Authenticate and call Zoom Phone API

Before you start building powerful integrations with Zoom Phone, the first step is to create your Zoom Phone app in the Zoom Marketplace. This app serves as the gateway for your application to securely interact with Zoom Phone APIs, enabling you to automate workflows, access call logs, send SMS messages, and much more.

Once you create and configure your app with the necessary scopes and permissions, you can generate access tokens that authenticate your API requests. This guide walks you through the process to generate your first access token and make your initial API call using the Zoom Phone API.

Step 1: Generate an access token

To install your app to your Zoom account:

  1. Go to the Local Test page in your app configuration.

  2. Choose Add App Now.

    Note: You can also manually construct and navigate to the authorization URL in your browser:

    https://zoom.us/oauth/authorize?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}
    • Replace the client ID and the redirect URI.
    • If this is the first time you're authorizing your app, or if you've modified its webhooks or scopes, Zoom prompts you to reauthorize it.

    Once you retrieve the authorization_code at your redirect_uri, send a POST request to the Zoom token endpoint.

    POST https://zoom.us/oauth/token?grant_type=authorization_code&code={authorization_code}&redirect_uri={redirect_uri}

Request headers

{
    "Authorization": "Basic {BASE64_ENCODED_CLIENT_ID:CLIENT_SECRET}"
}

Example request

curl --request POST \
    --url "https://zoom.us/oauth/token?grant_type=authorization_code&code=Wk9PTV9BVVRIT1JJWkFUSU9OX0NPREU&redirect_uri=https://example.com" \
    --header "Authorization: Basic Wk9PTV9DTElFTlRfSUQ6Wk9PTV9DTElFTlRfU0VDUkVU"

If successful, the response body is a JSON representation of the access_token.

{
    "access_token": "<JWT_TOKEN>",
    "api_url": "https://api.zoom.us",
    "expires_in": 3600,
    "refresh_token": "<JWT_TOKEN>",
    "scope": "phone:read:list_call_logs:admin",
    "token_type": "bearer"
}

Access tokens expire after one hour. After your access token expires, you can follow the refresh flow to get a new one.

Step 2: Make your first API call

Once you have the access token, you can start making API calls. For example, retrieve account's call history.

curl --request GET \
  --url "https://api.zoom.us/v2/phone/call_history" \
  --header "Authorization: Bearer {access_token}" \
  --header "Content-Type: application/json"

Replace {access_token} with the token you generated in step 2.

Best Practice: Scope Management

Always follow the principle of least privilege. Add only the scopes your app requires to minimize security risks.

Next Steps

You now have everything you need to start building smart and efficient Zoom Phone integrations.

If you want to see these concepts in action, check out our sample apps:

  • CRM sample app– Automatically log and display call activity inside your CRM, and integrates the Zoom Phone Smart Embed.
  • Call Routing with Rivet – Use Zoom Phone APIs to build intelligent call routing workflows.

To create a CRM sample application for Zoom Phone and Zoom Contact Center, see the Zoom Developer blog post below.

From the developer blog