# Chatbot OAuth

<!-- WARNING: THIS FILE WAS AUTOGENERATED! DO NOT EDIT! -->

Account-level OAuth apps can also be Chatbot apps, just as Chatbot apps can be account-level OAuth apps; however, OAuth apps and Chatbots have different authentication flows.

Combining OAuth and Chatbot functionality into one app will require you to implement two authorization flows for both OAuth and Chatbot tokens.

## Requesting an OAuth and Chatbot token

Direct the user to `https://zoom.us/oauth/authorize` with the following query parameters:

| Query Parameter | Description                                                                                                                     |
| --------------- | ------------------------------------------------------------------------------------------------------------------------------- |
| `response_type` | Access response type being requested. The supported authorization workflow requires the value `code`.                           |
| `redirect_uri`  | URI to handle successful user authorization. Must match with Development or Production Redirect URI in your OAuth app settings. |
| `client_id`     | OAuth application's Development or Production Client ID.                                                                        |

### Example

```plaintext
https://zoom.us/oauth/authorize?response_type=code&client_id=U1RqQ9UsQo6hd6fJQWFLQ&redirect_uri=https://example.com
```

This URL is the same as the Add Button link on the Zoom App Marketplace.

If this is the first time that you are requesting authorization from a user, the user will be prompted by Zoom to authorize access for your app.

![](/img/1609265392050.png)

If authorized, the user will be redirected to the redirect_uri with the authorization code in the code query parameter.

```plaintext
https://example.com/?code=obBEe8ewaL_KdyNjniT4KPd8ffDWt9fGB
```

Notice the code returned in the redirect URL. Follow **Step 2** in [Requesting an access token](#step-2-request-access-token) to obtain an OAuth access token.

To get a Chatbot token, make a POST request to `https://zoom.us/oauth/token` with the following query parameters and authorization header:

| Query Parameter | Description                 |
| --------------- | --------------------------- |
| `grant_type`    | Value `client_credentials`. |

| Authorization Header | Description                                                                                                                                                                                          |
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Authorization        | The string "Basic" with your Client ID and Client Secret with a colon (`:`) in between, Base64-encoded. For example, `Client_ID:Client_Secret` Base64-encoded is `Q2xpZW50X0lEOkNsaWVudF9TZWNyZXQ=`. |

### Example request

```plaintext
POST https://zoom.us/oauth/token?grant_type=client_credentials
```

**Request headers**

```json
{
    "Authorization": "Basic Q2xpZW50X0lEOkNsaWVudF9TZWNyZXQ="
}
```

If successful, the response body will be a JSON representation of the Chatbot token:

```json
{
    "access_token": "<JWT_TOKEN>",
    "token_type": "bearer",
    "expires_in": 3599,
    "scope": "imchat:bot"
}
```

Chatbot tokens expire after one hour.

## Using a Chatbot token

Make requests to the [Chatbot API](/docs/chat/send-edit-and-delete-messages) by sending the Chatbot token as the Authorization Bearer header:

```javascript
"Authorization": "Bearer <CHATBOT_TOKEN>"
```

### Example request

```plaintext
POST https://api.zoom.us/v2/im/chat/messages
```

**Request headers**

```json
{
    "Authorization": "Bearer <JWT_TOKEN>"
}
```

**Request body**

```json
{
    "robot_jid": "v1zx6cy00psoylshypvg-iuq@xmpp.zoom.us",
    "to_jid": "kdykjnimt4kpd8kkdqt9fq@xmpp.zoom.us",
    "account_id": "gVcjZnWWRLWvv_GtyGuaxg",
    "content": {
        "head": {
            "text": "Hello World"
        }
    }
}
```

If successful, the response body will be a JSON representation of the sent Chatbot message:

```json
{
    "message_id": "20191218175454248_UvRlxOz_aw1",
    "robot_jid": "v1zx6cy00psoylshypvg-iuq@xmpp.zoom.us",
    "sent_time": "2019-12-18 17:54:54",
    "to_jid": "kdykjnimt4kpd8kkdqt9fq@xmpp.zoom.us"
}
```

![Chatbot Message](/img/1580159786763.png)

## Refreshing a Chatbot token

Refreshing a Chatbot token is the same process as requesting a Chatbot token. Make a POST request to `https://zoom.us/oauth/token` with the following query parameters and authorization header:

| Query Parameter | Description                 |
| --------------- | --------------------------- |
| `grant_type`    | Value `client_credentials`. |

| Authorization Header | Description                                                                                                                                                                                          |
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Authorization        | The string "Basic" with your Client ID and Client Secret with a colon (`:`) in between, Base64-encoded. For example, `Client_ID:Client_Secret` Base64-encoded is `Q2xpZW50X0lEOkNsaWVudF9TZWNyZXQ=`. |

### Example request

```plaintext
POST https://zoom.us/oauth/token?grant_type=client_credentials
```

**Request headers**

```json
{
    "Authorization": "Basic Q2xpZW50X0lEOkNsaWVudF9TZWNyZXQ="
}
```

If successful, the response body will be a JSON representation of your refreshed Chatbot token:

```json
{
    "access_token": "<JWT_TOKEN>",
    "token_type": "bearer",
    "expires_in": 3599,
    "scope": "imchat:bot"
}
```

Chatbot tokens expire after one hour.