Description
We received an email (attached) to publish our Meeting SDK which is currently accessing meetings outside the main developer account. I want to confirm clicking the “Change Now” button to enable publishing (and go through Zoom’s review process) will existing production usage be affected?
There are a lot of users who rely on our Meeting SDK integration and we to prevent the SDK from blocking users from joining meetings from other hosts.
Before we set our Meeting SDK App to “intend to publish”, I just want to confirm the effect on production. Our current production app is able to join zoom meetings outside of our account. Based on the email, our app has until August 17th to meet the requirements since it’s an existing application. Can you confirm that this will continue working until the August 17 deadline while our app is being reviewed for publishing?
@chunsiong.zoom
We’ve changed our status to “Intend to publish” and we’re working on filling in the required info. However, there are some parts that are required but do not seem related to Meeting SDK apps so we cannot complete them.
Our app (web, iOS, Android) simply integrate the Meeting SDK and embeds it to join meetings. We also do not use any custom UI (all legal notices are already handled by the Meeting SDK). The only thing we use is the SDK Key and Secret to generate a JWT to join a meeting. This requires no user authentication.
The first case is the “Documentation URL”. Our app does not integrate with a Zoom user’s account since it’s a Meeting SDK app, not an OAuth app. What should we fill in for this?
Similarly, because we’re just integrating the Meeting SDK, there’s no way to add or remove the app. The user will simply download our mobile app from the Google Play or App Store (or use our web app). This means the following is also not relevant.
On the scopes page, there is a single scope that we do not use and cannot remove. The warning indicates that we have a feature selected that uses this scope.
However, on the feature page there is no feature selected. Do you know what this feature is referring to and how we can unselect/remove it from our Meeting SDK app?
The first case is the “Documentation URL”. Our app does not integrate with a Zoom user’s account since it’s a Meeting SDK app, not an OAuth app. What should we fill in for this?
This checklist should cover it
Documentation URL and Installation URL should lead to a page where user or admin can understand the nature of app’s integration with Zoom
Similarly, because we’re just integrating the Meeting SDK, there’s no way to add or remove the app. The user will simply download our mobile app from the Google Play or App Store (or use our web app). This means the following is also not relevant.
If user downloads a mobile app, then the page should explain how to find the mobile app (links to the stores)
On the scopes page, there is a single scope that we do not use and cannot remove. The warning indicates that we have a feature selected that uses this scope.
Please current leave it as default, we are working to allow customization of this default scope.
However, on the feature page there is no feature selected. Do you know what this feature is referring to and how we can unselect/remove it from our Meeting SDK app?
You can leave it as is. That is for event subscription.
Documentation URL and Installation URL should lead to a page where user or admin can understand the nature of app’s integration with Zoom
Got it, we’ll prepare a page describing this
Please current leave it as default, we are working to allow customization of this default scope.
Since we can’t remove this, what should we add as the scope usage description? This blocks submitting the app for review:
What should the “Direct landing URL” be for apps that are on Apple’s App Store or the Google Play store? The checklist doesn’t mention this required field.
What should we add for the required “Deauthorization Notification” section? Since our app does not require authorization from the user, what should we do here?
Deauthorization endpoint might not be relevant to you, but do put a url for that
What should this URL do and how should we and the Zoom review team test it? We don’t require authorization so there is no de-authorization to test. Do we just put any placeholder URL (i.e. our homepage)?
Hi @chunsiong.zoom, I wanted to follow-up on my last question. We’ve finished all the other remaining parts but just need to understand what to put for the deauthorization endpoint for apps that don’t use authorization.
Earlier you mentioned that we can use the App Store or Google Play URL as the direct landing URL (Publishing existing meeting SDK - #10 by chunsiong.zoom) but seems this has to be on our domain. For now I’ve switched this to match our documentation URL since this also provides links to the app and google play stores. Will this be OK for Zoom’s review?
For our support URL we were using a Zendesk URL which is how we handle our support tickets. I’ve also added this URL to our documentation page and updated the form to re-use the documentation URL. Is this change OK as well?
Thanks @chunsiong.zoom, we’ve submitted the app for review and received some comments which we addressed and submit for review again.
One of the comments we received was confusion about our use of the integration. From the wording of the reviewer, they seem to be reviewing OAuth (or at least authorization) functionality which our app does not use (which they mention). We also only want to use the Meeting SDK and do not use any OAuth. Are these separate and if so how do we set up our Zoom app to only use and submit the Meeting SDK usage for review?
In our “Created Apps” our app type is indeed a Meeting SDK:
If we don’t use user authorization, is there something else we can do? From the original email we received from zoom in the first post of this thread, our app has to go through marketplace review.
So the type of app you are requesting is specifically an SDK app with OAuth enabled. At a basic level, there’s the expectation that authorization will be required because permissions are required from the user in order to make API calls on their behalf to perform some action within your platform.
From what we could see, it was possible to move through the flow of your use-case without authorizing. That would indicate an integration isn’t necessary. There may be other options you’d wish to explore.
If you do require the use of the zak, we are not seeing the role it plays and the current user flow does not include authorization, which in the case of any app that uses OAuth, is expected. you will have to outline why it is only the zak that is required and what your use-case is. Bear in mind, the place to answer this question is in the review process.
I’ve also asked this in our re-submission that’s currently waiting for re-review. You’re right that our user flow does not include authorization and that we our app does not have a reason to use the ZAK.
There may be other options you’d wish to explore.
Do you know what other option is available for us? Our app was created a few years ago so I suspected we may have set it up incorrectly back then. However I just tried to create a new SDK app and by default all of the OAuth settings are required.
Is there a way to remove the ZAK scope from our app? I also noticed this earlier in the thread but was told that Zoom does not allow customizing it at the moment. If this is the only way to submit a Meeting SDK app for review I don’t understand why we need to explain not using a setting we don’t have control over.