Logo
Zoom Public API Documentation

Request user authorization PKCE

GET https://zoom.us/oauth/token?response_type=code&client_id={{oAuthDevClientId}}&redirect_uri={{oAuthDevRedirectUri}}&code_challenge=

Step 1: Request User Authorization

Zoom supports Proof Key for Code Exchange (PKCE) when requesting user tokens. This offers better security by enabling clients to use a code challenge and code exchange as part of the initial user authorization request. See rfc7636 for more information.

Option 1: via Manual Header

To use this feature, send the code_challenge field and optional code_challenge_method field in Params in the user Authorization request. Then send the code_verifier field in the POST Request access token PKCE request params.

If Zoom verifies that the code_challenge and the code_verifier values match, the token endpoint continues processing. If they do not match, you will receive an invalid_grant error.

Option 2: via Auth Helper

Use the Authorization tab to both authorize and retrieve the access token with PKCE. Everything has been configured for you.

Developer Documentation:

 

Body PARAM

Key Datatype Required Description  
response_type
 string 
client_id
 string OAuth application's Development or Production Client ID. 
redirect_uri
 string URI to handle successful user authorization. Must match with Development or Production Redirect URI in your OAuth app settings. 
state
 null (Optional) An opaque value that you can use to maintain state between the request and callback. The authorization server appends the state value to the redirect URI. This is also useful to prevent cross-site request forgery. 
code_challenge
 null Required for PKCE. A challenge derived from the code verifier sent in the authorization request to verify against the code_verifier later. 
code_challenge_method
 string Optional. A method that was used to derive the code challenge. Defaults to "plain" if not present in the request. Code verifier transformation method is "S256" or "plain".



HEADERS

Key Datatype Required Description 




RESPONSES

status





Curl
curl -X GET 'https://zoom.us/oauth/token?response_type=code&client_id=Your app development client id from your OAuth Marketplace app for the oAuth authorization flow. The development client id and secret can be used for development testing API requests. &redirect_uri=Your dev production redirect URI for your OAuth marketplace app.&code_challenge=?response_type=code&client_id=Your app development client id from your OAuth Marketplace app for the oAuth authorization flow. The development client id and secret can be used for development testing API requests. &redirect_uri=Your dev production redirect URI for your OAuth marketplace app.&state=&code_challenge=&code_challenge_method=S256'

  • Ask Qodex

  • Introduction

  • FAQs

  • More

    Github

    Developer Website

    Claim this page

    Report this page

ENDPOINTS