Marketplace

• OpenAPI Version: 3.1.1
• API Version: 2

The Marketplace APIs allow developers to access data related to their app and its usage in the marketplace.

Servers

• URL: https://api.zoom.us/v2

Operations

Send app notifications

• Method: POST
• Path: /app/notifications
• Tags: App

Send app notifications to the Zoom Activity Center. (Note: This API endpoint only supports OAuth 2.0.)

Scopes: app:notification:read,app:notification:write

Granular Scopes: marketplace:write:notifications

Rate Limit Label: MEDIUM

Request Body

Content-Type: application/json

• message

  object — Message object, including text field

  • text

    string — App notification content.

• notification_id

  string — App-generated identifier.

• user_id

  string — The user's unique identifier.

Example:

{
  "notification_id": "0HTc4gWHRSCef82_KlfCOQ",
  "message": {
    "text": "hello, world!"
  },
  "user_id": "uGjCIsQsQ_KKW20xAkiHyw"
}

Responses

Status: 202 Success

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `400` <br> Invalid parameter: message <br> **Error Code:** `400` <br> Invalid parameter: text <br> **Error Code:** `400` <br> Invalid parameter: user_id <br>

Status: 401 **HTTP Status Code:** `401` <br> Unauthorized **Error Code:** `124` <br> Invalid access token. <br>

Status: 403 **HTTP Status Code:** `403` <br> Forbidden **Error Code:** `403` <br> Authenticated user has not permitted access to the targeted resource. <br> **Error Code:** `403` <br> App does not support notification feature. <br> **Error Code:** `403` <br> Account does not support notification feature. <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Status: 500 **HTTP Status Code:** `500` <br> Internal Server Error **Error Code:** `500` <br> Notification request sending failed. <br>

Get user's custom field values

• Method: GET
• Path: /marketplace/app/custom_fields
• Tags: App

Get custom field values for user.

Scopes: marketplace_custom_fields:read,marketplace_custom_fields:read:admin

Granular Scopes: marketplace:read:custom_fields:admin,marketplace:read:custom_fields

Rate Limit Label: HEAVY

Responses

Status: 200 Returns app-level custom field values configured by the user. Does not return any user-configured passwords.

Content-Type: application/json

Array of:

• field_id

  string — Field ID: The values of this field are used as dynamic variables

• type

  string, possible values: "plain_text_input", "radio_buttons", "checkboxes", "select", "fields_group", "datepicker" — Type of values

• value

  string — User defined custom field values

Example:

[
  {
    "field_id": "city_name",
    "type": "plain_text_input",
    "value": "San Jose"
  }
]

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `1001` <br> Invalid user <br>

Status: 401 **HTTP Status Code:** `401` <br> Unauthorized **Error Code:** `1500` <br> Invalid token <br>

Status: 403 **HTTP Status Code:** `403` <br> Forbidden **Error Code:** `1601` <br> Authorization Error <br> **Error Code:** `1403` <br> Insufficient permissions <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1401` <br> app is not found <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rate-limits/).

Get user or account event subscription

• Method: GET
• Path: /marketplace/app/event_subscription
• Tags: App

Returns event subscriptions for users or accounts.

Rate Limit Label: MEDIUM

Responses

Status: 200 **HTTP Status Code:** `200` User's event subscriptions for application returned.

Content-Type: application/json

All of:

• next_page_token

  string — The next page token paginates through a large set of results. The API returns a next page token whenever the set of available results exceeds the current page size. The expiration period for this token is 15 minutes.

• page_size

  number — The number of records returned with a single API call.

• event_subscriptions

  array

  Items:

  • created_source

    string, possible values: "default", "openapi" — The app's created source: * `default` &mdash; The app event subscriptions created in build flow. * `openapi` &mdash; The app event subscriptions created in open API.

  • custom_header

    object — Custom header configuration for event subscription webhook. This allows you to configure authentication headers that will be sent with webhook requests.

    • custom_header_type (required)

      integer, format: int8, possible values: 0, 1, 2, 3 — The type of custom header to use for authentication. * `0` - Default (no custom header) * `1` - Basic Authentication (requires username and password) * `2` - OAuth2 Token Authentication (requires client_id, client_secret, and token_url) * `3` - Custom Key-Value Header (requires custom_header_key and custom_header_value)

    • client_authentication

      string, possible values: "header", "body", default: "header" — The client authentication method for OAuth2 token requests. Only valid when `custom_header_type` is `2` (OAuth). * `header` - Send client credentials as Basic Auth header (default) * `body` - Send client credentials in request body

    • client_id

      string — The OAuth2 client ID. Required when `custom_header_type` is `2` (OAuth).

    • client_secret

      string — The OAuth2 client secret. Required when `custom_header_type` is `2` (OAuth).

    • custom_header_key

      string — The custom header key name. Required when `custom_header_type` is `3` (Custom Key-Value). Can only contain letters, numbers, and hyphens. Cannot contain spaces or line feeds.

    • custom_header_value

      string — The custom header value. Required when `custom_header_type` is `3` (Custom Key-Value). Cannot contain line feeds.

    • password

      string — The password for Basic Authentication. Required when `custom_header_type` is `1` (Basic Auth).

    • scope

      string — The OAuth2 scope parameter for limiting access token permissions. Optional, only valid when `custom_header_type` is `2` (OAuth).

    • state

      string — The OAuth2 state parameter for CSRF protection and request tracking. Optional, only valid when `custom_header_type` is `2` (OAuth).

    • token_url

      string, format: uri — The OAuth2 token endpoint URL. Required when `custom_header_type` is `2` (OAuth). Must be a valid HTTPS URL.

    • username

      string — The username for Basic Authentication. Required when `custom_header_type` is `1` (Basic Auth).

  • event_subscription_id

    string — The app event subscription's ID.

  • event_subscription_name

    string — The app event subscription's name.

  • event_webhook_url

    string — The event notification endpoint URL.

  • events

    array — The list of the subscribed event subscriptions.

    Items:

    string — The event's name.

  • subscriber_id

    string — The subscriber's ID.

  • subscription_scope

    string, possible values: "user", "account", "master_account", "team" — The app event subscription's scope * `user` &mdash; The app event subscription is for specific users. * `account` &mdash; The app event subscription is for all users in the account. * `master_account` &mdash; The app event subscription is for all users in the master account. * `team` &mdash; The app event subscription is for team in the account.

Example:

{
  "next_page_token": "eer587w4eiyfsudgf",
  "page_size": 30,
  "event_subscriptions": [
    {
      "event_subscription_id": "sFrBezKES3-UdcfMPXFA0A",
      "events": [
        "meeting.deleted"
      ],
      "event_subscription_name": "Example Event Subscription",
      "event_webhook_url": "https://www.example.com",
      "subscription_scope": "user",
      "created_source": "default",
      "subscriber_id": "5AATFjiUS0yEnELIMzQO4g",
      "custom_header": {
        "custom_header_type": 2,
        "username": "my_username",
        "password": "my_password",
        "client_id": "your_client_id",
        "client_secret": "your_client_secret",
        "token_url": "https://auth.example.com/oauth/token",
        "scope": "read:org write:user",
        "state": "request-123",
        "client_authentication": "body",
        "custom_header_key": "x-api-key",
        "custom_header_value": "your_api_key_value"
      }
    }
  ]
}

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `1500` <br> The subscription scope is invalid. <br> **Error Code:** `1500` <br> Team does not exist or does not belong to this account: {$teamId}. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1001` <br> User does not exist or does not belong to this account. <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Create an event subscription

• Method: POST
• Path: /marketplace/app/event_subscription
• Tags: App

Programmatically create event subscriptions for an authorized application.

Prerequisites

• An existing, authorized application.
• A valid access token obtained using the client_credentials authorization grant_type. See documentation for details.

Note These endpoints use app-specific scopes that won't appear in your Marketplace build flow, but will be included in the access token payload.

Rate Limit Label: HEAVY

Request Body

Content-Type: application/json

• event_webhook_url (required)

  string — The event notification endpoint URL.

