OAuth and Zoom API : Connecting user's Zoom account from multi domain application


I’m working on the understanding which licence(type of account) and Zoom OAuth App would suit me best for below scenario:

We are working with an application which is hosted on a different domain for each clients (eg. client1.domain.com, client2.domain.com) and users are allowed to create appointment slot and 1v1 appointment.

Zoom User cases:
User will be allowed to connect their zoom account in our application which should allow us to create/update/delete appointment using Zoom API. Also the user should also be able to disconnect his zoom account from the application.

Our goal is for seamless integration and not require any API/Auth keys from our clients.

Q. What is API licences and how can will it help my case? Do I need it for above use case?

Q. Which type of account do we need to use for creating a OAuth app.
As per below rate limit link, there are options are Pro and Business account plan. But if the rate limits considered from the account whose API key we are using and not the account for whom we are making the API call for then we might face the HTTP 429 status code. Is that correct? A

If yes, then do we need to create individual OAuth app for each customer with unique accounts having Pro Business account.

Q. Will a single OAuth app work if we have client having different hosting URLs? There might be issue with callback if we have different domain for each client.

Q. Lastly we want to avoid this scenario but should we asking client’s Zoom admin to create an OAuth app and share the keys which could be used in the API calls? Since all the users in the application should be belonging to same Zoom admin account we might need to request for authorization and directly create the meeting on user’s behave.

Has anyone else worked on similar use case in a better way?

Let me know if I’m asking wrong question. I’m open to suggestions. :grimacing:

@MaxM @tommy @will.zoom !!

Hey @khanmdmudassir,

Thank you for reaching out to the Zoom Developer Forum.

You don’t need a special account to create an OAuth App.

When using Oauth, you create one app and publish it. From there, users or accounts can install your app. When your app makes requests, it’s making in on behalf of the user/account that installed your app. This means that the rate limits are tied to their accounts.

You should redirect to a URL that you control in this case. From there, you can redirect to their subdomain as needed.

No, with OAuth the user is installing an app from the Zoom Marketplace and does not need to provide you with keys directly. As part of the installation, you will obtain an Access Token and Refresh Token to make API calls on their behalf.

I hope that helps! Let me know if you have any questions.


Hi @MaxM ,

Thanks for you response!

I have been doing a lot of digging my self since I last posted this question. I have found answers for couple of questions which I like to share it with you since it doesn’t match the answers you have provided. Please correct me if I’m wrong.

Q. I still don’t know what is API licences and it’s benefits.
Q. As far as I know there are two type of Rate limits, Account level and user level. The one which you explained was users level. But I want to know if the rate limit at Account level is shared across all the users under Admin having their own individual OAuth App? Or each user account created by Admin has it’s own account level rate limit ?

Q. Also I understand we need a minimum Pro + licence for API. So if the Admin has Enterprise licence will the user created under the Admin will have Enterprise level account rate limit?

Q. What are the account level rate limit for Meeting licence?

Q. For redirect related question, your answer is valid as well. But in my case we have client domain url as cust1.domain.com, cust2.domain.com etc. In this case we can use the multiple env redirect by mentioning any.domain.com in the OAuth app. Correct ?

Q. How can we monitor the API call which we make for the users we make api calls for so that we can track the whether a user has reach it’s user-level rate limit?
Q. Also can a user authorise multiple times? or will it get a different response if the user is already authorise ?

Q. Which OAuth Scope should we use? user-level or admin-level ? I think user-level

Thanks! Stay Safe!
Mudassir Khan


An API Partner License is a type of account that resells access to Zoom and therefore has access to some reseller level APIs.

Rate Limits as a while are tracked at the account level. This means that any API request made from that account regardless of the user counts towards the rate limit. However, there are some APIs that have their own limits.

For instance, the Create a Meeting API has a limit of 100 meetings per user per day. See our Rate Limit documentation for more information.

You can use the API with a Basic user but you won’t have access to Pro features like Cloud Recording. When it comes to rate limits, yes it is based off of the account type.

Yes, that’s correct

You can check the headers of the response. Please see our documentation on Rate Limits

Not currently but this is something we are working to add in the near future. Currently, re-authorizing the app causes it to be re-installed and only the latest token is valid.

I’ll need more information about the use case to know which app type is right. For the most part, unless necessary, I try to write apps with the least amount of access required. If you only want to create meetings for the user that installs the app then a user-level app is likely the best method.

If you plan to create meetings for multiple users on an account and you don’t want all of them to have to install your app then an account-level app is likely the best bet.

I hope that helps! Let me know if you have any questions.

Thanks :slightly_smiling_face: @MaxM ! You have answers all of my questions!


Glad to hear Max was able to help answer all of your questions. Thank you for posting in the Developer Forum.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.