API Authorization & Authentication-Unified Build Flow Application-OAuth App Authorization & Authentication-OAuth 2.0
Number of APIs: 4
GET https://zoom.us/oauth/authorize?response_type=code&client_id={{oAuthDevClientId}}&redirect_uri={{oAuthDevRedirectUri}}
Click the Params tab. If this is your first time authorizing Zoom API access, update the To verify that this is your first time, and to test the manual OAuth 2.0 process, navigate to the Local Test tab of your app and check if it says After updating the Now paste that URL in the browser you logged into the Zoom App Marketplace and using to test this flow and hit enter. Follow the prompt to authorize the app. Once you consent, you'll be redirected to a new page confirming the authorization. You'll also see a new url with a 'code' query parameter includes.Copy this 'code' query parameter. It's needed for the Proceed to the next request in this collection to continue.Step 1: Request User Authorization
client_id and redirect_uri variables with the appropriate fields from the App Credentials tab of your OAuth app from the Zoom App Marketplace.added
. If so, click remove
before proceeding with the next action.client_id and redirect_uri variables in the Qodex Params tab, the URL should resemble this: https://zoom.us/oauth/authorize?response_type=code&client_id={{ClientID}}&redirect_uri={{redirect_uri}}POST Request access token.
Developer Documentation:
POST https://zoom.us/oauth/token
Navigate to the Auth tab and under Basic Auth and fill in the following: Remember, you can always use the [global variables] feature and syntax within Qodex or directly paste those values in the respective form fields if you do not wish to edit/use the global variables feature. Alternatively, you can clear the Auth tab fields, and use the Headers tab per our Zoom documentation. If you go this route, make sure the Headers key-value field boxes are selected and Base64-encode your Once you're done, send the POST request to If successful, the Response Body will be a JSON response containing the user's access token like the following:Step 2: Request Access Token
Client_ID:Client_Secret (with the colon between the two and no spaces) before pasting in the Authorization value field.https://zoom.us/oauth/token(already pre-populated in this request for you).{
"access_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ2OTkzLCJleHAiOjE1ODAxNTA1OTMsInRva2VuVHlwZSI6ImFjY2Vzc190b2tlbiIsImlhdCI6MTU4MDE0Njk5MywianRpIjoiPEpUST4iLCJ0b2xlcmFuY2VJZCI6MjV9.F9o_w7_lde4Jlmk_yspIlDc-6QGmVrCbe_6El-xrZehnMx7qyoZPUzyuNAKUKcHfbdZa6Q4QBSvpd6eIFXvjHw",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ2OTkzLCJleHAiOjIwNTMxODY5OTMsInRva2VuVHlwZSI6InJlZnJlc2hfdG9rZW4iLCJpYXQiOjE1ODAxNDY5OTMsImp0aSI6IjxKVEk-IiwidG9sZXJhbmNlSWQiOjI1fQ.Xcn_1i_tE6n-wy6_-3JZArIEbiP4AS3paSD0hzb0OZwvYSf-iebQBr0Nucupe57HUDB5NfR9VuyvQ3b74qZAfA",
"expires_in": 3599,
"scope": "user:read:admin"
}
Developer Documentation:
POST https://zoom.us/oauth/revoke
Supply the Navigate to the Auth tab and under Remember, you can always use the [global variables] feature and syntax within Qodex or directly paste those values in the respective form fields if you do not wish to edit/use the global variables feature. Alternatively, you can clear the Auth tab fields, and use the If you go this route, make sure to re-check the Once you're done, send the POST request to Here's an example request to revoke an access token: If successful, the response body will be a JSON representation of your user's refreshed access token like this: Developer Documentation:Revoking an Access Token
access_token you wish to revoke to the query params.Basic Auth fill in the following:
Headers tab per our Zoom documentation.Headers key-value field boxes and Base64-encode the Client_ID:Client_Secret (with the colon between the two and no spaces) before pasting in the Authorization value field.https://zoom.us/oauth/revoke (already pre-populated in this request for you).POST /oauth/revoke HTTP/1.1
Host: zoom.us
Authorization: Basic base64Encode(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 4
token=[ACCESS TOKEN]
{
"status": "success"
}
POST https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token={{oAuthDevRefreshToken}}
Access tokens expire after one hour. Once expired, you will have to refresh a user's access token. Take the Navigate to the Auth tab and under Remember, you can always use the [global variables] feature and syntax within Qodex or directly paste those values in the respective form fields if you do not wish to edit/use the global variables feature. Alternatively, you can clear the Auth tab fields, and use the If you go this route, make sure to re-check the Once you're done, send the POST request to Here's an example request for a refresh token: If successful, the response body will be a JSON representation of your user's refreshed access token like this: Developer Documentation:Refreshing an Access Token
refresh_token value you received from your POST request access token response and paste it in the refresh_token field in Params.Basic Auth and fill in the following:
Headers tab per our Zoom documentation.Headers key-value field boxes and Base64-encode your Client_ID:Client_Secret (with the colon between the two and no spaces) before pasting in the Authorization value field.https://zoom.us/oauth/token (already pre-populated in this request for you).POST /oauth/token HTTP/1.1
Host: zoom.us
Authorization: Basic base64Encode(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded
refresh_token=[REFRESH TOKEN]&grant_type=refresh_token
{
"access_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ3Mzk0LCJleHAiOjE1ODAxNTA5OTQsInRva2VuVHlwZSI6ImFjY2Vzc190b2tlbiIsImlhdCI6MTU4MDE0NzM5NCwianRpIjoiPEpUST4iLCJ0b2xlcmFuY2VJZCI6MjZ9.5c58p0PflZJdlz4Y7PgMIVCrQpHDnbM565iCKlrtajZ5HHmy00P5FCcoMwHb9LxjsUgbJ7653EfdeX5NEm6RoA",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ3Mzk0LCJleHAiOjIwNTMxODczOTQsInRva2VuVHlwZSI6InJlZnJlc2hfdG9rZW4iLCJpYXQiOjE1ODAxNDczOTQsImp0aSI6IjxKVEk-IiwidG9sZXJhbmNlSWQiOjI2fQ.DwuqOzywRrQO2a6yp0K_6V-hR_i_mOB62flkr0_NfFdYsSqahIRRGk1GlUTQnFzHd896XDKf_FnSSvoJg_tzuQ",
"expires_in": 3599,
"scope": "user:read"
}
ENDPOINTS