• events (required)

  array

  Items:

  string — The event's name.

• subscription_scope (required)

  string, possible values: "user", "account", "master_account", "team" — The app event subscription's scope * `user` &mdash; The app event subscription is for specific users. * `account` &mdash; The app event subscription is for all users in the account. * `master_account` &mdash; The app event subscription is for all users in the master account. * `team` &mdash; The app event subscription is for team in the account, and only events from the contact center are supported.

• account_id

  string — The account's ID.

• custom_header

  object — Custom header configuration for event subscription webhook. This allows you to configure authentication headers that will be sent with webhook requests.

  • custom_header_type (required)

    integer, format: int8, possible values: 0, 1, 2, 3, default: 0 — The type of custom header to use for authentication. * `0` - Default (no custom header) * `1` - Basic Authentication (requires username and password) * `2` - OAuth2 Token Authentication (requires client_id, client_secret, and token_url) * `3` - Custom Key-Value Header (requires custom_header_key and custom_header_value)

  • client_authentication

    string, possible values: "header", "body", default: "header" — The client authentication method for OAuth2 token requests. Only valid when `custom_header_type` is `2` (OAuth). * `header` - Send client credentials as Basic Auth header (default) * `body` - Send client credentials in request body

  • client_id

    string — The OAuth2 client ID. Required when `custom_header_type` is `2` (OAuth).

  • client_secret

    string — The OAuth2 client secret. Required when `custom_header_type` is `2` (OAuth).

  • custom_header_key

    string — The custom header key name. Required when `custom_header_type` is `3` (Custom Key-Value). Can only contain letters, numbers, and hyphens. Cannot contain spaces or line feeds.

  • custom_header_value

    string — The custom header value. Required when `custom_header_type` is `3` (Custom Key-Value). Cannot contain line feeds.

  • password

    string — The password for Basic Authentication. Required when `custom_header_type` is `1` (Basic Auth).

  • scope

    string — The OAuth2 scope parameter for limiting access token permissions. Optional, only valid when `custom_header_type` is `2` (OAuth).

  • state

    string — The OAuth2 state parameter for CSRF protection and request tracking. Optional, only valid when `custom_header_type` is `2` (OAuth).

  • token_url

    string, format: uri — The OAuth2 token endpoint URL. Required when `custom_header_type` is `2` (OAuth). Must be a valid HTTPS URL.

  • username

    string — The username for Basic Authentication. Required when `custom_header_type` is `1` (Basic Auth).

• event_subscription_name

  string — The app event subscription's name.

• team_ids

  array — The team ID list.

  Items:

  string — The team's ID.

• user_ids

  array

  Items:

  string — The user's user ID list.

Example:

{
  "events": [
    "meeting.created"
  ],
  "event_subscription_name": "Example Event Subscription",
  "event_webhook_url": "https://www.example.com",
  "user_ids": [
    "_8KG7DeoRU2xIsDSY9ed2Q,90KG7DeoRU2xIsDSY9edwe"
  ],
  "subscription_scope": "user",
  "account_id": "pvg3UAgpRlyTDW-9sIpKcw",
  "custom_header": {
    "custom_header_type": 0,
    "username": "my_username",
    "password": "my_password",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "token_url": "https://auth.example.com/oauth/token",
    "scope": "read:org write:user",
    "state": "request-123",
    "client_authentication": "body",
    "custom_header_key": "x-api-key",
    "custom_header_value": "your_api_key_value"
  },
  "team_ids": [
    "JvOmav04Qf-BALiTESBQXw"
  ]
}

Responses

Status: 201 **HTTP Status Code:** `201` user create event subscription successfully.

Content-Type: application/json

• event_subscription_id

  string — The app event subscription's ID.

Example:

{
  "event_subscription_id": "0ZAaJY4dQ52BbwI9PArBLQ"
}

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `1003` <br> The user {$userId} missed permission to subscribe application events: {$eventName} <br> **Error Code:** `1300` <br> The user don't authorize the app: {$userId}. <br> **Error Code:** `1602` <br> The event is not allowed for the app: {$eventName} <br> **Error Code:** `1500` <br> The events list is empty. <br> **Error Code:** `1500` <br> The event webhook url is empty. <br> **Error Code:** `1500 ` <br> The subscription scope is invalid. <br> **Error Code:** `1500` <br> The username is required. <br> **Error Code:** `1500` <br> The length of username exceeds the limit of 256 <br> **Error Code:** `1500` <br> The input value can't contain line feed. <br> **Error Code:** `1500` <br> The password is required. <br> **Error Code:** `1500` <br> The length of password exceeds the limit of 256 <br> **Error Code:** `1500` <br> The client id is required. <br> **Error Code:** `1500` <br> The length of client id exceeds the limit of 256. <br> **Error Code:** `1500` <br> The client secret is required. <br> **Error Code:** `1500` <br> The length of client secret exceeds the limit of 256. <br> **Error Code:** `1500` <br> The token url is required. <br> **Error Code:** `1500` <br> The length of token url exceeds the limit of 1000. <br> **Error Code:** `1500` <br> The length of scope exceeds the limit of 255. <br> **Error Code:** `1500` <br> The length of state exceeds the limit of 255. <br> **Error Code:** `1500` <br> Client authentication must be 'header' or 'body'. <br> **Error Code:** `1500` <br> The custom header key is required. <br> **Error Code:** `1500` <br> The length of header key exceeds the limit of 256. <br> **Error Code:** `1500` <br> The input value can't contain space. <br> **Error Code:** `1500` <br> The custom header key can only contain letters, numbers, and -. <br> **Error Code:** `1500` <br> The custom header key is reserved by Zoom. <br> **Error Code:** `1500` <br> The custom header value is required. <br> **Error Code:** `1500` <br> The length of header value exceeds the limit of 256 <br> **Error Code:** `1500` <br> Team does not exist or does not belong to this account. <br> **Error Code:** `1500` <br> The size of team_ids exceed maximum. <br> **Error Code:** `1500` <br> Team does not exist or does not belong to this account: {$teamId}. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1001` <br> User does not exist or does not belong to this account: {$userId}. <br> **Error Code:** `1601` <br> App event not exists: {$eventName} <br> **Error Code:** `1701` <br> The event webhook url validate failed: {eventWebhookUrl}. <br> **Error Code:** `1801` <br> The custom header type validate failed: {customHeaderType}. <br> **Error Code:** `1702` <br> The Oauth token url validate failed: {oauthTokenUrl}. <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Unsubscribe to an app event subscription

• Method: DELETE
• Path: /marketplace/app/event_subscription
• Tags: App

Use this API endpoint to unsubscribe an event subscription.

Prerequisites

• An existing, authorized application.
• A valid access token obtained using the client_credentials authorization grant_type. See documentation for details.

Note These endpoints use app-specific scopes that won't appear in your Marketplace build flow, but will be included in the access token payload.

Rate Limit Label: MEDIUM

Responses

Status: 204 **HTTP Status Code:** `204` User unsubscribed from the event subscription successfully.

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `1500` <br> The size of team_ids exceed maximum. <br> **Error Code:** `1500` <br> Team does not exist or does not belong to this account: {$teamId}. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1001` <br> User does not exist or does not belong to this account: {$userId}. <br> **Error Code:** `1601` <br> App event subscription is invalid: {$eventSubscriptionId} <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Update an event subscription

• Method: PATCH
• Path: /marketplace/app/event_subscription
• Tags: App

Update an event subscription.

Rate Limit Label: LIGHT

Request Body

Content-Type: application/json

• event_subscription_id (required)

  string — The app event subscription's ID.

• custom_header

  object — Custom header configuration for event subscription webhook. This allows you to configure authentication headers that will be sent with webhook requests.

