Webhooks enable your application to receive event notifications from Zoom in real time. Instead of continuously polling the API to check if a meeting has started, if a user has joined, or if a recording has finished processing, you can simply configure a webhook, and Zoom will push structured event data to your server as soon as those events occur.

Put simply, think of webhooks as a notification system for your app. Instead of constantly asking Zoom, “Has anything happened yet?”, you let Zoom notify you the moment something important takes place. This not only improves performance and efficiency but also allows your app to respond to events instantly — creating a more seamless and automated user experience.

With webhooks, you can track everything from meeting lifecycle events (created, started, ended) to participant actions (joined, left, raised hand), as well as recording updates, chat messages, webinar events, and much more. Combined with OAuth and server-side logic, webhooks become a powerful tool to extend your app’s functionality, automate workflows, and integrate Zoom events into your wider systems.

In this blog, we’ll break down how webhooks work, the types of events you can subscribe to, and the steps to securely configure them for your Zoom app.

What are Webhooks in Zoom?

Webhooks in Zoom are event-driven HTTP callbacks that notify your application whenever something important happens in your Zoom account or within a meeting. Think of them as Zoom’s way of proactively telling your system, “Hey, an event just occurred!”.

When a webhook-enabled event happens — such as a meeting starting, a participant joining or leaving, or a cloud recording being completed — Zoom automatically sends an HTTP POST request to an endpoint (URL) that you define.

• The POST request contains a JSON payload with detailed information about the event.
• Your app can then parse this data and respond accordingly — for example, updating your database, sending a notification, starting a workflow, or syncing with another system.

Example Workflow

1. You configure Zoom to listen for the meeting.started event.
2. A host begins a scheduled meeting.
3. Zoom generates a webhook event and sends an HTTP POST request to your app’s endpoint (e.g., https://yourapp.com/webhooks).
4. Your server receives the JSON event data, which might include the meeting’s ID, host details, and timestamp.
5. Your application executes custom logic — such as auto-logging the event, notifying a CRM, or triggering analytics.

Why Webhooks Matter

• Efficiency: Instead of polling the Zoom API in loops to check for updates, you get notified instantly.
• Real-Time Automation: Enables you to react to events as they happen — such as granting user permissions when they join, or sending follow-up emails after a webinar ends.
• Scalability: Works seamlessly for multiple Zoom accounts and apps, without overloading Zoom or your server with unnecessary requests.

Supported Event Categories

Zoom provides webhooks for a wide range of event categories, including:

• Meetings: started, ended, participant joined/left, meeting recordings completed
• Webinars: registration created, attendee joined/left, webinar ended
• Users: created, deactivated, updated, role assignments
• Recordings: recording started, completed, deleted
• Chat & Team messaging: new messages, reactions
• Apps & Integrations: authorization updates, token events

By subscribing to the relevant events, you can tailor webhooks to only send the data that matters most to your application.

Zoom Webhook Event Flow Explained

To better understand how Zoom Webhooks work, let’s break down the event-to-notification flow step by step:

The diagram illustrates how a Zoom event notification (such as a meeting starting) is handled end-to-end using webhooks, application logic, and integrations with external services.

1. Event Trigger (Zoom App → Webhook Endpoint)

• When a specific event occurs in Zoom (e.g., a meeting starts), Zoom sends a notification in the form of a JSON payload to the configured Webhook Endpoint.

2. Validation (Webhook Endpoint)

• The webhook endpoint first checks whether the incoming JSON payload is valid.
• If the payload is invalid, it returns a 400 Bad Request error.
• If valid, it proceeds with further processing.

3. Forwarding Event Details (Webhook Endpoint → App Logic)

• Once validated, the webhook endpoint forwards the event details to the App Logic component.

4. Processing Event (App Logic)

• The application logic performs multiple tasks in parallel:
• Update Meeting Status (App Logic → Database): Updates the meeting’s current state (e.g., started, ended) in the database.
• Send Notification Email (App Logic → Email Service): Triggers an email notification to relevant participants or stakeholders.
• Sync Event Data (App Logic → External System): Pushes the event data to any integrated external systems for synchronization.

