FAQ
Zoom SDK App Review FAQ
How long does the Zoom SDK Application review take?
It typically takes 2-3 weeks.
Is a pentest required for the zoom app review
No, it is not required. However, in Zoom's words, if you don’t have a third party pentest:
It would be helpful to provide the Zoom review team with additional documents that demonstrate that you developed your application with security in mind.
This can be in the form of an SSDLC, security/privacy policy for your users, an incident response plan, dependency management policy etc. For an SSDLC, it is typically a written document (can be as short as a page, as long as it’s comprehensive) that outlines the security design of your app from requirements, through development, to production.
When we go through the Zoom SDK Key publishing process, does this mean our app will be listed on the Zoom Marketplace?
Yes. Your Zoom SDK app will be listed on the Zoom Marketplace. If you don't want the SDK app to be publicly listed, you can mention in the Zoom publishing review notes that you don't want your app to be listed.
OAuth - My app is already approved but I want to add OAuth scopes. Do I resubmit my current app or create a new one?
You can re-submit your current app after adding the necessary scopes. Your app will continue to work as-expected in production until your new submission is approved.
Why was my app rejected?
If your app was rejected for any reason, the Zoom app reviewer will provide information detailing why it was rejected. You can find this information in the App Notes as shown below.
The Zoom reviewer is wondering why I need the user:read
scope. How do I explain this?
user:read
scope. How do I explain this?If you're using the OAuth integration, a Zoom app reviewer might ask why you need the user:read
scope.
We suggest responding with the following:
Our application uses OAuth integration to provide a seamless recording experience for users. Since personal meeting ID's are commonly used to host meetings by our users, and we'd like to provide the benefits of OAuth permissions for all of their meetings (including meetings hosted using their PMI), our application need the
user:read
scope to fetch users' personal meeting IDs from Zoom's Get User endpoint so we can provide OAuth tokens accordingly.Without this scope, we can't provide these tokens for Personal Meeting ID's, which would prevent our users from leveraging OAuth functionality for these meetings.
Why can't my users install my Zoom App?
Some Zoom workspaces require administrators to approve apps before they can be downloaded to the workspace. If your users are seeing a message like "Unable to install this app because it needs pre-approval by your account admin", they'll need to request pre-approval from their Zoom administrator.
This can be done by searching your app on the Zoom Marketplace. On the application page, the user will see an option to request pre-approval from their Zoom admin. Once they request approval, the admin will receive an email from [email protected] with details on how to approve your application. After it's approved, the user will be able to install the Zoom app.
Updated 12 days ago