Possible to create meeting on behalf of another Zoom account?

I know that I can create meetings for users under my account with the REST API, but is it possible to create a meeting on behalf of users from another account?

The use case is that I have web app that clinicians use and I want them to be able to create instant meetings with their clients through my app with their existing zoom account.

I don’t want them to have to enter in credentials. If possible, could I just use their credentials they have already given to me, using the REST API?

Absolutely, that is PRECISELY why the Zoom Marketplace exists!

These are multi-tenancy apps (meaning one set of source code can operate with multiple users concurrently, securely, and distinctly from one another). Of course, this does mean that you’ll need to implement Zoom’s OAuth2 Authorization Flow (to obtain an access_token and refresh_token for each authenticated user, rather than using the JWT). You’ll need a database to securely store data about your app’s users, their specific app’s configurations, for operational data of the app, and to manage these users as your app’s customers.

Using OAuth2 Authorization Flow does exactly what you said, ZERO user credentials are entered, they just need to login to their Zoom account, and we shoulder the burden of authentication.

Once you have an access_token for a user, they’ve granted permission for your app to access the REST API (based on the scopes you set on your app, and which are displayed to them as Permissions for your app during installation).

1. Login to https://marketplace.zoom.us
2. Click on “Develop” => “Build”
3. Start defining your app in the Zoom Marketplace (this seems like a User-Level App)
4. Save your app’s settings, and copy your Development API Keys
5. Add these API Keys in your app’s environment variables (and store them securely)
6. Build your app’s OAuth2 Authorization Flow code per our docs here: https://marketplace.zoom.us/docs/guides/authorization/oauth-with-zoom
7. Test our REST APIs using Postman (if you like): https://marketplace.zoom.us/docs/guides/guides/using-postman-to-test-zoom-apis
8. Begin implementing your app’s code
9. When you’re ready to begin sharing the code with others for testing/use, generate the “Publishable URL” in Marketplace.
10. Share the Publishable URL, and watch these Zoom Users begin installing your new app (optionally, you can publish the app to the Marketplace and make it available for ALL Zoom Users to install).

Does this help answer your question?

Thanks for the detailed response. That helps.

I believe you have pointed in the right direction. When a user “installs” my app, they are actually just giving my app permission to make requests on their behalf, correct?

I’ve almost figured out everything, except for creating a meeting for another user. When making the API call to create a meeting on behalf of a user, I get the error:

Invalid access token, does not contain scopes: [meeting:write:admin]

Which is a valid error, but in my marketplace app settings I don’t have the option to choose this scope. In fact, I don’t have any scopes with admin. When I use an account level app then I have admin scopes available.

But, the scopes for POST /users/{userId}/meetings show that you only need:

Scopes: user:write:admin user:write

So, what approach should I be taking to create a meeting for a user that has installed my user level app?

Hey Peter,

The issue:

Appears the docs are incorrect, that should be [meeting:write:admin] instead of [user:write:admin]

The root cause:

I incorrectly instructed you to create a User-Level app (my apologies). I didn’t look at the specific API request you’d need to fulfill your use case, this one, to see what scopes were required.
In this case, an Account-Level app is required to be implemented, then you would add the [meeting:write:admin]. Worse, this is a known bug in our system (cannot switch an app from one to the other, Account-Level <–> User-Level). Worse-still, it would appear that our docs are inaccurate here (once again, please accept my apologies)

The solution:

I hate to say this, but right now, the only solution is to create a new, Account-Level app, and apply all the same configurations from your previous, but add the scopes required for this call to have permission to run. Once you’re 100% sure you’ve recreated all the settings from the User-Level app…delete it. Then replace the API Keys and Verification Tokens in your code with the new app’s API Keys and Verification Token.
This should get you moving in the right direction.

Would you be able to save some time by first just briefly using the Account-Level app you’ve created with the right scopes, and using Postman to test this works as we both expect?

If you do this, would you share with me your results, and I will also test, and if we both can confirm…I will update the docs.

So sorry for not catching that earlier than this and causing you extra headache and for the lost time.

Does this help and get you unblocked?

Yours,
Ben

Yes, but in the case of an app that needs to write to services on behalf of other users in the account, then an Account-Level app is required (and this can ONLY be defined while initialization the Build flow for an app, aka: when you name it on the 1st step).

Once again, my apologies for not catching that sooner.

Hey Ben,

I’m still in a proof of concept phase, so no headacahes here .

I have successfully created a meeting for my user with an Account-Level app and with the meeting:write:admin scope, so that part works.