5. Completion Acknowledgement

• After processing is complete, the webhook endpoint responds back to Zoom with a 200 OK acknowledgment, confirming receipt of the event.

How to Set Up Webhooks in Zoom

Configuring webhooks in Zoom allows your app to receive instant notifications about important events. Here’s a detailed guide based on the Zoom App Marketplace interface:

1. Access Zoom App Marketplace and Open Your App
   Log in to the Zoom Marketplace and either create a new app or edit an existing one where you want to enable webhooks.
2. Enable Event Subscriptions
   Inside your app settings, locate the Event Subscription feature and toggle it ON. This activates the ability for your app to subscribe to Zoom events and receive webhook notifications.
3. Create a New Event Subscription

• Click Add New Event Subscription to start configuring a webhook subscription.
• Choose the subscription method — usually, Webhook is selected (there’s also WebSocket if your app requires it).
• Provide a clear Subscription Name to identify this webhook subscription.

4. Enter Your Event Notification Endpoint URL

• Specify the publicly accessible, HTTPS-secured URL where Zoom will send event notifications via HTTP POST (for example, https://yourapp.com/webhooks/zoom).
• This URL acts as the listener for incoming event payloads.

5. Select Events to Subscribe To

• Click Add Events and choose the specific Zoom events your app should listen for, such as meeting.started, participant.joined, or recording.completed.
• When you add events, Zoom will automatically select the necessary permission scopes for your app.

6. Configure Authentication Headers (Optional)

• You can optionally set a custom authentication header to help validate incoming webhook requests from Zoom, enhancing security.

7. Save Your Configuration

• After filling out all fields and selecting events, click Save to activate the webhook subscription. Zoom will now POST event data to your endpoint as those events occur in real time.

This interface makes webhook setup intuitive, allowing you to precisely control which events your application responds to and how secure the data delivery is.

Sample Webhook Payload

Here’s an example JSON payload for a meeting.started event:

{
  "event": "meeting.started",
  "payload": {
    "account_id": "ABCD1234",
    "object": {
      "id": "987654321",
      "host_id": "abcdXYZ",
      "topic": "Team Sync Meeting",
      "start_time": "2025-08-17T10:00:00Z"
    }
  }
}

Your backend can parse this payload to trigger custom workflows.

Example Implementation (Node.js + Express)

Here’s a simple server that listens for Zoom webhooks:

from fastapi import FastAPI, Request
from fastapi.responses import JSONResponse

app = FastAPI()

# Endpoint for Zoom webhooks
@app.post(“/webhooks/zoom”)
async def zoom_webhook(request: Request):
body = await request.json()
event = body.get(“event”)

print(“Received event:”, event)

if event == “meeting.started”:
topic = body.get(“payload”, {}).get(“object”, {}).get(“topic”)
print(“Meeting started:”, topic)

return JSONResponse(content={“message”: “Event received”}, status_code=200)

# Run the app with: uvicorn filename:app — reload — port 3000

Detailed Overview of Supported Webhook Events

Zoom provides a rich set of webhook events to help your application stay in sync with real-time happenings inside Zoom meetings, webinars, user accounts, and more. Understanding these event types lets you choose exactly what your app needs to respond to — ensuring efficiency and relevance.

Categories of Webhook Events:

• Meetings: Notifications for lifecycle events such as meeting.created, meeting.started, meeting.ended, participant.joined, and participant.left.
• Webinars: Events like webinar.started, webinar.ended, panelist.joined, and attendee.registered.
• Recordings: Including recording.started, recording.completed, and recording.deleted.
• Users: Changes to user status like user.created, user.updated, and user.deleted.
• Chat and Messaging: New chat messages, reactions, and changes within team chat.
• Account-level events: Role assignments, app authorization changes, and account settings updates.

By subscribing to specific events, your app receives notifications tailored to its functionality, without unnecessary noise. For example, a meeting management tool might subscribe to meeting and participant events, while a recording management system would focus on recording events.

Webhook Security: How to Verify Requests from Zoom

Security is paramount when handling webhooks because your endpoint is exposed to external HTTP requests. To protect your application and sensitive user data, Zoom provides mechanisms to validate that incoming webhook requests genuinely originate from Zoom.

Verification Mechanisms:

1. Verification Token

• When you create or configure your webhook subscription, Zoom provides a Verification Token.
• Zoom includes this token in the header of each webhook HTTP POST request or within the payload.
• Your server should verify this token matches the expected value for every incoming request. Reject any requests with invalid or missing tokens.

2. Signature Verification (Recommended)

• Zoom supports an HMAC-SHA256 signature sent in the x-zm-signature header.
• Using your app’s secret, you compute a signature for the request payload and compare it with x-zm-signature.
• If they match, the request is verified as authentic; otherwise, discard the request.

3. Enforce HTTPS

• Your webhook endpoint must use HTTPS to encrypt communications and protect data integrity.

4. Additional Security Best Practices

• Validate timestamps or nonces if provided to prevent replay attacks.
• Limit accepted IP ranges if possible.
• Log webhook activity to audit and monitor suspicious behavior.

Example: Token Verification in python

from fastapi import FastAPI, Request, Header, HTTPException
from fastapi.responses import PlainTextResponse

app = FastAPI()

VERIFY_TOKEN = “your_verification_token”

@app.post(“/webhook”)
async def webhook(request: Request, authorization: str = Header(None)):
# Check authorization header
if authorization != VERIFY_TOKEN:
raise HTTPException(status_code=401, detail=”Unauthorized”)

# Get JSON payload if needed
body = await request.json()
print(“Received payload:”, body)

# Process event payload here
return PlainTextResponse(“OK”, status_code=200)

# Run with: uvicorn main:app — reload — port 3000

Implementing Zoom webhooks is a powerful way to build responsive, automated applications that react instantly to Zoom events, from meeting starts to participant actions and recording completions. By carefully selecting the relevant events, securing your webhook endpoints through token or signature verification, and reliably processing incoming data, you lay the foundation for robust integrations that elevate user experiences.

As you continue your Zoom development journey, consider how webhooks complement other Zoom developer tools like the App SDK and REST APIs, providing a complete ecosystem for building dynamic, efficient, and real-time interactions.

In our next blog, we will explore Integrating the Zoom SDK into web and mobile applications, diving into how you can embed Zoom’s powerful meeting and communication capabilities directly within your apps to create seamless user experiences across platforms.

Start experimenting today by configuring your webhook subscriptions, verifying your endpoints, and unlocking the true potential of Zoom’s event-driven architecture.

Setting the Foundation: Essential App Configuration

Before you begin working directly with Zoom APIs, it is crucial to understand and properly set up two key configuration elements that ensure your app integrates smoothly and securely within the Zoom environment.

1. Home URL: The Core Entry Point of Your Zoom App
   The Home URL serves as the main gateway to your application inside the Zoom client. When users launch your app, this is the first page they will see.

Why it matters:

• It defines the initial user experience and is the starting point for all app navigation and interaction.
• The Home URL is rendered within an iframe by Zoom, so your page must be HTTPS-secured and responsive to different screen sizes.
• For example, if your app’s dashboard is located at https://yourapp.com/dashboard, you should set this as your Home URL.

2. Domain Allow List: Defining Trusted Communication Boundaries
The Domain Allow List specifies which domains your app is permitted to interact with, both for API calls and embedded resources.

Why it’s important:

• It strengthens security by limiting your app’s communication to approved domains, reducing the risk of unauthorized data access or redirection.
• You should always include your API base URL, authentication endpoints, CDN addresses, and any third-party services your app depends on.

By carefully configuring the Home URL and Domain Allow List, you establish a secure and reliable foundation for your Zoom app, ensuring it functions as intended within the Zoom client and adheres to best security practices.

Enabling API Features: Configuring In-Client App Capabilities

To fully leverage Zoom APIs and in-client features, it’s essential to enable the correct capabilities within your Zoom App SDK settings. These configurations determine what your app can do inside the Zoom client and how it interacts with meeting participants and Zoom’s platform.

Key Features in “In-Client App Features”:

• Zoom App SDK
• Guest Mode
• In-Client OAuth
• Collaborate Mode
• Team Chat Subscription
• Add Shortcuts

For this guide, we’ll focus on the Zoom App SDK and its API capabilities.

Zoom App SDK and API Features: What They Enable

The Zoom App SDK is a JavaScript library that allows your app to communicate directly with the Zoom client, offering seamless integration with the meeting interface and its participants. By enabling this feature, your app gains access to a variety of built-in APIs and real-time events, including:

• Fetching meeting and user context: Retrieve real-time information about the current meeting, user roles, and session details.
• Sharing app content: Display custom content within the Zoom meeting, enhancing collaboration and engagement.
• Customizing meeting experiences: Modify elements of the meeting interface, such as virtual backgrounds or participant views, to create tailored experiences.
• Sending invitations and notifications: Programmatically invite users or send in-meeting notifications.
• Controlling backgrounds and recordings: Change virtual backgrounds or manage recording settings directly from your app.
• Accessing and modifying camera/mic settings: Retrieve and update audio/video settings, such as muting participants or switching cameras.

Supported Events and Contexts

The SDK supports a wide range of events, such as when a participant shares their screen, changes their audio/video settings, or when the meeting context changes. These events are available to hosts, co-hosts, panelists, and participants, and can be triggered in various contexts like meetings, webinars, and collaborative sessions.

Security and Authentication

Zoom Apps use industry-standard OAuth for user-level authentication and authorization, ensuring secure access to APIs and user data. You can further enhance security by restricting your app’s communication to trusted domains via the Domain Allow List.

By enabling and configuring these features, your app can interact deeply with the Zoom environment, providing users with dynamic, interactive, and secure experiences directly within the Zoom client.

Core Zoom APIs and Their Use Cases

Zoom provides a comprehensive set of APIs and SDK methods that allow your app to interact with meetings, users, and recordings within the Zoom client. Below is a breakdown of essential APIs, their primary purposes, and practical examples of how they can be used in real-world scenarios

Note: Some APIs, such as allowParticipantToRecord, may appear in different contexts (e.g., meeting vs. client, host vs. guest). Always ensure you are using the correct method for your specific use case.

Zoom Events: Building Responsive, Interactive Apps

Zoom’s SDK also provides event listeners, allowing your app to respond to real-time actions within a meeting. These events are crucial for creating interactive and dynamic experiences.

Implementation Notes:

• To use these APIs and event listeners, you must first configure your app using zoomSdk.config, specifying the APIs and events your app will use. This step is crucial for enabling secure and authorized communication between your app and the Zoom client.
• The Zoom Apps SDK provides a JavaScript interface for these features, and all API requests must be made over HTTPS for security.

By leveraging these core APIs and event listeners, you can build rich, interactive Zoom apps that respond to user actions and meeting events in real time, enhancing both functionality and user experience.

Real-Time Example: Building a Zoom-Based Polling App

Integrating interactive elements like polls directly into Zoom meetings elevates engagement and captures valuable feedback right within the Zoom client. Here’s how you can build a seamless polling experience using the Zoom Apps SDK:

Scenario: In-Meeting Polling for Feedback

Suppose you need a tool for quick audience polling during meetings without requiring participants to leave the Zoom application.

Implementation Workflow

1. Fetch Participants
   Use the getMeetingParticipants() API to retrieve an up-to-date list of all attendees in the session. This allows your polling UI to dynamically address the active audience.
2. Display Polling UI
   Host your polling user interface at your app’s Home URL, ensuring it is responsive and secured with HTTPS. This UI is rendered as the entry point inside Zoom, presented in an embedded iframe.
3. Collect and Sync Votes: (i) When participants cast their votes, use the postMessage() method to exchange data between the UI and the core app logic. (ii) To distribute poll results in real time or sync vote tallies across components, leverage the same messaging mechanism for fast, in-app updates.
4. Notify Users of Success
   Upon a successful vote submission, employ showNotification() to display a toast or banner within the Zoom client, confirming to the user that their vote was registered.
5. Invite Others to Vote
   Encourage greater participation by triggering a sendAppInvitation() event, which sends a personalized invite prompting more users to join the poll from within the meeting.
6. Synchronize State on Join
   Listen for the onMessage or onConnect events. When new attendees join, these listeners help update or sync the current poll state, so all users have the same, real-time view.

The result:
This approach makes your polling app blend naturally into the Zoom meeting experience — participants never have to switch tabs or use external tools. It’s responsive, collaborative, and feels native to the Zoom environment.

Tip: Zoom APIs enforce safeguards such as HTTPS and domain allow-lists for all app-server and client-server communications. Make sure your endpoints and authentication flow meet these security standards for a smooth user experience.

What’s Next?

The next part of this series will dive into setting up Webhooks. With Webhooks, your app can receive real-time notifications for critical events, such as attendees joining or leaving, or when a recording starts. This unlocks more automation and integration possibilities for your Zoom applications.

When you hear the word Zoom, you likely think of virtual meetings, webinars, or online classes. But did you know that Zoom also allows developers to build fully integrated applications inside its platform?

That’s right — Zoom is no longer just a video conferencing tool. With powerful features like APIs, Webhooks, and SDKs, it opens up an entire development ecosystem. You can build applications that enhance meeting experiences, automate workflows, and embed rich interactions directly into the Zoom interface.

About This Blog Series

This blog series will walk you through every essential step of Zoom app development. Here’s what we’ll cover across the upcoming posts:

• Setting up the environment for Zoom application development
• Using Zoom APIs to interact with meetings, users, and recordings
• Implementing Webhooks for real-time event notifications
• Integrating the Zoom SDK into web and mobile applications
• Designing a Zoom-native user interface to create a seamless experience
• Building a complete Zoom-based web application using all of the above tools

What This First Post Covers

In this introductory post, we will explore:

• What a Zoom application is
• Why developers are building apps on Zoom
• The advantages and limitations
• The different types of applications supported by Zoom

By the end, you’ll have a clear understanding of Zoom as a development platform and what you can expect from the rest of the series.

What is a Zoom Application?

A Zoom application is a software solution that integrates with Zoom’s ecosystem to extend or enhance its capabilities. These applications can help automate processes, improve workflows, and provide additional functionalities such as scheduling, recording management, analytics, and more.

Benefits of Building a Zoom Application

• Seamless Integration: Connect Zoom with other applications and services.
• Automation: Reduce manual work by automating meeting scheduling, user management, and more.
• Customization: Tailor Zoom features to suit specific business needs.
• Enhanced User Experience: Provide additional functionalities within the Zoom interface.

Pros and Cons of Zoom Applications

Pros:

✅ Easy integration with existing workflows. ✅ Scalable and flexible API. ✅ Wide range of use cases (education, business, healthcare, etc.).

Cons:

❌ Some API features require paid Zoom plans. ❌ Rate limits on API calls. ❌ Requires proper authentication and security considerations.

Types of Zoom Applications

Zoom provides developers with a versatile platform to create applications that integrate seamlessly with its services. Understanding the different types of Zoom applications is crucial for selecting the appropriate integration method for your specific use case. Here’s an in-depth look at each application type:

1. OAuth Apps (General Apps)

OAuth Apps utilize the OAuth 2.0 protocol to securely interact with Zoom’s APIs. This authentication method ensures that applications can perform actions on behalf of users with their consent, maintaining security and user trust.

Key Features:

• User Authorization: These apps require users to grant permission before the application can access their Zoom resources. This is typically done through an authorization flow where users log in and approve the app’s access.
• Access to Various Resources: Once authorized, OAuth Apps can manage users, schedule or modify meetings, access recordings, and perform other tasks permitted by the granted scopes.

Use Cases:

• Third-Party Integrations: Connecting Zoom with external services like CRM systems, learning management platforms, or marketing tools.
• Custom Dashboards: Developing personalized dashboards that display user-specific Zoom data, such as upcoming meetings or usage statistics.

