Oauth app for zoom integration


I am new to zoom application development. I build apps for salesforce and plan to integrate zoom with my salesforce app. Using the zoom salesforce app is not possible as I want to build a seamless flow from inside my app.

I have decided to go ahead with using an OAuth app as I believe this will be best suited for my purpose. I have been reading a lot of the existing documentation. Still I am not clear with a few things which need to be taken care off before I can actually roll out a solution

Redirect Url in OAuth App
Though we understand that the oauth app needs to be provided with a redirect url, our concern here is that since our product is to be used by different customers whose salesforce accounts (orgs) will have different urls, how should we tackle this problem. We know that the “redirect_uri” parameter can be used to dynamically change the redirect url. But we have also read that the review process will check with the url specified in the app.

Approval Process
Though I understand the app review is important but for an OAuth app how is the review process done.
I am clear that I need to provide the oauth app with the correct details (scopes,metadata, use case etc) so that its easier for the reviewers to validate my app. What I do not understand is that will the reviewers use the third party app to see how the zoom functionality implemented using the OAuth app

In the end I would just like to say that I am thrilled to become a part of the zoom developer community and apologize in advance in case my questions seem too basic


Hey @schopra, thanks for posting and using Zoom!

You could handle this by using the state query param in the installation url so you know where to take the user after they install and land on your redirect url.

More info here:

We will work with you when reviewing your app to make the process as easy as possible. Just make sure to follow the App Submission Checklist guide.

We are so excited to have you build on our platform! :slight_smile:


Thanks for your inputs @tommy. My apologies for not being able to reply earlier.

While submitting the oauth app for review, we need to provide the domain. Now as I had mentioned that I have a salesforce application with which I want to integrate the zoom functionality, there is no domain that is owned by me,
Hence I also cannot put the verifyzoom.html file on the root as salesforce does not give such access.
Now what I want to understand is that whether can get the app reviewed without providing the domain and if in case the domain is mandatory, what can I do considering my use case with salesforce.


Hey @schopra,

Ah I see. Can you send me any links to the sales force docs of how you are hosting your integration?

Is this integration just internal to you/your company? If so, you could use a JWT app and JWT Token.


Thanks for the reply @tommy

The integration I am building is not for internal use but for our customers.
Just to give a background of how salesforce apps work and how I want the integration to work please see below.

Suppose there are 2 companies. “Company Alpha” and “Company Beta”. Both want to implement salesforce. They login to salesforce and signup for new salesforce accounts. In salesforce parlance, it is said that both companies have created their own “org”. Both companies create multiple users in their “org” so that their employees start using salesforce. Salesforce has a unique setup where each “org” has a different domain. The domain name needs to be set by the companies. For example the domain names for “Company Alpha” and “Company Beta” will be as follows

Company Alpha : companyalpha.my.salesforce.com
Company Beta : companybetamy.salesforce.com

Now both the companies want to enhance the functionality of their “orgs”. They go to the salesforce app exchange and install apps from their. The salesfore app exchange is like and app store for ios or playstore for android from where you can install different apps.

I have one such app listed on salesforce appexchange and both companies i.e. “Company Alpha” and “Company Beta” have installed my app. Now the requirement is that both the companies have various users who have zoom accounts and want to use zoom from within my app.

My idea is to create an oauth app in zoom using which I can build an api integration in my salesforce app which in turn can be used by various users of both “Company Alpha” and “Company Beta” to schedule zoom meetings directly from the app

Now the issue of domains is central to this whole idea. Since I do not own the domains but still want to authenticate the users of both the “orgs” using the same zoom app. This is causing issues for me as I cannot submit the app for review without providing the domain and even if I provide a domain of say my own salesforce “org” I still cannot put the “verifyzoom.html” file in the root of domain as salesforce does not provide such access.

Let me know if the explanation helps.


Please check the following url for some more information regarding appexchange

Hey @schopra,

Thanks for the detailed explanation!

The OAuth app you are developing is not hosted on a salesforce domain though. Your code does not live in salesforce, it lives within your own domain which is also the domain of the redirect url, whitelist url, and verification url (we can also do domain verification via DNS).

I think your question is really how do I redirect back to either companyalpha.my.salesforce.com or companybeta.my.salesforce.com after they install the app since my redirect URL takes me to my domain. You can simply use the state query param which persists through the OAuth flow. The user would click the connect Zoom account button (in their salesforce account or where ever they are connecting from) which navigates to your Zoom Apps install url (with the state query param), then authorize your app, and then land on your redirect url with the query param ?state=companyalpha which you can then redirect them back to companyalpha.my.salesforce.com.

You can see an example of this OAuth flow with the Zoom Sales Force App:


Let me know if that clears things up! :slight_smile:


Hi @tommy

First of all I would like to thank you for giving such detailed answers for all the questions I have been posting since the last few days.

Actually my code does reside in salesforce. The redirection part is not something I am concerned about as “state” parameter will handle dynamic redirects.

Since my salesforce app is a completely native salesforce application, I do not have a middleware to provide any kind of functionality. All the functionality is built into the salesforce application. Hence the oauth code as well as the subsequent API calls will be from within salesforce to zoom. To do this I use the salesforce’s programming language which is called “apex”.

This is where the concern is since there is no hosted app outside of salesforce and no custom domain used my me, I cannot provide any specific domain for review process as the domain will change from customer to customer.


Hey @schopra,

You are welcome! :slight_smile:

Ah I see, thanks.

Go ahead email developersupport@zoom.us with the link to this thread and we will help with the domain verification process.