App Credentials

App credentials consist of the client ID and the client secret.

Caution Any app with your client ID and secret can access your Zoom data. Sharing it is like sharing your username and password, violating Zoom's terms of use.

The Client ID in a Zoom app is a unique identifier assigned to your application when you register it in the Zoom App Marketplace. It is used in authentication and authorization processes, particularly when integrating your app with Zoom's APIs.

The Client Secret is a confidential key assigned to your Zoom app when you register it on the Zoom App Marketplace. It is used in combination with the Client ID to authenticate and authorize your app securely.

The build flow provides two app credentials for your app: production and development. It is important that you use the correct app credentials when submitting your app for review.

  • Use the Production client ID for the initial request to publish your app. Initial (first time) submissions are also called "Create" requests.
  • Use the Development client ID when:
    • Submitting app updates. Reviewers use this ID to test updated scopes.
    • Testing your app during development before it's published.

Common mistakes

  • Using production credentials when submitting a request to publish your app. When submitting a publish request, make sure your request includes the production credentials.

    Example:

    https://zoom.us/oauth/authorize?response_type=code&client_id=CLIENT_ID[PROD]&redirect_uri=https://example.integration.test/zoom/login/callback
    ```

  • Using development credentials when submitting updates. For more information, see Why your app requires a production environment to create requests?

When to use development credentials

  • Testing OAuth authentication (before app is published) When setting up OAuth for user authorization, the development client ID and client secret are used to generate access tokens.

    Example OAuth request during development:

    bashCopyEditPOST https://zoom.us/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&code=DEV_AUTHORIZATION_CODE
&redirect_uri=YOUR_DEV_REDIRECT_URI
&client_id=YOUR_DEV_CLIENT_ID
&client_secret=YOUR_DEV_CLIENT_SECRET

  • Testing webhooks (before app is published) Webhooks configured in the development environment will use development credentials to validate events (e.g., meeting start, end, participant join).

  • Using development API keys for SDK apps If you're developing an app using the Zoom SDK (e.g., for embedding Zoom meetings), development credentials are needed to initialize the SDK and test functionality.

  • Sandbox testing before production deployment You can simulate real-world scenarios using development credentials without impacting production users.

When to switch to production credentials

  • When your app is fully tested and ready for real users.
  • When you submit your app for Zoom Marketplace approval.
  • When transitioning from local testing to a live production environment.