I think the initial post title I used didn’t communicate what my exact intentions were, so I updated it.

I want to know if it’s possible to create a meeting on behalf of a user from a different account. Not my account, but someone else’s account. For example, a new user to my application may not have a Zoom account, so I will set them up under my account. That’s easy. But, they may also have their own existing Zoom account, totally separate from me. Is it possible to still create a meeting for them even though they are not under my account?

Currently I get this error when trying to create a meeting for a user that is not in my account, which seems valid:

{ "code": 1010, "message": "User not belong to this account: p0KT53BCTHSEi6O9Jn-jSw" }

So happy to hear things are moving in the right direction.
Thank you so very much for sharing your experience and helping us to improve the Zoom Developer Docs.
I’ve submitted a ticket to get this fixed up.

Thank you, Ben.

Maybe I’m missing something here, but I still don’t know if it’s possible to create a meeting on behalf of another user on an account that isn’t mine.

I have installed Microsoft Teams by Zoom and it can create meetings for me, so that answers my question. It’s possible to create meetings on behalf of users from any account in Zoom, as long as my app is a User-Level app.

The Zoom API for creating meetings says I need scopes user:write:admin user:write, but we have already determined that the docs are incorrect and that I actually need scope meeting:write:admin. This is where I think there is a problem, because Microsoft Teams by Zoom only requires scope meeting:write in order to create meetings for me and it indeed can create meetings for me.

This leads me to believe the REST API has another issue since, I can’t create meetings with scope meeting:write, but Microsoft Teams by Zoom can create it, which is clearly a User-Level app.

So, is this an actual bug right now? Or am I misunderstanding how this is all working?

Thank you for support so far.

I will take a look at this when I return from the Christmas break on Wednesday, is that satisfactory or do you need this immediately please?

Hi @peter.santos,

We’ll correct the docs right away as it’s misleading. However, you should be able to create meetings with the meeting:write scope if you create a user level app. You wouldn’t need the meeting:write:admin scopes as most admin scopes are only needed for account level apps.

Please let us know if you have any other questions, we’ll be more than happy to help out.

Thanks

Yes, that fine. I just got back from break as well.

Hi @michael_p.zoom,

I’ll try to create a meeting for a user via the user level app, again. Hopefully that works.

Thanks.

Hi @bdeanindy and Michael_Purnell, I tried it again. Here’s what I did:

1. Created two separate zoom accounts. One with my personal email (personal@gmail.com) and one with my work email (work@gmail.com).
2. Created a User Managed app under the zoom account with email personal@gmail.com.
3. Added the following scopes to my app: meeting:write, user:read, user:write.
4. Generated testable url from local test tab in the zoom developer marketplace > Manage > Created Apps > My App.
5. Tested url by logging in with the work@gmail.com account and received the ‘code’.
6. Used ‘code’ in https://zoom.us/oauth/token?grant_type=authorization_code&code=my_code&redirect_uri=some_redirect_uri with Client ID and Client Secret from zoom account created with personal@gmail.com.
7. Got back access token with scopes: meeting:write, user:write, and user:read.
8. Used access token to create meeting with post to https://api.zoom.us/v2/users/work@gmail.com/meetings
9. Got back JSON response object: { "code": 124, "message": "Invalid access token, does not contain scopes: [meeting:write:admin]" }

Hopefully this gives you more context into what I am doing. Please let me know if I’m doing something wrong. I followed the guide and I believe I’m doing everything correctly. Of course, maybe I’m misunderstanding how Zoom is supposed to be used.

@peter.santos I will try to spend some time on this later today sir, or at least over the weekend to provide some code and working examples as guidance.

@bdeanindy Any update on this? Is this an API issue on your side or an implementation issue on my side?

Have you tried using the special “me” endpoint? https://api.zoom.us/v2/users/me/meetings

Also, I’m not sure user:write and user:read are needed if you are only creating meetings.

Hey Peter,
My apologies, I had some things arise this weekend which kept me from getting to this.
I’ve started coding against this to see if I can isolate the issue, and will respond back once I have more information today.

@Jonathan_Champ THANK YOU!

Once I saw the “me” endpoint and read over that part of the documentation again, everything made sense. I pretty much have everything working now.

The guide says:

…we are using the me context for the user’s endpoint. When using a OAuth token, you can use me in place of the user ID…

The “can” part made me think that I don’t necessarily have to use “me” as the ID, but it looks like I do for a user-level app. Thinking about user-level apps and “me” as an ID makes sense, but the guide confused me.

Anyways, thanks again!