Oauth App Publishing Timelines

Hi Zoom API team,

We are wondering about the timeline for publishing Oauth Apps. Once we have all of the material in place for our two apps, around how long should we expect it to take for the applications to be published? Also, once we have published them, if we want to make changes to any of the details or the screenshots/video what is the process/timeline for republishing?

NGPVAN/EveryAction Team

Hi @NGPVANEveryAction, to start, this timeline is highly contingent on app descriptions, documentation, screenshot content, and the quality of functional testing. Following our Submissions Checklist, this process shouldn’t take more than a couple of days.

Please note, there may be a delay given a recent surge in app submissions, but our team is working hard to maintain a timely and quality turnaround in functional reviews.

Each upgrade (in which new or different scopes are requested) will require a unique Submission Review.

Please let us know if you have any questions, we’re here to help :slight_smile:

1 Like

Thanks @michael.harrington that is helpful!

I have a couple more questions:

  1. We are interested in getting the app on the marketplace with basic screenshots and no video and then republishing with nicer screenshots and a video once we are live to clients. Would that require a unique submission review?

  2. Can the support/documentation link be behind a login for our users? Our entire helpdoc site is behind a login.

  3. I’ve been looking into deauthorization and I am wondering if a user can change their user_data_retention preference after they have made it. We are a CRM product and I can imagine that a user might accidentally ask for the data to be removed when the admin at their organization would definitely not want that to happen and would want to reverse that request when we notify them that will need to delete any data we recieved from you all.

NGPVAN EveryAction Team


Hey @NGPVANEveryAction,

You can simply update your app with the new screenshots after it has been published.


Good point, I will bring this up to our team.


Thanks for the responses @tommy. I have a number of follow-up questions about deauthorization and the submission checklist.

  1. Will we need to send you all a PDF of our apps’ documentation so that you can review it?

  2. In regards to @michael.harrington’s comment earlier: What did you mean by "the quality of functional testing."Do you all need to use our marketplace app somehow before it gets verified??

  3. Can you help us understand better what you mean by “deleting User data” when the user asks us to remove it during deauthorization. We are a non-profit and political org CRM and we will very likely create records based on webinar registrant data that will then have subsequent actions taken on them, such as a user submitting a contribution to the organization after the event is over. Does your compliance require that we delete data all data we have ever received from you through the marketplace app or specifically data about the user?

  4. In this feature request: Full participant data for webinars for a user-level OAuth App we discussed the need for a webinar participant data endpoint. Since that doesn’t exist and your webhooks retries are disabled we are planning on publishing two separate apps. One for our using to link to webinars (which will be an Account-Level Oauth App, since we will have to hit the Webinar Participants Report endpoint) and another to link to meetings (which will be a User level app, so that non-zoom admins can install this app). Is that going to be acceptable? We’d love to make it one user level app, but we can’t do that without retries and/or a webinar participants endpoint.

  5. Speaking of ramifications of webhooks being turned off. We are planning on implementing a daily poll for registrations and attendance of all meetings/webinars that are linked to our system by our users and where the date of the meeting/webinar is within 2 days of today. I’m not sure if this would constitute “long polling” the API, but we feel that this will be necessary for reliability as long as the webhooks don’t have retries. Is this going to be a problem? Is there something else that you would like us to do?

Hey @NGPVANEveryAction,

You will send this during the app review process.

Yes, our app reviewers will install your app to make sure it works.

Per user basis, the userID is included in the deauth request.

Yes, that should be acceptable, however this can be discussed during the review process.

As long as you stay within our rate limits, you should be fine.


Hi Tommy,

A couple followups:

Our app will only be installable from within our software which does not have a freemium plan. I’m not sure if it would be possible to give your team a user account in our product to test the integration, but is that what you are saying must occur?

I don’t think I was clear here. What does User data include? It’s not clear from the documentation. In Deauthorization Notification - Webhook Only oAuth App you indicate that webinar recordings are not considered user-specific data. Obviously user PII is user data, but what about meeting/webinar registration information that was retrieved from a users account? Is that “user-data” that must be removed if they ask for it to be removed during uninstall?

Thanks for responding to all of my follow-up here!

NGPVAN/EveryAction Team

Hey @NGPVANEveryAction,

Yes, however if complications are in place, this can be discussed with our app review team once you submit.

Any user data that you have collected based from a specific user that has authorized your app.


For anyone who comes to this forum post, I just want to make it clear that this is NOT true.

From Zoom Support via a support email:

“For a published app, any change to the production environment will need to have an update request. When you make a scope change, users have to reauthorize, whereas other changes can be rolled out silently. In either of the cases, it needs to be approved by our marketplace team in order for the changes to reflect.”

Zoom’s current timeline for app approval is around 7 business days after submission. This means that if you submit an application in a functionally complete state but need to make any updates to it after the initial approval (say a switchover to a different production URL) you are looking at 3 weeks of wait time, not to mention more time if zoom has any requested changes to your submission.

For anyone out there who is looking to get a Zoom integration off of the ground, give yourself a month between finishing development and the date that you think it will be live.

@tommy and @michael.harrington I would advise you to make this information much clearer in your developer helpdocs, as we went through this process with a wild misunderstanding of the timeline, caused in part by responses to our questions here.

Hey @NGPVANEveryAction,

Forgive me for not being more clear. What I should have said was you can update your apps screenshots and other meta data / descriptions, but each update request will require the team to review and approve the update. That being said, updating meta data like the description and screenshots will not effect your current users or warrant them to take any action.

We have just expanded our Marketplace approval team with the goal of reducing the review times. Please know we are working as fast and hard as we can to support all the developers building with Zoom! :slight_smile:


Thanks, Tommy, we appreciate the clarification.

1 Like

You are welcome! :slight_smile: