Technical blog - Zoom app POC

25 Jun, 2025

POC Zoom Plugin (Zoom Apps)

Last week, I was working on a POC for a Zoom plugin. We had a requirement from a client that was quite specific: they wanted certain web app functionalities to be available directly inside Zoom. Some of their users are heavy Zoom users and prefer doing everything—from setting up meetings to accessing tools—within Zoom itself.

Research Phase

The research phase included going through the documentation, using AI assistants (Claude, ChatGPT), and trying out any demos Zoom had available. Luckily, they had plenty. Honestly, the documentation was just okay, but the demos were really helpful in navigating the path forward.

Here, I’ll talk about the parts I stumbled upon during research and the requirements we had to meet.

Requirements

Primarily, the app needed to:

1. Let users easily add the app to Zoom and log in with minimal effort—ideally just a button click.
2. Access the logged-in user’s data so we can authenticate them in our own system.
3. Allow users to create and join meetings directly from the app.

Useful Links

These links were super helpful in understanding how Zoom apps work:

• Authorization: https://developers.zoom.us/docs/integrations/oauth/
• Overview of Zoom Apps: https://developers.zoom.us/docs/zoom-apps/

Sample Projects

• https://github.com/zoom/zoomapps-sample-js
• https://github.com/zoom/zoomapps-advancedsample-react

POC Implementation Phase

Once I had the samples, I started playing around with them. I began with the simple sample example.

Authorization

Authorization flow and getting user data:

From what I understood, Zoom app authorization happens in two phases:

1. Initial Authorization Phase When a user installs the app from the Zoom Marketplace, Zoom provides a code. We use this to generate a deeplink, which redirects the browser into the Zoom app. This is used to obtain access and refresh tokens.

2. In-Client Authorization (PKCE OAuth Flow) I chose the PKCE OAuth flow for security and because Zoom's own sample apps use it. We had the option to use account-level authorization, but the client later clarified that even users not on a corporate Zoom account should be able to use the app.

Here’s a quick breakdown of this flow:

• Frontend: User clicks a button to log in → we hit our backend endpoint.
• Backend: This endpoint generates the auth code, code verifier, and state (saved in session), then redirects the user to Zoom with these.
• Frontend: We use the Zoom SDK (or REST API) to authorize using the code verifier and state. This hits Zoom’s authorize endpoint and returns an auth code.
• Backend: A second endpoint exchanges the auth code for access/refresh tokens, then redirects back to the frontend with the tokens.

At this point, we can:

• Store the tokens
• Fetch the user info from Zoom
• Authenticate the user into our own system
• Store user info in a cookie and send it back to the frontend

Creating a Meeting

We needed a way to create meetings with some custom data tied to our app. Zoom offers multiple ways to do this—either via SDK or REST API meeting endpoints.

We decided to go with the REST API for more control. The flow was straightforward:

• From the frontend, we collect form data.
• The backend calls Zoom’s meeting API with this data.
• We save the meeting info in our DB and return the meeting ID and join URL to the frontend.

Drafted by me - edited via AI