Identify Zoom users and accounts
The Zoom Apps framework provides the ability to identify users in these ways:
| Method | How It Works | What You Get | Notes |
|---|---|---|---|
| zoomSdk.authorize() | Call in your web app's frontend JavaScript to initiate in-Client OAuth. | A user-level OAuth token. Use this to call Zoom's REST API (e.g. /users/me) to retrieve user details such as email and account info. |
|
| X-Zoom-App-Context (HTTP header) | When the app homepage loads, the request includes an X-Zoom-App-Context header. Your backend can decrypt this. | User's uid (user ID). | Backend only. Useful for server-side user mapping. |
| zoomSdk.getAppContext() | Call from frontend JavaScript at any time after the app is loaded. | Encrypted appContext data (same as in X-Zoom-App-Context header). | Use if you need app context again after the initial load. |
| zoomSdk.openUrl() | Open a third-party OAuth flow from inside the Zoom App. | Initiates an external OAuth authorization. | Optional. Use for third-party integrations. |
Handle user and session identity
Your front-end application must be able to refresh the user or session identity if the session expires or if the user clears the Zoom App cache while your application is running. For example, call getAppContext or authorize to re-establish identity when needed.
Zoom Apps do not expose persistent personal identifiers by default. Participant IDs provided in a Zoom App are ephemeral and context-specific. Design your app so that each user's app instance independently identifies the user (with permission). If you need a participant roster, consider coordinating through the host. The host's app instance can share participant information with others in the Zoom App, if appropriate.
For more information, see the Zoom Apps Context and Authentication.