User Managed App Webhooks Not Working

Greetings,

I have 2 user managed OAuth apps, one was created in January and one today(Mar, 26th, 2024), both account are for development purposes, we’re going to publish our app soon. We have an issue with the new account where webhook events are not being sent, we have tested both accounts locally on the same device and on our staging environment, and the new account isn’t receiving any webhooks calls.

Is there a certain group of scope or other configs that we may have missed, because I can see that the scopes on my account that was created in January are a bit different from the most recent account.

other questions:

1. we want to use the deauthorization endpoint as well but we still can’t test because we haven’t moved to beta, is there a certain set of scopes that we need to add as well?
2. is there a way to see what scopes are available for all accounts based on privileges, that is, how can i know that im missing a scope that i don’t see in the list because of my privileges?

Webhook Events

1. Meeting ended
2. User profile info has been updated

Used Scopes

• I noticed that the view a meeting(meeting:read:meeting) is disabled for the new account and i can’t enable it

1. meeting:write:meeting
2. meeting:update:status
3. meeting:update:meeting
4. meeting:delete:meeting

Local Env Info:

• Using Ngrok
• Sample endpoint: https://9ea9-82-212-126-54.ngrok-free.app/integrated_apps/v1/zoom_webhooks/meeting_updates

Staging env:

• Using Portainer
• Sample endpoint: https://xxx-pr-xxx.xxx.devops.zenhr.com/integrated_apps/v1/zoom_webhooks/meeting_updates

Hi @a.keewan ,

The newly created apps cannot access classic scopes at this time. They can use the new granular scopes. Some scopes are still being deployed and are not available to add to the app. The fix is upcoming.

Which scopes (of those that are relevant to you) can you see for the new app?

Hi @gianni.zoom

Our application serves as an Applicant Tracking System (ATS), offering the functionality to schedule and conduct virtual interviews seamlessly. Through our platform, users can create events and conduct them virtually using a dedicated screen, which integrates with the React Zoom Meeting SDK and component view. When a user schedules a virtual meeting (e.g., Zoom) within our platform, we automatically link this event to a corresponding Zoom meeting. Any modifications made to these events (such as creation, updates, or cancellations) are promptly reflected in the associated Zoom meeting. Moreover, our system supports webhooks, enabling automatic cancellation of associated events in case a user cancels the Zoom meeting through any of Zoom’s platforms.

The APIs that we use are:

1. Scheduling meetings: https://api.zoom.us/v2/users/me/meetings
2. Cancelling and rescheduling meetings: https://api.zoom.us/v2/meetings/#{meeting_id}
3. Instant meetings: https://api.zoom.us/v2/users/me/meetings
4. Access and refresh token generation: https://zoom.us/oauth/token
5. To get user profile: https://api.zoom.us/v2/users/me

The hooks that we subscribe to are:

• To cancel associated events:

1. meeting.deleted

• To disconnect the integration for our users from our side:

1. user.deleted
2. user.deactivated
3. app_deauthorized

• To show the recording link for meeting recorded on the cloud:

1. recording.completed

Our account type (role): Developer

The scopes that we currently use are:

• For old account (created in Jan):

1. meeting:write
2. recording:write (not sure if needed)
3. recording:read
4. user:write (not sure if needed)
5. user_info:read
6. user_zak:read
7. user:read
8. zoomapp:inmeeting

• For new account - to be published (created this week):

1. meeting:write:meeting
2. meeting:update:status (not sure if needed)
3. meeting:update:meeting
4. meeting:delete:meeting
5. user:read:token
6. User:read:zak
7. zoomapp:inmeeting

The problems that we’re facing now with the new account are:

1. We can’t find some of the classical scopes in the new granular scopes (list provided above).
2. Meeting:read:meeting scope can be found, but it’s disabled.
3. Regarding the Deauthorization Notification and the rest of the hooks, we have a separate server and subdomain for our Saudi server. That is, our app serves under app.zenats.com worldwide, while it serves under sa.app.zenats.com in Saudi Arabia. Do we need to create 2 Zoom marketplace apps?
4. Given the scopes that we used in the first testing app and the features we are going to use and provide, are the scopes sufficient?
5. Given that some scopes are not available in the apps created late this month, what if some scopes require a higher account role (e.g., admin)? How can we know?
6. Is it possible to conduct a meeting to show you what we currently have and our technical documentation?

Hi @gianni.zoom any updates?

Hi @a.keewan ,

Classic scopes will not be available for new apps.

I don’t see that scope in the available scopes list – can you confirm this is the right one you’re looking to add?

Here is the current guidance for implementing multiple OAuth environments. For more assistance on publishing criteria App Marketplace will be able to answer.

It’s best to go to to the documentation to see the classic and granular scopes listed for each endpoint. If you find some endpoints without that info, please let me know. I know some are still being rolled out for our endpoints.

I can assist for API-related questions and general application questions. Questions specific for the TDD are reserved for App Marketplace developer advocates as they are the ones reviewing and approving application submissions.

Thanks

Hi @gianni.zoom

Thank you for your detailed answer.

Here’s a list of the APIs and WebHooks we’re going to use. As you can see, some of the APIs don’t have a matching granular scope in the available scopes list. As for the WebHooks, I couldn’t find a reference for the scopes needed by each WebHook. Could you please provide me with that as well?

Used APIs

1. Get the user’s ZAK
   • Scope:
     • Classic (specifically “user_zak:read”)
     • Granular: not available in Integrations - Granular scopes
2. Get a user’s token
   • Scope:
     • Granular (“user:read:user”)
3. Get a user
   • Scope:
     • Granular (“user:read:user”)
     • Classic: “user_info:read”, “user:read”, “user:read:admin”
4. Create a meeting
   • Scope:
     • Granular (“meeting:write:meeting”)
5. Delete a meeting
   • Scope:
     • Classic (“meeting:write”)
     • Granular: not available in Integrations - Granular scopes
6. Update a meeting
   • Scope:
     • Classic (“meeting:write”)
     • Granular: not available in Integrations - Granular scopes

Used Webhooks

Could you please provide me with the scopes related to the following webhooks?

1. meeting.ended
2. app_deauthorized
3. user.deactivated
4. user.deleted

Hi @gianni.zoom

Any updates regarding my last reply?

Hi @a.keewan ,

If the API is not listed on that page with an associated granular scope, this means it has not been rolled out yet. Please see more context from our granular scopes guidance.

The webhooks will use the same scope accompanied with the APIs you’re referencing/will be using.