Example:

A project management tool integrating with Zoom to allow users to schedule meetings directly from the project’s interface. The integration uses OAuth to request permissions from users to manage their meetings.

2. Webhook-Only Apps

Webhook-Only Apps are designed to receive real-time notifications from Zoom about specific events, enabling applications to respond promptly to changes or actions within Zoom.

Key Features:

• Event Subscriptions: Developers can subscribe to specific events, such as when a meeting starts, ends, or when a participant joins or leaves.
• Real-Time Data: Upon the occurrence of a subscribed event, Zoom sends an HTTP POST request to a predefined endpoint with details about the event.

Use Cases:

• Automated Workflows: Triggering processes in other systems when certain Zoom events occur, like updating attendance records when participants join a meeting.
• Notifications: Sending alerts or notifications to users or administrators based on specific events, such as when a meeting is about to start.

Example:

An educational platform that updates student attendance records automatically when they join or leave a Zoom class session, using webhooks to monitor participant activity.

3. Server-to-Server OAuth Apps

Server-to-Server OAuth Apps provide a secure method for server-side applications to authenticate and interact with Zoom APIs without direct user involvement. This approach is beneficial for internal applications that require administrative access to Zoom resources.

Key Features:

• Two-Legged OAuth: Unlike standard OAuth (three-legged), this method involves direct authentication between the application server and Zoom, eliminating the need for user authorization.
• Administrative Access: These apps can perform administrative tasks across the Zoom account, such as managing users, meetings, and other resources.

Use Cases:

• Internal Tools: Developing internal dashboards or tools for IT administrators to manage Zoom resources within an organization.
• Data Synchronization: Syncing Zoom data with internal databases or systems for reporting and analytics purposes.

Example:

An organization’s internal application that automatically provisions Zoom accounts for new employees and schedules onboarding meetings, utilizing Server-to-Server OAuth for authentication.

4. Zoom Apps

Zoom Apps are embedded applications that operate within the Zoom client, offering interactive and collaborative experiences directly inside Zoom meetings. These apps enhance the functionality of Zoom by providing additional tools and features accessible during meetings.

Key Features:

• In-Meeting Integration: Users can access these apps directly within the Zoom interface during meetings, allowing for seamless interaction without switching contexts.
• Interactive Features: Zoom Apps can provide real-time collaboration tools, such as whiteboards, polls, or document editing, enhancing participant engagement.

Use Cases:

• Enhanced Collaboration: Providing tools like shared notes, brainstorming boards, or project management features within meetings.
• Entertainment and Engagement: Offering games, icebreakers, or wellness activities to make meetings more engaging.

Example:

A brainstorming app that allows meeting participants to collaboratively create and organize ideas on a virtual whiteboard during a Zoom meeting.

By understanding these application types, developers can choose the most suitable method to integrate with Zoom, aligning with their project’s requirements and goals.

Steps to Create a Zoom Application

1. Setting Up a Zoom Developer Account

Before developing your application, you need to set up a Zoom Developer account:

1. Go to the Zoom App Marketplace.
2. Sign in with your Zoom account.
3. Click on Develop → Build App.

4. Choose the type of app based on your requirements.

2. Creating an General (OAuth-Based) Zoom Application

OAuth is the preferred method for building secure and scalable applications that interact with Zoom APIs. Follow these steps to create an OAuth application:

1. Select OAuth as the app type.
2. Enter the App Name and choose whether it is an account-level or user-level app.

3. Provide the Redirect URL (used for authentication callbacks).

What is a Redirect URL?

A redirect URL is a crucial component in OAuth authentication. It is the callback URL where Zoom sends the user after they have granted or denied authorization. This URL is used by your application to capture the authorization code and exchange it for an access token.

When a user clicks the Authorize button on Zoom’s OAuth consent page, Zoom sends an HTTP request to the redirect URL with a query parameter containing an authorization code. Your backend then processes this code and requests an access token to interact with Zoom’s APIs.

Why is the Redirect URL Important?

• It is required for OAuth authentication flow.
• It ensures that only trusted applications handle authentication responses.
• It prevents unauthorized redirections and token leaks.

