Zoom OAuth FAQ & Troubleshooting

Frequently asked questions: Zoom OAuth integration

Can we use our existing Zoom OAuth app so users don’t need to OAuth twice?

Yes. You can use your existing Zoom OAuth app, as long as it has all required scopes.

If you want to manage the OAuth tokens on your end, instead of having Recall manage the tokens, you can follow the instructions for Customer Managed OAuth.

Will we be able to get the join token for local recording with Zoom workspace-level OAuth?

Yes. This integration works for both user-level and workspace-level OAuth.

Zoom Meeting SDK apps only provide user-level OAuth, so you will need to create a separate workspace-level OAuth App. You will also need to submit both your Zoom SDK app and your workspace-level Zoom OAuth App for review.

Will we be able to get the customer's access token if we use Recall Managed OAuth?

Yes. You can use the Get Access Token endpoint to fetch the customer's access token, if you're using Recall Managed OAuth.

What scopes should I request for an Account Level OAuth app?

  • user:read:admin
  • meeting:read:admin
  • meeting_token:read:admin:local_recording

My bot uses the Zoom OAuth integration. Why was it still not allowed to record?

While the Zoom OAuth integration allows bots to record meetings without requesting host permissions every call, the host can still activate a setting that restricts local recording in all of their meetings.

If this setting is active, bots will not be able to record meetings even if OAuth authorization permission has been granted.

This setting can be found in Zoom settings under the Recording tab, labelled “Hosts can give meeting participants permission to record locally."

Zoom URL Validation is Failing for my Webhook URL

This can happen for a number of reasons. The most common are:

  1. The URL you're providing is not correct. Please double check the URL
  2. Your Webhook Secret is not configured correctly. Please double check your Webhook Secret is correct.

Why do I need to provide my client_id and client_secret if I'm using Customer Managed OAuth?

If you're using Customer Managed OAuth, you don't need to provide the client_secret -- in the API call you can just provide a dummy string like "a".

We do need the client_id however to validate the JWT we receive from your callback URL.