Useful resources:
- Create an OAuth App (step-by-step example)
- App Submission
- Marketplace App : Self-Assessment for Developers
- Submission Requirements
- Submission Checklist
Why does Zoom require a Production Environment for CREATE requests?
We need you to provide an environment in which we can authorize the production version of your integration for CREATE requests. This is so we can get the same experience an end user will have when they authorize and use your application.
For example, when we attempt to authorize the Zoom Integration from within your platform, we need to make sure we are hitting the Production App Credentials:
- The authorization from your application should look like this:
→ If you have provided the development or staging version of your site, we can test the app there, but the integration itself must point to production credentials
Note:
- When you work on your submission, please notice the following text:
- Development: “Use these credentials to test your app during the development phase. Zoom will only use these credentials to test App Update requests”.
- Production: “Zoom will use these credentials to test your app during App Approval. After Zoom approves your app, the live app on the Zoom Marketplace will use these credentials”.
- After your app is published on our Marketplace, we will require the development environment for any Update request/submission you will need to make in the future.
UPDATE REQUESTS
Once your app is published on the Zoom Marketplace and you need to add or remove scopes, you will need to submit an UPDATE request. However, it’s important to note that the production version of your app, which is currently published on the marketplace and accessible by end users, does not include the new scopes you want to add.
These added scopes will only be accessible to Zoom reviewers for testing by authorizing the DEVELOPMENT version of the app. Before pushing these new scopes to the production version of your app and making it available for live customers, it is a requirement for us to test the new scopes and confirm that they are working properly and secure.
To perform this functional test, we need to be able to authorize the development version of your app for UPDATE requests. Our reviewer’s accounts have the necessary permissions to authorize the development version of your app.
Possible hesitation in pushing the Zoom functionality to your Production site
Because the Zoom integration is not yet available for your production customers at time of submission, we understand there can be some hesitation to push the Zoom functionality to your production site. We recommend the following options to meet our requirements and address this hesitation:
- Production Site with disclaimer, Production Client ID
- Enable the Zoom Authorization (with production client ID URL Parameter) on your production site and include a disclaimer for end users that this feature is currently under review and will be publicly available soon.
- Account specific Production Site, Production Client ID
- Enable the Zoom Authorization (with production client ID URL Parameter) for the test account you have provided for our review. This option is best if you can enable features for specific users and want to avoid end users discovering a feature that is not yet publicly available.
- Staging Site, Production Client ID
- ONLY AVAILABLE IF YOUR STAGING SITE IS AN EXACT REPLICA OF YOUR PRODUCTION SITE.
Enable the Zoom Authorization (with production client ID URL Parameter and staging site redirect_uri parameter) on your staging site so we can login using the staging test account provided, authorize the production version of the integration and complete our review away from end-user visibility.
For a step-by-step guide on how to create an OAuth app, please check this page.
Domain Validation
Any domain receiving callbacks or requests from Zoom must be authorized. To verify a domain, download the HTML file with a verification code and place the file in a folder called /zoomverify under the root of the domain. Once this is completed, click Validate to allow the app to be submitted for review.
If you run into issues with domain validation that are blocking your submission, please file a ticket with support and request help with manual domain validation. Include the details about your app (App Name and Development Client ID) and describe your situation.
