Ongoing Monitoring and Reviews

Here at Zoom, we are constantly working to ensure that all apps on our Marketplace are consistently held to a high security and compliance standard. In addition to the full functional and security review conducted prior to your app's publication to Marketplace, Zoom performs ongoing monitoring of published apps.

Zoom will conduct functional and/or security reviews for any of the following:

  • Update requests that contain a change in scope. If you are adding scopes to your application, both the Functional and Security team will review the change. Scope removals will only be reviewed by the Functional team. Irrespective of scope changes, all update requests are reviewed by the Functional team.
  • Apps whose API calls are failing are reviewed by the Functional team in order to track and provide guidance on remediation.
  • If your app hasn't been reviewed for security in over two years, the team will conduct a routine security review. For more information about Zoom security review.

Note

In order to communicate effectively regarding any upcoming reviews make sure you maintain a monitored inbox. We always direct our communications to the Contact Email and Developer Email you listed in your app's submission. Be sure that these inboxes are regularly checked.

For information about your rights and responsibilities for ongoing app monitoring and reviews, see the Zoom Marketplace Developer Agreement.

Will you let me know when a security review is being conducted?

Yes, per the Zoom Marketplace Developer Agreement, we will notify you of all reviews we conduct on your application.

Will a security review disrupt my application?

Your application will remain live on the Zoom Marketplace during the review unless there are findings or functional issues that need to be resolved.

How can I expedite the review process?

Make sure your Technical Design Document (TDD) is up to date and that your team is prompt in providing valid test credentials.

To update your TDD:

  1. Log into the Zoom Marketplace and go to Manage.
  2. Click your published app and go to the Technical Design tab.
  3. Fill out the Application Development, Security Overview, and Privacy Attestations sections.
  4. Go to the Submit tab and submit an update request.

To update scopes:

  1. Provide a test plan with a step-by-step guide that explains how to configure and use the new features and scopes. In order to test any changes made in this update, we use the development credentials of your app. Ensure all redirects and development environments work as expected. (You can add a link to the test plan document to the release notes on your next submission).
  2. Because this is a scope-changing update, when we approve the app, each one of your subscribers will have the option to reauthorize your app. This is why we will need you to include some more information within the Release Notes for User section. This gives you the opportunity to inform your users about what is changing, why they should reauthorize, and how these changes will make their experience different/your app better.
  3. In order to test the new features and changes included in your update request, Zoom reviewers need to authorize the development version of your app. Please make sure you are using the Development Client ID so that we can test any change you made to your application.

For more information, see Updating an app.

If you still have questions pertaining to the review cycles, please reach out to our teams directly: