Logo
Zoom Public API Documentation

API Authorization & Authentication-Unified Build Flow Application-OAuth App Authorization & Authentication-OAuth 2.0

Number of APIs: 4


1. Request user authorization

GET https://zoom.us/oauth/authorize?response_type=code&client_id={{oAuthDevClientId}}&redirect_uri={{oAuthDevRedirectUri}}

Step 1: Request User Authorization

Click the Params tab.

If this is your first time authorizing Zoom API access, update the client_id and redirect_uri variables with the appropriate fields from the App Credentials tab of your OAuth app from the Zoom App Marketplace.

To verify that this is your first time, and to test the manual OAuth 2.0 process, navigate to the Local Test tab of your app and check if it says added. If so, click remove before proceeding with the next action.

After updating the client_id and redirect_uri variables in the Qodex Params tab, the URL should resemble this: https://zoom.us/oauth/authorize?response_type=code&client_id={{ClientID}}&redirect_uri={{redirect_uri}}

Now paste that URL in the browser you logged into the Zoom App Marketplace and using to test this flow and hit enter. Follow the prompt to authorize the app. Once you consent, you'll be redirected to a new page confirming the authorization. You'll also see a new url with a 'code' query parameter includes.Copy this 'code' query parameter. It's needed for the POST Request access token.

Proceed to the next request in this collection to continue.


Developer Documentation:



2. Request access token

POST https://zoom.us/oauth/token

Step 2: Request Access Token

Navigate to the Auth tab and under Basic Auth and fill in the following:

  • Username: [Client_ID]
  • Password: [Client_Secret]

Remember, you can always use the [global variables] feature and syntax within Qodex or directly paste those values in the respective form fields if you do not wish to edit/use the global variables feature.

Alternatively, you can clear the Auth tab fields, and use the Headers tab per our Zoom documentation.

If you go this route, make sure the Headers key-value field boxes are selected and Base64-encode your Client_ID:Client_Secret (with the colon between the two and no spaces) before pasting in the Authorization value field.

Once you're done, send the POST request to https://zoom.us/oauth/token(already pre-populated in this request for you).

If successful, the Response Body will be a JSON response containing the user's access token like the following:

{
  "access_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ2OTkzLCJleHAiOjE1ODAxNTA1OTMsInRva2VuVHlwZSI6ImFjY2Vzc190b2tlbiIsImlhdCI6MTU4MDE0Njk5MywianRpIjoiPEpUST4iLCJ0b2xlcmFuY2VJZCI6MjV9.F9o_w7_lde4Jlmk_yspIlDc-6QGmVrCbe_6El-xrZehnMx7qyoZPUzyuNAKUKcHfbdZa6Q4QBSvpd6eIFXvjHw",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ2OTkzLCJleHAiOjIwNTMxODY5OTMsInRva2VuVHlwZSI6InJlZnJlc2hfdG9rZW4iLCJpYXQiOjE1ODAxNDY5OTMsImp0aSI6IjxKVEk-IiwidG9sZXJhbmNlSWQiOjI1fQ.Xcn_1i_tE6n-wy6_-3JZArIEbiP4AS3paSD0hzb0OZwvYSf-iebQBr0Nucupe57HUDB5NfR9VuyvQ3b74qZAfA",
  "expires_in": 3599,
  "scope": "user:read:admin"
}


Developer Documentation:



3. Revoke an access token

POST https://zoom.us/oauth/revoke

Revoking an Access Token

Supply the access_token you wish to revoke to the query params.

Navigate to the Auth tab and under Basic Auth fill in the following:

  • Username: [Client_ID]
  • Password: [Client_Secret]

Remember, you can always use the [global variables] feature and syntax within Qodex or directly paste those values in the respective form fields if you do not wish to edit/use the global variables feature.

Alternatively, you can clear the Auth tab fields, and use the Headers tab per our Zoom documentation.

If you go this route, make sure to re-check the Headers key-value field boxes and Base64-encode the Client_ID:Client_Secret (with the colon between the two and no spaces) before pasting in the Authorization value field.

Once you're done, send the POST request to https://zoom.us/oauth/revoke (already pre-populated in this request for you).

Here's an example request to revoke an access token:

POST /oauth/revoke HTTP/1.1
Host: zoom.us
Authorization: Basic base64Encode(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 4
token=[ACCESS TOKEN]

If successful, the response body will be a JSON representation of your user's refreshed access token like this:

{
  "status": "success"
}


Developer Documentation:



4. Refresh access token

POST https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token={{oAuthDevRefreshToken}}

Refreshing an Access Token

Access tokens expire after one hour. Once expired, you will have to refresh a user's access token.

Take the refresh_token value you received from your POST request access token response and paste it in the refresh_token field in Params.

Navigate to the Auth tab and under Basic Auth and fill in the following:

  • Username: [Client_ID]
  • Password: [Client_Secret]

Remember, you can always use the [global variables] feature and syntax within Qodex or directly paste those values in the respective form fields if you do not wish to edit/use the global variables feature.

Alternatively, you can clear the Auth tab fields, and use the Headers tab per our Zoom documentation.

If you go this route, make sure to re-check the Headers key-value field boxes and Base64-encode your Client_ID:Client_Secret (with the colon between the two and no spaces) before pasting in the Authorization value field.

Once you're done, send the POST request to https://zoom.us/oauth/token (already pre-populated in this request for you).

Here's an example request for a refresh token:

POST /oauth/token HTTP/1.1
Host: zoom.us
Authorization: Basic base64Encode(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded
refresh_token=[REFRESH TOKEN]&grant_type=refresh_token

If successful, the response body will be a JSON representation of your user's refreshed access token like this:

{
  "access_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ3Mzk0LCJleHAiOjE1ODAxNTA5OTQsInRva2VuVHlwZSI6ImFjY2Vzc190b2tlbiIsImlhdCI6MTU4MDE0NzM5NCwianRpIjoiPEpUST4iLCJ0b2xlcmFuY2VJZCI6MjZ9.5c58p0PflZJdlz4Y7PgMIVCrQpHDnbM565iCKlrtajZ5HHmy00P5FCcoMwHb9LxjsUgbJ7653EfdeX5NEm6RoA",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ3Mzk0LCJleHAiOjIwNTMxODczOTQsInRva2VuVHlwZSI6InJlZnJlc2hfdG9rZW4iLCJpYXQiOjE1ODAxNDczOTQsImp0aSI6IjxKVEk-IiwidG9sZXJhbmNlSWQiOjI2fQ.DwuqOzywRrQO2a6yp0K_6V-hR_i_mOB62flkr0_NfFdYsSqahIRRGk1GlUTQnFzHd896XDKf_FnSSvoJg_tzuQ",
  "expires_in": 3599,
  "scope": "user:read"
}


Developer Documentation:



ENDPOINTS