Usage of ngrok in Redirect URLs

In local development, your application typically runs on http://localhost:8000, which is not accessible from the public internet. Since Zoom requires a publicly accessible redirect URL, this poses a challenge.

ngrok is a tool that creates a temporary public URL for your local server, allowing external services (like Zoom) to communicate with it.

Steps to Use ngrok:

1. Install ngrok (if not installed): download it from ngrok’s official website https://ngrok.com/docs
2. Start your FastAPI server (assuming it runs on port 8000): uvicorn (Filename):app — reload
3. Run ngrok to expose the local server: ngrok http 8000, This generates a public URL, e.g., https://abc123.ngrok.io.
4. Set the Redirect URL in Zoom:

• Go to your Zoom App settings.
• Set the OAuth Redirect URL as https://abc123.ngrok.io/zoom/oauth_redirect.

Python Example: Handling Zoom OAuth Redirect

Here’s a FastAPI endpoint that captures the authorization code, exchanges it for an access token, and logs the response.

FastAPI OAuth Redirect Implementation

from fastapi import FastAPI, Request, HTTPException

import requests

from starlette.responses import RedirectResponse

import logging

app = FastAPI()

logger = logging.getLogger(__name__)

# Replace with actual credentials

ZOOM_CLIENT_ID = “your_zoom_client_id”

ZOOM_CLIENT_SECRET = “your_zoom_client_secret”

REDIRECT_URI = “https://abc123.ngrok.io/zoom/oauth_redirect" # Use ngrok URL during development

@app.get(“/zoom/oauth_redirect”)

async def oauth_redirect(request: Request):

“””Handles the OAuth callback from Zoom”””

logger.info(“Received request to /zoom/oauth_redirect”)

try:

# Extract ‘code’ parameter from query params

code = request.query_params.get(“code”)

logger.info(f”Received code: {code}”)

if not code:

logger.error(“Missing ‘code’ parameter”)

raise HTTPException(status_code=400, detail=”Error: Missing ‘code’ parameter”)

# Exchange code for an access token

response = requests.post(“https://zoom.us/oauth/token", data={

“grant_type”: “authorization_code”,

“client_id”: ZOOM_CLIENT_ID,

“client_secret”: ZOOM_CLIENT_SECRET,

“code”: code,

“redirect_uri”: REDIRECT_URI

})

zoom_data = response.json()

logger.info(f”Zoom API response: {zoom_data}”)

if “access_token” in zoom_data:

access_token = zoom_data[“access_token”]

user_id = zoom_data.get(“user_id”)

logger.info(“Access token obtained successfully”)

return RedirectResponse(url=”/success”)

else:

logger.error(“Failed to obtain access token”)

return {“error”: “Failed to obtain access token”, “details”: zoom_data}

except Exception as e:

logger.error(f”Error in oauth_redirect: {str(e)}”, exc_info=True)

raise HTTPException(status_code=500, detail=f”Error: {str(e)}”)

How This Works:

1. User Authorization:

• The user clicks an authorize link:
  https://zoom.us/oauth/authorize?response_type=code&client_id=your_zoom_client_id&redirect_uri=https://abc123.ngrok.io/zoom/oauth_redirect
• Zoom asks the user to approve access.

2. Zoom Redirects the User:

• After approval, Zoom redirects the user to your specified redirect URL: https://abc123.ngrok.io/zoom/oauth_redirect?code=abcd1234

3. Authorization Code Exchange:

• Your FastAPI app extracts the code parameter.
• It sends a POST request to https://zoom.us/oauth/token to get an access token.

4. Handling the Response:

• If the response contains access_token, the user is authenticated.
• Otherwise, an error is returned.

5. Define API scopes based on the required functionalities, such as:

• Meeting Management: Create, update, or delete meetings.
• User Management: Retrieve and manage user information.
• Recording Access: Access cloud recordings.

6. Save and activate the application.

In the next blog, we will dive deeper into using Zoom APIs to interact with meetings, users, and recordings. Stay tuned for more insights on developing a Zoom-based application!