title	description	updated_date
Zoom API	How to create and use Zoom API OAuth tokens for accessing Zoom resources.	2025-10-24T16:45:21Z

What we need

[] Account ID [] Client ID [] Client Secret

Prerequisites

Before setting up Zoom API access, ensure you meet these requirements:

Paid Plan: A Zoom paid account is required for full API access. Free accounts have limited API functionality.
Admin-level Permissions: You need admin access to create and manage API credentials.

Zoom does not support the OAuth 2.0 Client Credentials Grant

Zoom primarily supports these OAuth flows:

Authorization Code Grant (used for user or account-level apps)

-JWT (legacy) -Server-to-Server OAuth

Creating a Zoom Server-to-Server OAuth App

Follow these steps to set up authentication using Server-to-Server OAuth:

Log in to the Zoom App Marketplace
- Visit the Zoom App Marketplace
- Sign in with your Zoom admin account
Create a new Server-to-Server OAuth app
- Click on Develop in the top-right corner
- Select Build App from the dropdown menu
- Choose Server-to-Server OAuth as the app type
- Fill in the required app information:
  - App Name
  - App Description
  - Developer Contact Information
Configure App Settings
- In the App Credentials section, note your Client ID and Client Secret
- Define one or more Redirect URLs for OAuth (if applicable, though not used for token requests)
- Under Scopes, add the specific permissions your integration needs:
  - For user information: user:read:user, user:read:list_users:admin
  - For meetings: meeting:read:meeting, meeting:read:list_meetings:admin, report:read:admin
  - For teams: team:read:team, team:read:list_teams:admin
  - For phone calls (if Zoom Phone is enabled): phone:read
  - Add other scopes as needed for your specific use case
Activate your app
- Go to the Activation tab
- Click Activate your app
- Your app is now ready to use

Requesting a Server-to-Server OAuth Token

To obtain a temporary access token using your app credentials:

Request user authorization
- Direct the user to Zoom’s authorization URL:
```
https://zoom.us/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI
```
- The user will be prompted to authorize your app
- After authorization, Zoom redirects to your redirect URI with an authorization code

Exchange the authorization code for an access token

Send a POST request to https://zoom.us/oauth/token
Use the following parameters:

   POST https://zoom.us/oauth/token

   Headers:
   Authorization: Basic {base64_encoded_credentials}
   Content-Type: application/x-www-form-urlencoded

   Body:
   grant_type=client_credentials

Use the access token

The response will include an access_token and expires_in value
Include this token in your API requests:
```
Authorization: Bearer {access_token}
```
Note: Tokens typically expire after 1 hour

Alternative: Server-to-Server OAuth (S2S)

For server applications that don’t require user interaction, Zoom offers Server-to-Server OAuth:

Create a Server-to-Server OAuth app
- In the Zoom Marketplace, select Develop > Build App
- Choose Server-to-Server OAuth as the app type (instead of “OAuth”)
- Complete the app information (App Name, Description, etc.)
- Add required scopes under the Scopes tab
- Activate your app

Request an access token

Send a POST request to https://zoom.us/oauth/token
Use the following parameters:

POST https://zoom.us/oauth/token

Headers:
Authorization: Basic {base64_encoded_client_id:client_secret}
Content-Type: application/x-www-form-urlencoded

Body:
grant_type=client_credentials

Example Token Request (curl)

      # Encode client_id:client_secret in Base64
      # Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with your actual credentials
      AUTH_HEADER=$(echo -n "YOUR_CLIENT_ID:YOUR_CLIENT_SECRET" | base64)

      # Request the token
      curl -X POST https://zoom.us/oauth/token \
      -H "Authorization: Basic $AUTH_HEADER" \
      -H "Content-Type: application/x-www-form-urlencoded" \
      -d "grant_type=client_credentials"

Item Checklist for Integration

Zoom account with paid plan
Admin-level access to the Zoom account
Client ID from your Server-to-Server OAuth app
Client Secret from your Server-to-Server OAuth app
Defined API scopes for your integration (using Granular Scopes introduced in April 2024)

Note on Zoom OAuth Scopes

As of April 2024, Zoom has introduced a new “Granular Scopes” system that replaces the older “Classic Scopes” system. All new Zoom app integrations should use these Granular Scopes. The documentation above has been updated to reflect these new scopes.

For reference, here’s a mapping between common Classic Scopes and their Granular Scope equivalents:

Purpose	Classic Scope	Granular Scope
Read user info	`user:read`	`user:read:user`
Read all users (admin)	`user:read:admin`	`user:read:list_users:admin`
Read meetings	`meeting:read`	`meeting:read:meeting`
Read all meetings (admin)	`meeting:read:admin`	`meeting:read:list_meetings:admin`
Report user’s past meetings (admin)	`report:read:admin`	`report:read:user:admin`
Read phone info	`phone:read:admin`	`phone:read`
Read Account phone history	`phone_call_log:read`	`phone:read:list_call_logs:admin`, `phone:read:list_call_logs`

For a complete list of available scopes, refer to the Zoom API Granular Scopes documentation.