set to the production environment.