  • custom_header_type (required)

    integer, format: int8, possible values: 0, 1, 2, 3, default: 0 — The type of custom header to use for authentication. * `0` - Default (no custom header) * `1` - Basic Authentication (requires username and password) * `2` - OAuth2 Token Authentication (requires client_id, client_secret, and token_url) * `3` - Custom Key-Value Header (requires custom_header_key and custom_header_value)

  • client_authentication

    string, possible values: "header", "body", default: "header" — The client authentication method for OAuth2 token requests. Only valid when `custom_header_type` is `2` (OAuth). * `header` - Send client credentials as Basic Auth header (default) * `body` - Send client credentials in request body

  • client_id

    string — The OAuth2 client ID. Required when `custom_header_type` is `2` (OAuth).

  • client_secret

    string — The OAuth2 client secret. Required when `custom_header_type` is `2` (OAuth).

  • custom_header_key

    string — The custom header key name. Required when `custom_header_type` is `3` (Custom Key-Value). Can only contain letters, numbers, and hyphens. Cannot contain spaces or line feeds.

  • custom_header_value

    string — The custom header value. Required when `custom_header_type` is `3` (Custom Key-Value). Cannot contain line feeds.

  • password

    string — The password for Basic Authentication. Required when `custom_header_type` is `1` (Basic Auth).

  • scope

    string — The OAuth2 scope parameter for limiting access token permissions. Optional, only valid when `custom_header_type` is `2` (OAuth).

  • state

    string — The OAuth2 state parameter for CSRF protection and request tracking. Optional, only valid when `custom_header_type` is `2` (OAuth).

  • token_url

    string, format: uri — The OAuth2 token endpoint URL. Required when `custom_header_type` is `2` (OAuth). Must be a valid HTTPS URL.

  • username

    string — The username for Basic Authentication. Required when `custom_header_type` is `1` (Basic Auth).

• event_subscription_name

  string — The app event subscription's name.

• event_webhook_url

  string — The event notification endpoint URL.

• events

  array — The webhook events.

  Items:

  string — The event's name.

Example:

{
  "events": [
    "meeting.created"
  ],
  "event_subscription_name": "Example Event Subscription",
  "event_webhook_url": "https://www.example.com",
  "custom_header": {
    "custom_header_type": 0,
    "username": "my_username",
    "password": "my_password",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "token_url": "https://auth.example.com/oauth/token",
    "scope": "read:org write:user",
    "state": "request-123",
    "client_authentication": "body",
    "custom_header_key": "x-api-key",
    "custom_header_value": "your_api_key_value"
  },
  "event_subscription_id": "0ZAaJY4dQ52BbwI9PArBLQ"
}

Responses

Status: 204 **HTTP Status Code:** `204` user update event subscription successfully.

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `1602` <br> The event is not allowed for the app: {$eventName} <br> **Error Code:** `1500` <br> The events list is empty. <br> **Error Code:** `1500` <br> The event webhook url is empty. <br> **Error Code:** `1500` <br> The username is required. <br> **Error Code:** `1500` <br> The length of username exceeds the limit of 256 <br> **Error Code:** `1500` <br> The input value can't contain line feed. <br> **Error Code:** `1500` <br> The password is required. <br> **Error Code:** `1500` <br> The length of password exceeds the limit of 256 <br> **Error Code:** `1500` <br> The client id is required. <br> **Error Code:** `1500` <br> The length of client id exceeds the limit of 256. <br> **Error Code:** `1500` <br> The client secret is required. <br> **Error Code:** `1500` <br> The length of client secret exceeds the limit of 256. <br> **Error Code:** `1500` <br> The token url is required. <br> **Error Code:** `1500` <br> The length of token url exceeds the limit of 1000. <br> **Error Code:** `1500` <br> The length of scope exceeds the limit of 255. <br> **Error Code:** `1500` <br> The length of state exceeds the limit of 255. <br> **Error Code:** `1500` <br> Client authentication must be 'header' or 'body'. <br> **Error Code:** `1500` <br> The custom header key is required. <br> **Error Code:** `1500` <br> The length of header key exceeds the limit of 256. <br> **Error Code:** `1500` <br> The input value can't contain space. <br> **Error Code:** `1500` <br> The custom header key can only contain letters, numbers, and -. <br> **Error Code:** `1500` <br> The custom header key is reserved by Zoom. <br> **Error Code:** `1500` <br> The custom header value is required. <br> **Error Code:** `1500` <br> The length of header value exceeds the limit of 256 <br> **Error Code:** `1500` <br> The event subscription ID is required. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1601` <br> App event not exists: {$eventName} <br> **Error Code:** `1701` <br> The event webhook url validate failed: {eventWebhookUrl}. <br> **Error Code:** `1801` <br> The custom header type validate failed: {customHeaderType}. <br> **Error Code:** `1702` <br> The Oauth token url validate failed: {oauthTokenUrl}. <br> **Error Code:** `1601` <br> App event subscription is invalid: {$eventSubscriptionId} <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rate-limits/).

Delete an event subscription

• Method: DELETE
• Path: /marketplace/app/event_subscription/{eventSubscriptionId}
• Tags: App

Delete an event subscription.

Prerequisites

• An existing, authorized application.
• A valid access token obtained using the client_credentials authorization grant_type. See documentation for details.

Note: These endpoints use app-specific scopes that won't appear in your Marketplace build flow, but will be included in the access token payload.

Rate Limit Label: MEDIUM

Responses

Status: 204 **HTTP Status Code:** `204` delete event subscription successfully.

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1601` <br> App event subscription is invalid: {$eventSubscriptionId} <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Subscribe to an event subscription

• Method: PATCH
• Path: /marketplace/app/event_subscription/{eventSubscriptionId}
• Tags: App

Subscribe to an event subscription.

Prerequisites

• An existing, authorized application.
• A valid access token obtained using the client_credentials authorization grant_type. See documentation for details.

Note These endpoints use app-specific scopes that won't appear in your Marketplace build flow, but will be included in the access token payload.

Rate Limit Label: MEDIUM

Request Body

Content-Type: application/json

• account_id (required)

  string — The account's ID.

• team_ids

  array — The team ID list.

  Items:

  string — The team's ID.

• user_ids

  array

  Items:

  string — The user ID list for the user.

Example:

{
  "user_ids": [
    "_8KG7DeoRU2xIsDSY9ed2Q,90KG7DeoRU2xIsDSY9edwe"
  ],
  "account_id": "5AATFjiUS0yEnELIMzQO4g",
  "team_ids": "The team ID list."
}

Responses

Status: 204 **HTTP Status Code:** `204` user subscribe event subscription successfully.

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `1003` <br> The user: {$userId} missed permission to subscribe event subscriptions: {$eventSubscriptionId} <br> **Error Code:** `1002` <br> The user don't authorize the app: {$userId}. <br> **Error Code:** `1500` <br> The size of team_ids exceed maximum. <br> **Error Code:** `1500` <br> Team does not exist or does not belong to this account: {$teamId}. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1001` <br> User does not exist or does not belong to this account: {$userId} . <br> **Error Code:** `1601` <br> App event subscription is invalid: {$eventSubscriptionId} <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

List apps

• Method: GET
• Path: /marketplace/apps
• Tags: App

List all active and past app requests, or list all approved public and private apps.

Scopes: marketplace_app:read:admin

Granular Scopes: marketplace:read:list_apps:admin

Rate Limit Label: MEDIUM

Responses

Status: 200 **HTTP Status Code:** `200` App requests returned.

Content-Type: application/json

All of:

• next_page_token

  string — The next page token is used to paginate through large result sets. The API returns a next page token whenever the set of available results exceeds the current page size. The expiration period for this token is 15 minutes.

• page_size

  integer, default: 30 — The number of records returned with a single API call.

• apps

  array — Information about the app's user requests.

  Items:

  • app_description

    string — The app's short description

  • app_developer_type

    string, possible values: "THIRD_PARTY", "ZOOM", "INTERNAL" — The developer type of app: * `THIRD_PARTY` &mdash; app created by the third party. * `ZOOM` &mdash; app created by ZOOM. * `INTERNAL` &mdash; app created by your account members.

  • app_directory_url

    string — The app's detail page

  • app_help_url

    string — The app's support url

  • app_icon

    string — The app's icon

  • app_id

    string — The app's ID.

  • app_name

    string — The app's name.

