Vendor attestation for Chatbot apps

I am trying to understand the requirements for app submission for a Team Chatbot app, and I have some questions.

  1. In the submission checklist here:
    https://marketplace.zoom.us/docs/guides/publishing/app-submission/submission-checklist/#14-vendor-attestation-tdd-and-evidence-documentation

it is stated:

Security evidence documentation is required for these app review requests:

  • Request to publish Zoom Apps apps
  • Request to publish SDK + OAuth apps
  • Request to share private apps (all types)

I don’t believe that Teams chatbots fall into one of these categories, so does that mean that no evidence documents are required in this case?

  1. The documentation states that a Technical Design document to be completed. There is a google docs template for this, however the submission workflow seems to ask many of the same questions.
    Which should I be using?
    If the answer is “use the workflow” - The TDD template states that section 3 only applies to Zoom Apps, so can I skip the equivalent questions in the workflow for my Team chatbot app?

Adding some more related questions - please advise if I should address these in a separate ticket:

  1. The submission requests:

Describe in detail about all of the technology, libraries, and APIs used in the application.
Does this include all client side and server side technology? (i.e. all javascript libraries)

  1. I am trying to understand the requirements for documentation as requested here:
    https://marketplace.zoom.us/docs/guides/publishing/app-submission/submission-checklist/#7-provide-a-documentation-url

I have looked at app listings for equivalent team chatbot only apps, and I can’t see any examples of this type of documentation… for example:
https://marketplace.zoom.us/apps/7I_5PIJiRyW40eo0yZ8PdA
If I was to install this chatbot, where would the documentation be made available? Or is it only supplied to Zoom as part of the submission?

@elisa.zoom
Hi there, I’m not sure how to progress with this - my question still has no replies.
Should I go ahead with my app submission using my assumptions?
Or is there some way to expedite a conversation about the ticket?

thanks

Hi @conor.mccarthy
Thanks for reaching out to the Zoom Developer Forum and thanks for tagging me.
I will look into this and reach out to the Marketplace to get some clarification on some of the concerns that you have and will come back to you.
Thanks a lot,
Elisa

1 Like

Hi @conor.mccarthy
Thank you for your patience. I was able to get some information for you.

I don’t believe that Teams chatbots fall into one of these categories, so does that mean that no evidence documents are required in this case?

If your app will be published in the Marketplace, then the answer is yes, you need to provide evidence. All published apps need to provide Security Evidence documentation.

If the answer is “use the workflow” - The TDD template states that section 3 only applies to Zoom Apps, so can I skip the equivalent questions in the workflow for my Team chatbot app?

You can use the embedded workflow that is available in the Marketplace, you do not have to use the template. Now for section 3 Private Attestation, it states all Zoom integrations, so this includes Oauth apps, Zoom Apps, Chatbots, etc. So please fill up that section as well.

Describe in detail about all of the technology, libraries, and APIs used in the application.
Does this include all client side and server side technology? (i.e. all javascript libraries)

You should be providing a developer-level explanation of the technologies and libraries that you used and you can be as explicit as you would like, in order for the reviewer to understand what you are using in your application. We basically want to know what choices you have made when building your integration.

If I was to install this chatbot, where would the documentation be made available? Or is it only supplied to Zoom as part of the submission?

The documentation URL required is a direct link for the documentation for this integration, that includes the correct way to install and uninstall your integration. If you scroll all the way down to the app you shared with me, you will see that they have included a Developer Documentation link under Developer Resources.

I hope this helps!
Elisa

1 Like