API Authorization & Authentication-Unified Build Flow Application-OAuth App Authorization & Authentication-OAuth 2.0 with PKCE
Number of APIs: 3
POST https://zoom.us/oauth/revoke
Supply the Navigate to the Auth tab and under Remember, you can always use the [global variables] feature and syntax within Qodex or directly paste those values in the respective form fields if you do not wish to edit/use the global variables feature. Alternatively, you can clear the Auth tab fields, and use the If you go this route, make sure to re-check the Once you're done, send the POST request to Here's an example request to revoke an access token: If successful, the response body will be a JSON representation of your user's refreshed access token like this: Developer Documentation:Revoking an Access Token
access_token you wish to revoke to the query params.Basic Auth fill in the following:
Headers tab per our Zoom documentation.Headers key-value field boxes and Base64-encode the Client_ID:Client_Secret (with the colon between the two and no spaces) before pasting in the Authorization value field.https://zoom.us/oauth/revoke (already pre-populated in this request for you).POST /oauth/revoke HTTP/1.1
Host: zoom.us
Authorization: Basic base64Encode(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 4
token=[ACCESS TOKEN]
{
"status": "success"
}
POST https://zoom.us/oauth/token
Access tokens expire after one hour. Once expired, you will have to refresh a user's access token. Take the Navigate to the Auth tab and under Remember, you can always use the [global variables] feature and syntax within Qodex or directly paste those values in the respective form fields if you do not wish to edit/use the global variables feature. Alternatively, you can clear the Auth tab fields, and use the If you go this route, make sure to re-check the Once you're done, send the POST request to Here's an example request for a refresh token: If successful, the response body will be a JSON representation of your user's refreshed access token like this: Developer Documentation:Refreshing an Access Token
refresh_token value you received from your POST request access token response and paste it in the refresh_token field in Params.Basic Auth and fill in the following:
Headers tab per our Zoom documentation.Headers key-value field boxes and Base64-encode your Client_ID:Client_Secret (with the colon between the two and no spaces) before pasting in the Authorization value field.https://zoom.us/oauth/token (already pre-populated in this request for you).POST /oauth/token HTTP/1.1
Host: zoom.us
Authorization: Basic base64Encode(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded
refresh_token=[REFRESH TOKEN]&grant_type=refresh_token
{
"access_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ3Mzk0LCJleHAiOjE1ODAxNTA5OTQsInRva2VuVHlwZSI6ImFjY2Vzc190b2tlbiIsImlhdCI6MTU4MDE0NzM5NCwianRpIjoiPEpUST4iLCJ0b2xlcmFuY2VJZCI6MjZ9.5c58p0PflZJdlz4Y7PgMIVCrQpHDnbM565iCKlrtajZ5HHmy00P5FCcoMwHb9LxjsUgbJ7653EfdeX5NEm6RoA",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ3Mzk0LCJleHAiOjIwNTMxODczOTQsInRva2VuVHlwZSI6InJlZnJlc2hfdG9rZW4iLCJpYXQiOjE1ODAxNDczOTQsImp0aSI6IjxKVEk-IiwidG9sZXJhbmNlSWQiOjI2fQ.DwuqOzywRrQO2a6yp0K_6V-hR_i_mOB62flkr0_NfFdYsSqahIRRGk1GlUTQnFzHd896XDKf_FnSSvoJg_tzuQ",
"expires_in": 3599,
"scope": "user:read"
}
3. Request user authorization PKCE
GET https://zoom.us/oauth/token?response_type=code&client_id={{oAuthDevClientId}}&redirect_uri={{oAuthDevRedirectUri}}&code_challenge=
Zoom supports Proof Key for Code Exchange (PKCE) when requesting user tokens. This offers better security by enabling clients to use a code challenge and code exchange as part of the initial user authorization request. See rfc7636 for more information. To use this feature, send the If Zoom verifies that the Use the Authorization tab to both authorize and retrieve the access token with PKCE. Everything has been configured for you.Step 1: Request User Authorization
Option 1: via Manual Header
code_challenge field and optional code_challenge_method field in Params in the user Authorization request. Then send the code_verifier field in the POST Request access token PKCE request params.code_challenge and the code_verifier values match, the token endpoint continues processing. If they do not match, you will receive an invalid_grant error.Option 2: via Auth Helper
Developer Documentation:
ENDPOINTS