  • app_privacy_policy_url

    string — The app's privacy policy url

  • app_status

    string, possible values: "PUBLISHED", "UNPUBLISHED", "SHARABLE", default: "PUBLISHED" — The app's publication status: * `PUBLISHED` &mdash; The app is published. * `UNPUBLISHED` &mdash; The app is not published. * `SHARABLE` &mdash; The app is sharable.

  • app_type

    string, possible values: "ZoomApp", "ChatBotApp", "OAuthApp", "GeneralApp", default: "OAuthApp" — The type of app: * `ZoomApp` &mdash; A Zoom app. * `ChatBotApp` &mdash; A ChatBot app. * `OAuthApp` &mdash; A OAuth app. * `GeneralApp` &mdash; A General app.

  • app_usage

    integer, possible values: 1, 2, default: 1 — The app's usage categorization: * `1` &mdash; The app is under admin management. * `2` &mdash; Users have access to the app.

  • approval_info

    object — app pre-approval info

    • app_approval_closed

      boolean — The app approval closed : * true — The app does not require admin approval for authorization. * false — The app requires admin approval for authorization.

    • approved_time

      string — The time when the application was approved.

    • approved_type

      string, possible values: "forAllUser", "forSpecificUser" — The approved type of app: * `forAllUser` &mdash; all user unber account are approved to authorize the app. * `forSpecificUser` &mdash; specific user or group are approved to authorize or use the app.

    • approver_id

      string — The user's ID who approved the app.

  • latest_request_date_time

    string, format: date-time — The latest app request's creation date and time. This field only returns when the `type` value is 'active'.

  • request_approved_number

    integer — The total number of approved app requests. This field only returns when the `type` value is `past`.

  • request_declined_number

    integer — The total number of declined app requests. This field only returns when the `type` value is `past`.

  • request_id

    string — The app request ID.

  • request_pending_number

    integer — The total number of pending app requests.

  • request_total_number

    integer — The total number of app requests.

  • restricted_time

    string — The time when the application was resticted.

  • review_date_time

    string, format: date-time — The time at which the user reviewed the app request. This field only returns when the `type` value is `past`.

  • reviewer_name

    string — The user who reviewed the app request. This field only returns when the `type` value is `past`.

  • scopes

    array — Information about the app scopes.

    Items:

    • scope_description

      string — The scope's description.

    • scope_name

      string — The scope's name.

Example:

{
  "next_page_token": "w7587w4eiyfsudgf",
  "page_size": 30,
  "apps": [
    {
      "app_id": "nqSreNVsQ2eGzUMGnA8AHA",
      "app_name": "Example App",
      "app_type": "ZoomApp",
      "app_usage": 1,
      "app_status": "PUBLISHED",
      "request_id": "zZLSQoL6S0OB6asaZ3zAOQ",
      "request_total_number": 8,
      "request_pending_number": 3,
      "request_approved_number": 2,
      "request_declined_number": 2,
      "latest_request_date_time": "2021-07-21T17:32:28Z",
      "reviewer_name": "Jill Chill",
      "review_date_time": "2021-07-21T17:32:28Z",
      "app_developer_type": "THIRD_PARTY",
      "app_description": "information about the app.",
      "app_icon": "https://marketplacecontent.zoom.us//oE98TDy1QymZ3nZs_uILrw/RxGA0jOvQU6aKxttLwQ2-A/app/B67xzmliS9-noBDwsGun1Q/KRUURXa-T6iQz7-S9bEO6A.png",
      "scopes": [
        {
          "scope_name": "View all users' team chat messages",
          "scope_description": "This app will gain access to the team chat channels. Please review its privacy policy first."
        }
      ],
      "app_privacy_policy_url": "https://www.example.com/privacy/policy",
      "app_directory_url": "https://marketplace.zoom.us/apps/{appId}",
      "app_help_url": "https://www.example.com/support",
      "restricted_time": "2024-03-21T17:32:28Z",
      "approval_info": {
        "approved_type": "forSpecificUser",
        "approver_id": "1gAKvx8fSUeTg-mHgmYTRA",
        "approved_time": "2024-03-21T14:32:28Z",
        "app_approval_closed": true
      }
    }
  ]
}

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `1505` <br> Internal server error, please try again. <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Create apps

• Method: POST
• Path: /marketplace/apps
• Tags: App

Create Server to Server OAuth, Meeting SDK or General apps in the Zoom Marketplace.

Scopes: marketplace_app:write,marketplace_app:write:admin

Granular Scopes: marketplace:write:app,marketplace:write:app:admin

Rate Limit Label: HEAVY

Request Body

Content-Type: application/json

• app_name (required)

  string — The app's name.

• app_type (required)

  string, possible values: "s2s_oauth", "meeting_sdk", "general" — The app's type: * `s2s_oauth` &mdash; Server to Server OAuth app. * `meeting_sdk` &mdash; Meeting SDK app. * `general`&mdash; UBF General app.

• company_name (required)

  string — The company's name.

• contact_email (required)

  string, format: email — The developer's email.

• contact_name (required)

  string — The developer's name.

• active

  boolean, default: false — Only valid for s2s_oauth app, whether to activate automatically: * `true` &mdash; Automatically activate the app after creation. It is required that at least one scope should be included in the input parameter. * `false` &mdash; Do not activate the app after creation.

• manifest

  object — An app manifest object. It should meet the valid manifest schema. If the app_type equals general, you need to pass this param. Manifest resources: https://developers.zoom.us/docs/build-flow/manifests/

• publish

  boolean, default: false — Only valid for meeting_sdk app, whether to publish the app to the Marketplace: * `true` &mdash; The app contains development credentials and production credentials. * `false` &mdash; The app contains only development credentials.

• scopes

  array — The scopes of the created app: * `s2s_oauth` &mdash; If `active` field is true, there must be at least one scope. * `meeting_sdk` &mdash; Will automatically include `user_zak:read` scope.

  Items:

  string

Example:

{
  "app_type": "s2s_oauth",
  "app_name": "My App",
  "scopes": [
    "meeting:read"
  ],
  "contact_name": "ZOOM",
  "contact_email": "example@example.com",
  "company_name": "ZOOM",
  "active": false,
  "publish": false,
  "manifest": {}
}

Responses

Status: 201 **HTTP Status Code:** `201` App created successfully.

Content-Type: application/json

• app_id

  string — The app's id.

• app_name

  string — The app's name.

• app_type

  string, possible values: "s2s_oauth", "meeting_sdk" — The app's type: * `s2s_oauth` &mdash; Server to Server OAuth app. * `meeting_sdk` &mdash; Meeting SDK app.

• created_at

  string, format: date-time — Date and time this app was created.

• development_credentials

  object — Only when the type is `meeting_sdk` and the `publish` field is true, there will be `production_credentials`

  • client_id

    string — The app's client id.

  • client_secret

    string — The app's client secret.

• production_credentials

  object — Only when the type is `meeting_sdk` and the `publish` field is true, there will be `production_credentials`

  • client_id

    string — The app's client id.

  • client_secret

    string — The app's client secret.

• scopes

  array — The app's scopes.

  Items:

  string

Example:

{
  "created_at": "2023-02-16T17:32:28Z",
  "app_id": "Bwpq5zXvQr-4PKhtYOD23g",
  "app_name": "My App",
  "app_type": "s2s_oauth",
  "scopes": [
    "meeting:read"
  ],
  "production_credentials": {
    "client_id": "2J5nVOGXQXCvXoRWyGQDow",
    "client_secret": "BzFOrwgq1Gw6KCsyeYnmETU5e4zakGwQ"
  },
  "development_credentials": {
    "client_id": "2J5nVOGXQXCvXoRWyGQDow",
    "client_secret": "BzFOrwgq1Gw6KCsyeYnmETU5e4zakGwQ"
  }
}

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `300` <br> * Validation Failed. <br>

Status: 401 **HTTP Status Code:** `401` <br> Unauthorized **Error Code:** `201` <br> * Invalid access token. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1500` <br> * The request body is missing required fields. For more information, see the API documentation. * Only `Server to Server OAuth` and `Meeting SDK` apps can be created. * Can't get account owner info. * Only account's owner can use this API. * Can't get account info. <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Get information about an app

• Method: GET
• Path: /marketplace/apps/{appId}
• Tags: App

Use this API to get app information.

