1.6 KiB
1.6 KiB
OAuth Setup (Team Chat API)
This is for the Team Chat API (user-level actions).
What You Need
- App type: General App (OAuth)
- Redirect URL: your app's callback URL
- Scopes (typical):
chat_message:writechat_channel:read
Flow Summary
- Redirect user to Zoom authorize URL.
- Receive
codeat your redirect URL. - Exchange
codeforaccess_token+refresh_token. - Store tokens per-user.
- Refresh the access token when it expires.
In-App Web Flow Pattern (Recommended)
For browser demos, keep the whole flow in your app to avoid manual copy/paste mistakes:
- User clicks Connect Zoom User in your UI.
- Backend returns authorize URL (
https://zoom.us/oauth/authorize) with a generatedstate. - Redirect browser to Zoom consent screen.
- Callback route validates
stateand exchangescodeathttps://zoom.us/oauth/token. - Callback page stores token in app storage (for demo: localStorage, for production: server session/DB) and redirects back to app.
Token Exchange (Server Side)
Pseudo-code (Node style):
// POST https://zoom.us/oauth/token
// grant_type=authorization_code&code=...&redirect_uri=...
// Authorization: Basic base64(client_id:client_secret)
Common Errors
Invalid redirect: redirect URL mismatch between code exchange and Marketplace config.Invalid access token, does not contain scopes: missing scopes on the app or user didn't re-consent after scope change.
Next
send-message.mdto post a message once you have a user token.token-management.mdfor refresh strategy.