Meeting SDK feature review & requirements

This document focuses on Zoom's process for reviewing apps that use Zoom's Meeting SDK to embed meetings in their app.

This information is supplemental to Zoom's Zoom Marketplace App Review Guidelines and Principles and Zoom Marketplace App Review process. Make sure to read those guides in addition to this doc.

The review team will work with you to perform a comprehensive test on the scopes and features for your app. This includes SDK apps that run on a specific device or unreleased software. The more scopes included in your app, the more intensive the review becomes, and the more scopes included, the more time required to properly test. To avoid a lengthy review, we recommend following a policy of least privilege and minimum data access - adding only scopes necessary to the app.

Joining Meetings outside your account

Apps will need to go through our App Review process to join Meetings outside their own account. Review our policy guide and submission process for full details. For more information, see: Meeting SDK apps now require review to join meetings outside their own account.

Testing

Zoom's SDK app testing covers:

  • Walk-through of the end user experience.
  • Confirmation the app is using production credentials for authorization.
  • Confirmation and testing of the scopes and features requested in the Marketplace app build flow, and the associated user data.
  • Confirmation of the deauthorization and app removal process.

For more information, see Common reasons for app submission rejection and UI legal notices requirements.

To enable the Marketplace Review Team to test your app, provide these in your test plan.

  • Detailed test cases and instructions the review team can use to test your app.

  • Call out if the SDK app is device-specific.

  • Call out if the SDK app joins meetings as a bot participant.

  • Call out if the SDK app runs on or with unreleased software.

  • End user test credentials to login to the site or app.

    Note: You don't need to provide a Zoom account for testing. The Zoom review team uses our own special Zoom account for authorization and API usage.

  • The production client ID. Do not provide the authorization URL with development client ID in the test plan or user flow.

Communication

The review team communicates and provides feedback to you through the Notes feature in the build flow. Depending on the complexity of the SDK app or the environment required for testing, the review team may request any of these, at its discretion.

  • A Zoom meeting with you to walk through and perform a testing session with you available to answer any questions.
  • A demo video. If you are unable to join a Zoom meeting, you can provide a video where you walk through your test cases and demonstrate your app's features, authorizations, and that all requirements have been met.
  • For unreleased software or a unique testing environment, you can provide an APK file, testflight link, staging site, or other methods.

Meeting SDK Requirements

The following requirements apply to apps that use the Zoom Meeting SDK for processing Zoom Meeting and Zoom Webinar content. Zoom meeting and webinar content includes, but is not limited to: chat, video, audio, shared screens, and files.

This document's information is supplemental to Zoom's Zoom Marketplace App Review Guidelines and Principles and Zoom Marketplace App Review process. Make sure to read those guides in addition to this doc.

Requirements

You must ensure that:

  • The app follows Zoom meeting and webinar permissions requirements to live stream or record.
    • When used by hosts - the app can use the REST API to obtain join tokens with predefined permissions.
    • When used by participants - the app can use the SDK API to request permission from the host.
    • The app must stop accessing content if permission is revoked.
  • The app triggers Zoom's recording or live streaming feature which will trigger the native recording/streaming indicator, and provide proper notifications to all participants when accessing Zoom meeting and webinar content.
  • User-facing SDK apps must implement all Legal UI Notices associated with the features used by the Zoom Meeting SDK.
  • When developing multiple apps, developers must list all apps under the same account.

OAuth redirect URL

The OAuth redirect URL is used to generate an authorization URL for OAuth apps.

Note

If you are submitting an SDK app that does not need to be authorized by the end user, but does need to be approved to join other account's meetings, the OAuth redirect URL may not be required.