Scopes: marketplace_app:read:admin,marketplace_app:read

Granular Scopes: marketplace:read:app,marketplace:read:app:admin

Rate Limit Label: MEDIUM

Responses

Status: 200 **HTTP Status Code:** `200` App information returned.

Content-Type: application/json

• app_description

  string — The app's description.

• app_id

  string — The app's ID.

• app_links

  object

  • documentation_url

    string — The app's documentation link.

  • privacy_policy_url

    string — The app's privacy policy link.

  • support_url

    string — The app's support link.

  • terms_of_use_url

    string — The app's terms of use link.

• app_name

  string — The app's name.

• app_permissions

  array — The app's permissions.

  Items:

  • group

    string — The app's permission group.

  • group_message

    string — The app's permission group message.

  • permissions

    array

    Items:

    • name

      string — The group payload's name.

  • title

    string — The app's group title.

• app_requirements

  object — The app requirements.

  • account_eligibility

    object — Eligibility requirements for app.

    • account_types

      array — The account types.

      Items:

      string — The account type name.

    • premium_events

      array — The premium events.

      Items:

      • event

        string — The premium event ID.

      • event_name

        string — The premium event name.

  • min_client_version

    string — The minimum client version required for the app.

  • user_role

    string, possible values: "admin", "user" — The user roles required to authorize or add the app: * `admin` &mdash; The user needs to have the ADMIN_MANAGEMENT role. * `user` &mdash; Every user can add this app.

• app_scopes

  array — The app scopes.

  Items:

  string — The app scope.

• app_status

  string, possible values: "PUBLISHED", "UNPUBLISHED", default: "PUBLISHED" — The app's publication status: * `PUBLISHED` &mdash; The app is published. * `UNPUBLISHED` &mdash; The app is not published.

• app_type

  string, possible values: "ZoomApp", "ChatBotApp", "OAuthApp", default: "OAuthApp" — The type of app: * `ZoomApp` &mdash; A Zoom app. * `ChatBotApp` &mdash; A ChatBot app. * `OAuthApp` &mdash; A OAuth app.

• app_usage

  integer, possible values: 1, 2, default: 1 — The app's usage categorization: * `1` &mdash; The app is under admin management. * `2` &mdash; Users have access to the app.

Example:

{
  "app_id": "nqSreNVsQ2eGzUMGnA8AHA",
  "app_name": "Example App",
  "app_description": "Example App description",
  "app_type": "ZoomApp",
  "app_usage": 1,
  "app_status": "PUBLISHED",
  "app_links": {
    "documentation_url": "https://xxxx",
    "privacy_policy_url": "https://xxxx",
    "support_url": "https://xxxx",
    "terms_of_use_url": "https://xxxx"
  },
  "app_permissions": [
    {
      "group": "View",
      "group_message": "App can view information",
      "title": "Associated with you",
      "permissions": [
        {
          "name": "Devices"
        }
      ]
    }
  ],
  "app_requirements": {
    "user_role": "admin",
    "min_client_version": "5.7.3",
    "account_eligibility": {
      "account_types": [
        "Free"
      ],
      "premium_events": [
        {
          "event_name": "Meeting participant data",
          "event": "meeting.participant_qos_summary"
        }
      ]
    }
  },
  "app_scopes": [
    "meeting:read"
  ]
}

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1401` <br> APP ID does not exist: {$appId} <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Deletes an app

• Method: DELETE
• Path: /marketplace/apps/{appId}
• Tags: App

Permanently delete an app on behalf of a user.

Scopes: marketplace_app:write,marketplace_app:write:admin

Granular Scopes: marketplace:write:app,marketplace:write:app:admin

Rate Limit Label: HEAVY

Responses

Status: 204 **HTTP Status Code:** `204` Application delete success

Status: 403 **HTTP Status Code:** `403` <br> Forbidden User not have permission to delete app

Status: 404 **HTTP Status Code:** `404` <br> Not Found App not found

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Get API call logs

• Method: GET
• Path: /marketplace/apps/{appId}/api_call_logs
• Tags: App

Get log of app's API calls.

Granular Scopes: marketplace:read:list_api_logs:admin

Rate Limit Label: MEDIUM

Responses

Status: 200 Api call logs result returned.

Content-Type: application/json

• call_logs

  array — The call log items

  Items:

  • http_status

    integer, possible values: 200, 201, 202, 203, 204, 205, 300, 301, 302, 303, 304, 305, 306, 307, 308, 400, 401, 403, 404, 405, 406, 408, 409, 429, 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, 511 — Http status of the call

  • method

    string, possible values: "GET", "HEAD", "POST", "PUT", "DELETE", "CONNECT", "OPTIONS", "TRACE", "PATCH" — Http method

  • time

    string — Unixtimestamp

  • trace_id

    string — The unique identifier for a request.

  • url_pattern

    string — Url pattern of the api call

• next_page_token

  string — The API uses the next page token to paginate through large result sets. It returns a next page token whenever the set of available results exceeds the current page size. The expiration period for this token is 15 minutes.

• page_size

  integer — The page size of the result

Example:

{
  "next_page_token": "b43YBRLJFg3V4vsSpxvGdKIGtNbxn9h9If2",
  "page_size": 30,
  "call_logs": [
    {
      "url_pattern": "https://zoom.us/v2/users/_DkLL5iMRW-p_6yhPocD4Q/assistants",
      "time": "1737704112808",
      "http_status": 200,
      "method": "GET",
      "trace_id": "v=2.0;clid=aw1;rid=ZTP_10094594754_scenario_10000000934_aw1_20250124T073509485Z"
    }
  ]
}

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `301` <br> Next page token is not valid <br> **Error Code:** `300` <br> Page size is not valid <br>

Status: 401 **HTTP Status Code:** `401` <br> Unauthorized The token used has expired or is invalid

Status: 403 **HTTP Status Code:** `403` <br> Forbidden The token used does not have sufficient permissions to access the API

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1401` <br> App id not exist <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Generate Zoom App Deeplink

• Method: POST
• Path: /marketplace/apps/{appId}/deeplink
• Tags: App

Create a Zoom App Deeplink.

Scopes: marketplace_app:write:admin

Granular Scopes: marketplace:write:app_deeplink:admin

Rate Limit Label: MEDIUM

Request Body

Content-Type: application/json

• action (required)

  string — The action of the deeplink, it's a user-defined string. Default length 2000, max length 9000.

• target (required)

  string, possible values: "meeting", "panel", "modal" — The target of the deeplink.

• type (required)

  integer, possible values: 1, 2, default: 1 — The type of deeplink. This value defaults to `1`. `1` - Generate a deeplink that opens Zoom App in-meeting if the meeting is in progress, if not opens Zoom App in Apps Tab. `2` - Generate a deeplink that refreshes Chat App Webview.

Example:

{
  "type": 1,
  "target": "meeting",
  "action": "openPageX"
}

Responses

Status: 201 Return deeplink.

Content-Type: application/json

• deeplink (required)

  string — Zoom App Deeplink

Example:

{
  "deeplink": "https://zoom.us/launch/chatapp/Zx_cSBEZUWRUMIf454A3sRpEzRp8kVmFINKvSBMok37i5bNRqtLbUxy681Qh_wVhFyW2AhyyF2LbtqSz9pFckUUupHg.wEt88YlHQpzp635x"
}

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `300` <br> Invalid action. Exceeded the maximum length of the value. <br>

Status: 401 **HTTP Status Code:** `401` <br> Unauthorized **Error Code:** `124` <br> Invalid access token. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1401` <br> App ID does not exist: $appId. <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rate-limits/).

Update app pre approval setting

• Method: POST
• Path: /marketplace/apps/{appId}/preApprove
• Tags: App

This API supports modifying the pre approval configuration of the app, including turning on the setting to the account, to specified users, to specified user groups, and turning off the pre approval.

