Should we go through app submission if we don't want to make our zoom app public?

Recently, we have received a request to review our zoom app, and I quote: “

You are receiving this email because you are using the Meeting SDK to join Meetings outside of your account.
Zoom has published a policy on how Meeting SDK applications can operate. It requires Meeting SDK applications to meet certain criteria, which will be validated through a marketplace review, in order to join meetings hosted by another account.
The Zoom App Marketplace team must approve your Meeting SDK app before December 20th, 2023. If your app has not been approved by this date, the app will be blocked from accessing meetings outside of the developer account used to create it.
Please submit your app for marketplace review as soon as possible to allow for time to fix any issues found by the review team.”

However, after some research on the app review process, we noticed that only public/published apps should be reviewed. We don’t intend to publish the app, and we don’t need it to be public on the marketplace, but we’re confused whether we need to go through the review process or not. We use the Meeting SDK in order for the users (patients) to join meetings from our Mobile app. Meetings are being created by doctors and being sent to patients. Could you please advise?

Hi @mahmood.k.samaha

Thanks for reaching out on the DevForum! When an app is public on our Marketplace it is accesible to the public, which means other Zoom accounts will be able to authorize this app. If you would like for an app to be used only by users within your Zoom account there is no need to make this app public and go through our review process.

Let me know if there is anything else I can clarify in this.

Thank you @catalina.diaz for the quick and clear answer.

I’d like to go a bit deeper, because I think my case is a bit different.

We have a doctor and a patient. The patient joins a meeting from their mobile app, using the zoom meeting SDK. The doctor has a free account, which is connected with webhook and OAuth.
We’ve created a personal room for that doctor, and we got the meeting room number and password. We share the meeting room number and password with the patient through the app, so that the patient can join. Then, when the doctor joins, we send a notification to the patient to join the meeting.

So, my questions are:

  1. Is this use case considered a case that requires app review?
  2. Which part should go through the review process? The patient’s part using the meeting SDK? Or the Doctor’s part using OAuth (and webhooks)?