Scopes: marketplace_app:write:admin

Granular Scopes: marketplace:write:app_pre_approve:admin

Rate Limit Label: MEDIUM

Request Body

Content-Type: application/json

• action

  string, possible values: "approve_all", "approve_user", "disapprove_user", "approve_group", "disapprove_group", "disapprove_all", default: "null" — The action with which to take with the app: * approve_all — Turn on app pre-approval and set it as the account. * approve_user — Add users to approved list and set it as the specific user/group. * disapprove_user — Remove users from approved list and set it as the specific user/group. * approve_group — Add groups to approved list and set it as the specific user/group. * disapprove_group — Remove groups from approved list and set it as the specific user/group. * disapprove_all — Turn off app pre-approval.

• group_ids

  array — If the action value is approve_group or disapprove_group, the group IDs to add or remove.Maximum limit of 20.

  Items:

  string — Zoom user group id

• user_ids

  array — If the action value is approve_user or disapprove_user, the user IDs to add or remove.Maximum limit of 20.

  Items:

  string — Zoom user Id

Example:

{
  "action": "approve_all",
  "user_ids": [
    "xurCXOI_Ty2RRNMv648OPw"
  ],
  "group_ids": [
    "JJcuSipRRS2JqYmk8mfBbA"
  ]
}

Responses

Status: 201 HTTP Status Code: 201 App pre-approval updated successfully.

Content-Type: application/json

• executed_at

  string — Date and time this request was executed.

• group_ids

  array — If the action value is approve_group or disapprove_group, the group IDs to add or remove.Maximum limit of 20.

  Items:

  string — Zoom user group id

• user_ids

  array — If the action value is approve_user or disapprove_user, the user IDs to add or remove.Maximum limit of 20.

  Items:

  string — Zoom user Id

Example:

{
  "executed_at": "2021-07-21T17:32:28Z",
  "user_ids": [
    "xurCXOI_Ty2RRNMv648OPw"
  ],
  "group_ids": [
    "JJcuSipRRS2JqYmk8mfBbA"
  ]
}

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `1500` <br> User can not pre approve this app <br> **Error Code:** `1404` <br> application_pre_approved_status_off <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1401` <br> App ID does not exist: {$appId} <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rate-limits/).

Get an app's user requests

• Method: GET
• Path: /marketplace/apps/{appId}/requests
• Tags: App

Use this API to get an app's user requests and the status of their approval.

Scopes: marketplace_app:read:admin

Granular Scopes: marketplace:read:app_request:admin

Rate Limit Label: MEDIUM

Responses

Status: 200 **HTTP Status Code:** `200` App user requests returned.

Content-Type: application/json

All of:

• next_page_token

  string — The next page token is used to paginate through large result sets. The API returns a next page token whenever the set of available results exceeds the current page size. The expiration period for this token is 15 minutes.

• page_size

  integer, default: 30 — The number of records returned with a single API call.

• requests

  array — Information about the users who have applied for app approval.

  Items:

  • reason

    string — The reason for the app request.

  • request_date_time

    string, format: date-time — The app request's creation date and time.

  • request_user_department

    string, format: email — The user's department.

  • request_user_email

    string, format: email — The user's email address.

  • request_user_id

    string — The user's ID.

  • request_user_name

    string — The user's name.

  • status

    string, possible values: "pending", "approved", "rejected", default: "pending" — The status of the user's app request: * `pending` &mdash; The request is pending approval. * `approved` - The request is approved. * `rejected` - The request is rejected.

Example:

{
  "next_page_token": "w7587w4eiyfsudgf",
  "page_size": 30,
  "requests": [
    {
      "request_user_id": "f1sTWCMaTmOIZxLMlmHvEQ",
      "request_user_name": "Jill Chill",
      "request_user_email": "jchill@example.com",
      "request_user_department": "department",
      "request_date_time": "2021-07-21T17:32:28Z",
      "reason": "I want to use this app.",
      "status": "pending"
    }
  ]
}

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1401` <br> App ID does not exist: {$appId} <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Add app allow requests for users

• Method: POST
• Path: /marketplace/apps/{appId}/requests
• Tags: App

Use this API to add app allow requests for all users, groups of users, or specific users.

Scopes: marketplace_app:write:admin

Granular Scopes: marketplace:write:app_request:admin

Rate Limit Label: LIGHT

Request Body

Content-Type: application/json

• action (required)

  string, possible values: "add_all", "add_user", "add_group" — The action with which to take with the app: * `add_all` &mdash; Add all user for the app. * `add_user` &mdash; Add specified user for the app. * `add_group` &mdash; Add specified group of user for the app.

• group_ids

  array — If the `action` value is `add_group`, the group IDs to add

  Items:

  string

• user_ids

  array — If the `action` value is `add_user`, the user IDs to add

  Items:

  string

Example:

{
  "action": "add_all",
  "user_ids": [
    "f1sTWCMaTmOIZxLMlmHvEQ"
  ],
  "group_ids": [
    "t-_-d56CSWG-7BF15LLrOw"
  ]
}

Responses

Status: 201 **HTTP Status Code:** `201` App added successfully.

Content-Type: application/json

• added_at

  string, format: date-time — Date and time this app was added.

• group_ids

  array — If the `action` value is `add_group`, the group IDs to add.

  Items:

  string

• user_ids

  array — If the `action` value is `add_user`, the user IDs to add.

  Items:

  string

Example:

{
  "added_at": "2021-07-21T17:32:28Z",
  "user_ids": [
    "f1sTWCMaTmOIZxLMlmHvEQ"
  ],
  "group_ids": [
    "t-_-d56CSWG-7BF15LLrOw"
  ]
}

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1401` <br> App ID does not exist: {$appId} <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Update app's request status

• Method: PATCH
• Path: /marketplace/apps/{appId}/requests
• Tags: App

Use this API to update an app's request status or update app status. Administrators can only agree to user-level apps.

Scopes: marketplace_app:write:admin

Granular Scopes: marketplace:update:app_request:admin

Rate Limit Label: LIGHT

Request Body

Content-Type: application/json

• action (required)

  string, possible values: "approve_all", "approve", "decline_all", "decline", "cancel" — The app's action: * `approve_all` &mdash; Approve all user requests for the app. * `approve` &mdash; Partially approve user requests the app. * `decline_all` &mdash; Reject all user requests for the app, users who have been approved will also be declined and the installed apps will be disabled. * `decline` &mdash; Partially reject user requests for app. * `cancel` &mdash; Cancel partially user requests for app.

• request_user_ids

  array — If the `action` value is `approve`, the user's request will be approved. If the `action` value is `decline`, the user's request will be rejected. If the `action` value is `cancel`, the user's request will be canceled.

  Items:

  string

Example:

{
  "action": "approve_all",
  "request_user_ids": [
    "f1sTWCMaTmOIZxLMlmHvEQ"
  ]
}

Responses

Status: 204 **HTTP Status Code:** `204` App request status updated.

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1401` <br> App ID does not exist: {$appId} <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Rotate client secret

• Method: POST
• Path: /marketplace/apps/{appId}/rotate_client_secret
• Tags: App

Create or update a marketplace application's client secret rotating schedule. To call this API, users need to use an OAuth token. The token's grant_type should be client_credentials. Users can only change client secret rotate schedule 3 times in 15 minutes.

Granular Scopes: marketplace:update:client_secret

Rate Limit Label: LIGHT

Request Body

Content-Type: application/json

• action (required)

  string, possible values: "new", "update" — `new` - Create a new client secret rotate schedule. `update` - Update `revoke_old_secret_time` of an existing client secret rotate schedule.

• revoke_old_secret_time (required)

  string, format: date-time — Old and new secret will both work until the old secret is revoked. To revoke the old secret immediately, set this value to `now`. To set a time to revoke the old secret, this value should be in UTC time format, `yyyy-MM-dd'T'HH:mm:ss'Z'`. When action = `new`, this time cannot exceed more than 30 days. When action = `update`, this time cannot exceed more than 30 days starting from the initial new request.

Example:

{
  "action": "update",
  "revoke_old_secret_time": "2025-03-14T12:34:56Z"
}

Responses

Status: 201 Rotate client secret successfully.

Content-Type: application/json

One of:

• new_secret (required)

  string — The new client secret.

• revoke_old_secret_time (required)

  string, format: date-time — The UTC time when the secret will be rotated. Can be 'now' or a specific time in UTC.

• secret_id (required)

  string — The secret ID of new client secret.

• revoke_old_secret_time (required)

  string, format: date-time — The UTC time when the secret will be rotated. The UTC time when the secret will be rotated. Can be 'now' or a specific time in UTC.

• secret_id (required)

  string — The secret ID of new client secret.

Example:

{
  "secret_id": "0dSHIBbdSYWCzlE8d9DKFw",
  "new_secret": "hjdgsuiuyer3956294832hjfgsjxf",
  "revoke_old_secret_time": "2025-03-15T12:34:56Z"
}

Status: 400 **HTTP Status Code:** `400` <br> Bad Request Request validation failed. **Error Code:** `1500` <br> Invalid format of request param `revoke_old_secret_time`. Should be in format `yyyy-MM-dd'T'HH:mm:ss'Z'` for example `2025-03-14T12:34:56Z`. <br> **Error Code:** `1500` <br> Invalid request parameter `action`. Can be `new` or `update`. <br> **Error Code:** `2000` <br> Working on processing your request. Can only change client secret rotate schedule 3 times in 15 minutes. <br> **Error Code:** `1500` <br> Missing request parameters. <br> **Error Code:** `2001` <br> Invalid value of request param `revoke_old_secret_time`. <br>

Status: 401 **HTTP Status Code:** `401` <br> Unauthorized Unauthorized **Error Code:** `201` <br> Invalid access token, does not contain scopes:[marketplace:update:client_secret]. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found Not found. **Error Code:** `1401` <br> App ID does not exist. <br> **Error Code:** `1401` <br> Secret ID does not exist. <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rate-limits/).

Get webhook logs

• Method: GET
• Path: /marketplace/apps/{appId}/webhook_logs
• Tags: App

Get users' webhook call logs and query records from the past 7 days.

Scopes: marketplace_app:read,marketplace_app:read:admin

Rate Limit Label: MEDIUM

Responses

Status: 200 **HTTP Status Code:** `200` Webhook logs info returned.

Content-Type: application/json

• next_page_token

  string — The API uses the next page token to paginate through large result sets. It returns a next page token whenever the set of available results exceeds the current page size. The expiration period for this token is 15 minutes.

• page_size

  integer — The page size of the result

• webhook_logs

  array — A list of webhook logs that match the specified query conditions.

  Items:

  • date_time

    string — The recorded time of the log.

  • endpoint

    string — The webhook callback url.

  • event

    string — The event's name.

  • failed_reason_type

    integer, possible values: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 — The reason type for connection error messages: * `1` &mdash; read time out. * `2` &mdash; connection refused. * `3` &mdash; hystrix fallback. * `4` &mdash; hystrix timeout. * `5` &mdash; async error. * `6` &mdash; DNS forbidden. * `7` &mdash; remote error. * `8` &mdash; in delegate white list. * `9` &mdash; cert error. * `10` &mdash; need instant retry. * `11` &mdash; host name verify failed. * `12` &mdash; TLS verify failed. * `13` &mdash; DNS resolve time out. * `14` &mdash; no client. * `15` &mdash; resource not found. * `16` &mdash; too many requests.

  • request_body

    string — The request body

  • request_headers

    string — The request header.

  • request_id

    string — The unique identifier for a webhook request, which remains unchanged across retry attempts.

  • response_body

    string — The response body.

  • response_headers

    string — The response headers.

  • retry_num

    integer, possible values: 0, 1, 2, 3 — The number of retry attempts for this webhook request. A value of 0 signifies that the request is the initial send and not a retry.

  • status

    integer — The http code returned from the endpoint. If the webhook is not sent to the endpoint due to an internal error, the status is `-1`

  • subscription_id

    string — The subscription's unique id.

  • trace_id

    string — A distributed tracing identifier used in this webhook request context, commonly used for troubleshooting. When multiple webhook events are triggered within the same context, they may share the same `trace_id`.

  • user_id

    string — The user's unique id.

Example:

{
  "next_page_token": "b43YBRLJFg3V4vsSpxvGdKIGtNbxn9h9If2",
  "page_size": 30,
  "webhook_logs": [
    {
      "event": "meeting.deleted",
      "status": 429,
      "failed_reason_type": 1,
      "user_id": "IYHrdpjrS3ubOf7rPkkg8w",
      "endpoint": "https://example.com",
      "subscription_id": "9qwt8mkBEW2O6fPuxBpXpA",
      "request_headers": "N/A",
      "request_body": "{\"event\":\"meeting.created\",\"payload\":{\"account_id\":\"oFPqQAp3Q0u3yLXXrWuQuy\",\"event_ts\":1663654515392}",
      "response_headers": "{\\\"Server\\\":\\\"nginx\\\",\\\"Content-Type\\\":\\\"text/html; charset=UTF-8\\\"}",
      "response_body": "Timeout connecting to server.",
      "date_time": "2022-09-09T08:11:387Z",
      "trace_id": "WEB_5f1752ba04e4ffeccde2f2a923c106f9",
      "request_id": "e8ca3e3c_0196_4dc8_9f9e_81217d9000e6",
      "retry_num": 0
    }
  ]
}

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `1506` <br> The 'retry_num' value must be an integer within the range of 0 to 3. <br>

Status: 401 **HTTP Status Code:** `401` <br> Unauthorized **Error Code:** `201` <br> You do not have permission to access the targeted resource. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1401` <br> APP ID does not exist: {$appId}. <br> **Error Code:** `1501` <br> The 'to' date must be after the 'from' date. <br> **Error Code:** `1502` <br> The date range must be within the last seven days. <br> **Error Code:** `1503` <br> The dates must follow the format: `yyyy-MM-dd'T'HH:mm:ss'Z'`. <br> **Error Code:** `1504` <br> The 'from' date must be before the current date(UTC). <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Get app user entitlements

• Method: GET
• Path: /marketplace/monetization/entitlements
• Tags: App

Get the app user's entitlements information.

Scopes: marketplace_entitlement:read:admin,marketplace_entitlement:read

Granular Scopes: marketplace:read:list_user_entitlements,marketplace:read:list_user_entitlements:admin

Rate Limit Label: HEAVY

Responses

Status: 200 **HTTP Status Code:** `200` Entitlement information returned.

Content-Type: application/json

Array of:

• id

  string — The entitlement ID.

• plan_id

  string — The UUID of the plan name.

• plan_name

  string — The name of the plan of the user with entitlements.

Example:

[
  {
    "id": "123e4567-e89b-12d3-a456-426655440000",
    "plan_name": "PRO",
    "plan_id": "f3318144-b66c-4c1e-a987-ebc224e2b706"
  }
]

Status: 403 **HTTP Status Code:** `403` <br> Forbidden **Error Code:** `1505` <br> Missing app permissions. Make sure marketplace_entitlement:read:admin scope is assigned. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1002` <br> No entitlements assigned to the user for the app. <br> **Error Code:** `1402` <br> app is not monetized <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Get a user's app requests

• Method: GET
• Path: /marketplace/users/{userId}/apps
• Tags: App

Use this API to get all of a user's app requests.

Scopes: marketplace_app:read:admin,marketplace_app:read

Granular Scopes: marketplace:read:list_user_app_requests:admin,marketplace:read:list_user_app_requests

Rate Limit Label: MEDIUM

Responses

Status: 200 **HTTP Status Code:** `200` User app requests returned.

Content-Type: application/json

All of:

• next_page_token

  string — The next page token is used to paginate through large result sets. The API returns a next page token whenever the set of available results exceeds the current page size. The expiration period for this token is 15 minutes.

• page_size

  integer, default: 30 — The number of records returned with a single API call.

• apps

  array

  Items:

  • app_id

    string — The app's ID.

  • app_name

    string — The app's name.

  • app_status

    string, possible values: "PUBLISHED", "UNPUBLISHED", default: "PUBLISHED" — The app's publication status: * `PUBLISHED` &mdash; The app is published. * `UNPUBLISHED` &mdash; The app is not published.

  • app_type

    string, possible values: "ZoomApp", "ChatBotApp", "OAuthApp", default: "OAuthApp" — The type of app: * `ZoomApp` &mdash; A Zoom app. * `ChatBotApp` &mdash; A ChatBot app. * `OAuthApp` &mdash; A OAuth app.

  • app_usage

    integer, possible values: 1, 2, default: 1 — The app's usage categorization: * `1` &mdash; The app is under admin management. * `2` &mdash; Users have access to the app.

  • request_date_time

    string, format: date-time — The app request's creation date and time. This field only returns when the `type` value is 'active'.

  • request_id

    string — The app request ID.

  • request_status

    string, possible values: "pending", "approved", "rejected", default: "pending" — The status of the user's app request: * `pending` &mdash; The request is pending approval. * `approved` - The request is approved. * `rejected` - The request is rejected.

Example:

{
  "next_page_token": "w7587w4eiyfsudgf",
  "page_size": 30,
  "apps": [
    {
      "app_id": "nqSreNVsQ2eGzUMGnA8AHA",
      "app_name": "Example App",
      "app_type": "ZoomApp",
      "app_usage": 1,
      "app_status": "PUBLISHED",
      "request_id": "zZLSQoL6S0OB6asaZ3zAOQ",
      "request_date_time": "2021-07-21T17:32:28Z",
      "request_status": "pending"
    }
  ]
}

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1001` <br> User does not exist or does not belong to this account. <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Enable or disable user app subscription

• Method: PATCH
• Path: /marketplace/users/{userId}/apps/{appId}/subscription
• Tags: App

Enable or disable a user's app subscription.

Scopes: marketplace_app:write:admin

Granular Scopes: marketplace:write:app:admin

Rate Limit Label: LIGHT

Request Body

Content-Type: application/json

• action (required)

  string, possible values: "enable", "disable" — Enable or disable a user's app subscription.

Example:

{
  "action": "enable"
}

Responses

Status: 204 **HTTP Status Code:** `204` App subscription status updated.

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1001` <br> User does not exist or does not belong to this account. <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rate-limits/).

Get a user's entitlements

• Method: GET
• Path: /marketplace/users/{userId}/entitlements
• Tags: App

Get a user's entitlements.

Prerequisites

• An existing, authorized application.
• A valid access token obtained using the client_credentials authorization grant_type. See documentation for details.

Note These endpoints use app-specific scopes that won't appear in your Marketplace build flow, but will be included in the access token payload.

Scopes: marketplace_entitlement:read,marketplace_entitlement:read:admin

Granular Scopes: marketplace:read:list_user_entitlements,marketplace:read:list_user_entitlements:admin

Rate Limit Label: MEDIUM

Responses

Status: 200 **HTTP Status Code:** `200` User entitlements returned.

Content-Type: application/json

• entitlements

  array — The entitlements.

  Items:

  • entitlement_id

    integer, format: int64 — The entitlement ID.

Example:

{
  "entitlements": [
    {
      "entitlement_id": 1
    }
  ]
}

Status: 401 **HTTP Status Code:** `401` <br> Unauthorized **Error Code:** `201` <br> This API only supports OAuth2 for authorization. <br> Unauthenticated users are not permitted access to the targeted resource. <br>

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1002` <br> No entitlements assigned to the user for the app <br>

Status: 409 **HTTP Status Code:** `409` <br> Conflict **Error Code:** `1402` <br> App is not monetized <br>

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Generate an app deeplink

• Method: POST
• Path: /zoomapp/deeplink
• Tags: Apps

Create an app deeplink.

Scopes: app:deeplink:write,app:deeplink:write:admin

Rate Limit Label: Medium

Request Body

Content-Type: application/json

• action

  string — The action of the deeplink, it's a user-defined string.

• type

  integer, possible values: 1, 2 — The type of deeplink. * `1` &mdash; Generate a deeplink that opens Zoom App in-meeting if the meeting is in progress, if not opens Zoom App in Apps Tab. \n* `2` &mdash; Generate a deeplink that refreshes Chat App Webview. This value defaults to `1`.

• user_id

  string — The 'userId' property of the app deeplink. This field only applies to account level OAuth token.

Example:

{
  "type": 1,
  "user_id": "D40dy5L7SJiSTayIvRV9Lw",
  "action": "openPageX"
}

Responses

Status: 200 **Status Code:** `200`

Content-Type: application/json

• deeplink

  string — The app deeplink.

Example:

{
  "deeplink": "https://zoom.us/launch/chatapp/Zx_cSBEZUWRUMIf454A3sRpEzRp8kVmFINKvSBMok37i5bNRqtLbUxy681Qh_wVhFyW2AhyyF2LbtqSz9pFckUUupHg.wEt88YlHQpzp635x"
}

Status: 400 **HTTP Status Code:** `400` <br> Bad Request **Error Code:** `124` <br> Invalid access token. **Error Code:** `300` <br> Invalid action. The maximum length of the value is 256.

Status: 404 **HTTP Status Code:** `404` <br> Not Found **Error Code:** `1001` <br> User does not exist: $userId.

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Validate an app manifest

• Method: POST
• Path: /marketplace/apps/manifest/validate
• Tags: Manifest

Validates an app manifest.

Scopes: marketplace_app:read,marketplace_app:read:admin

Granular Scopes: marketplace:read:app,marketplace:read:app:admin

Rate Limit Label: MEDIUM

Request Body

Content-Type: application/json

• manifest (required)

  object — The manifest to be validated. It's validated according to the manifest schema

• app_id

  string — The ID of the app whose configuration you want to validate.

Example:

{
  "manifest": {},
  "app_id": "Zvga6CFZTn6XwMUVbdxCZg"
}

Responses

Status: 200 The typical success response.

Content-Type: application/json

• error

  string — This field returns an rrror code.

• errors

  array — The error list.

  Items:

  • message (required)

    string — The error message.

  • setting (required)

    string — Indicator to error field.

• ok

  boolean — Whether the check is successful.

Example:

{
  "ok": false,
  "error": "invalid_manifest",
  "errors": [
    {
      "message": "Event Subscription requires either Request URL or Socket Mode Enabled",
      "setting": "/settings/event_subscriptions"
    }
  ]
}

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Export an app manifest from an existing app

• Method: GET
• Path: /marketplace/apps/{appId}/manifest
• Tags: Manifest

Exports an app's manifest file.

Scopes: marketplace_app:read,marketplace_app:read:admin

Granular Scopes: marketplace:read:app,marketplace:read:app:admin

Rate Limit Label: MEDIUM

Responses

Status: 200 Get app's manifest

Content-Type: application/json

• manifest

  object — The manifest data of the app.

Example:

{
  "manifest": {}
}

Status: 404 **HTTP Status Code:** `404` <br> Not Found App not exists

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).

Update an app by manifest

• Method: PUT
• Path: /marketplace/apps/{appId}/manifest
• Tags: Manifest

Updates an app from an app manifest

Scopes: marketplace_app:write,marketplace_app:write:admin

Granular Scopes: marketplace:write:app,marketplace:write:app:admin

Rate Limit Label: HEAVY

Request Body

Content-Type: application/json

• manifest (required)

  object — An app manifest object. It should meet valid manifest schema. This API replaces the entire previous configuration. As a result, the manifest needs to contain all modified and unmodified fields.

Example:

{
  "manifest": {}
}

Responses

Status: 204 Update app successfully.

Status: 400 **HTTP Status Code:** `400` <br> Bad Request The app manifest format is invalid

Status: 403 **HTTP Status Code:** `403` <br> Forbidden The current user does not have permission to edit this app.

Status: 429 **HTTP Status Code:** `429` <br> Too Many Requests. For more information, see [rate limits](https://developers.zoom.us/docs/api/rest/rate-limits/).