Build Zoom Rest Api App

Name: Build Zoom Rest Api App
Author: anthropics

anthropics/knowledge-work-plugins

Implement Zoom REST and GraphQL clients with correct base URLs, regional routing from OAuth, and API v2 conventions.

Overview

Build Zoom REST API App is an agent skill for the Build phase that guides correct Zoom REST v2 and GraphQL base URLs, regional OAuth routing, and request conventions.

Install

npx skills add https://github.com/anthropics/knowledge-work-plugins --skill build-zoom-rest-api-app

What is this skill?

Documents HTTPS base path https://api.zoom.us/v2/ and GraphQL at https://api.zoom.us/v3/graphql
Maps OAuth api_url to regional hosts (EU, APAC, US, vanity, and other listed regions)
Explains identifier and time-format conventions for REST requests
Notes global api.zoom.us availability alongside data-residency routing
Tables regional base URLs for compliance-oriented deployments
REST uses API version /v2; GraphQL uses /v3/graphql on api.zoom.us
Regional routing table covers Global, AU, CA, EU, IN, SA, SG, UK, US, and vanity hosts

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 853 installs on skills.sh; 19.6k GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You are coding against Zoom but risk wrong API version paths, ignored regional api_url from OAuth, or mixed REST and GraphQL endpoints.

Who is it for?

Solo builders adding Zoom meeting or account features who need architecture rules before writing HTTP client code.

Skip if: Projects with no Zoom dependency, teams that only use Zoom’s no-code marketplace apps without custom API calls, or purely frontend UI with no server OAuth.

When should I use this skill?

Developing or refactoring code that calls Zoom REST or GraphQL and must honor OAuth api_url and versioned endpoints.

What do I get? / Deliverables

Your integration uses the documented v2 and v3 GraphQL bases and regional hosts aligned with the token’s api_url for compliant requests.

Correctly configured API base URLs in client code
Regional routing logic tied to OAuth api_url
Architecture-aligned request patterns

Recommended Skills

Entra App Registrationmicrosoft/azure-skills

Walkthrough for Microsoft Entra ID app registration, OAuth configuration, and MSAL-based authentication setup.374k installs·1.2k stars

Azure Aigatewaymicrosoft/azure-skills

Quick reference for building and operating Azure API Management as an AI gateway using ARM .NET SDK and policy best prac…373k installs·1.2k stars

Lark Openapi Explorerlarksuite/cli

Escalation path for uncovered Lark/Feishu APIs: browse official OpenAPI docs and execute via lark-cli.208k installs·13.7k stars

Supabasesupabase/agent-skills

Authoritative Supabase agent skill for database, auth, edge functions, and client SSR with emphasis on up-to-date docs, …111k installs·2.2k stars

Firebase Auth Basicsfirebase/agent-skills

firebase-auth-basics is a guided agent skill for solo builders implementing Firebase Authentication in web or mobile-bac…75.7k installs·345 stars

Firebase Data Connectfirebase/agent-skills

Firebase Data Connect is an agent skill that equips solo builders to design relational data layers on Firebase using Gra…73.2k installs·345 stars

Journey fit

Primary fit

BuildIntegrations & version control

Zoom API wiring happens while you integrate third-party services into the product, before launch-scale distribution work. Meeting and account APIs are external integrations with auth and residency rules, not generic frontend layout.

Also useful

ShipSecurity

How it compares

Architecture and routing reference for Zoom HTTP APIs, not a full OAuth implementation skill or MCP server.

Common Questions / FAQ

Who is build-zoom-rest-api-app for?

Developers shipping custom Zoom integrations who need REST v2, GraphQL v3, and regional base URL rules in one place for their coding agent.

When should I use build-zoom-rest-api-app?

During Build → integrations while designing or refactoring Zoom API clients, especially when handling OAuth tokens and data residency regions.

Is build-zoom-rest-api-app safe to install?

Check the Security Audits panel on this page; you still must store Zoom client secrets securely and follow Zoom’s app review requirements.

SKILL.md

READMESKILL.md - Build Zoom Rest Api App

# API Architecture

Core design patterns for the Zoom REST API — base URLs, regional routing, identifiers, time formats, and request conventions.

## Base URL

All requests use HTTPS with API version `/v2` in the path:

```
https://api.zoom.us/v2/
```

**GraphQL** uses a separate versioned endpoint:

```
https://api.zoom.us/v3/graphql
```

## Regional Base URLs

The OAuth token response includes an `api_url` field indicating the user's data region. Use this for data residency compliance:

```json
{
  "access_token": "eyJ...",
  "api_url": "https://api-eu.zoom.us"
}
```

Construct your regional base URL by appending `/v2/`:

| Region | API URL | Base URL |
|--------|---------|----------|
| Global (default) | `https://api.zoom.us` | `https://api.zoom.us/v2` |
| Australia | `https://api-au.zoom.us` | `https://api-au.zoom.us/v2` |
| Canada | `https://api-ca.zoom.us` | `https://api-ca.zoom.us/v2` |
| European Union | `https://api-eu.zoom.us` | `https://api-eu.zoom.us/v2` |
| India | `https://api-in.zoom.us` | `https://api-in.zoom.us/v2` |
| Saudi Arabia | `https://api-sa.zoom.us` | `https://api-sa.zoom.us/v2` |
| Singapore | `https://api-sg.zoom.us` | `https://api-sg.zoom.us/v2` |
| United Kingdom | `https://api-uk.zoom.us` | `https://api-uk.zoom.us/v2` |
| United States | `https://api-us.zoom.us` | `https://api-us.zoom.us/v2` |
| Vanity account | `https://{vanity}.zoom.us` | `https://{vanity}.zoom.us/v2` |

**Important:** The global URL `https://api.zoom.us` always works regardless of user region. Regional URLs are for compliance, not required.

### Node.js — Dynamic Base URL from Token

```javascript
async function getZoomClient(accountId, clientId, clientSecret) {
  const credentials = Buffer.from(`${clientId}:${clientSecret}`).toString('base64');

  const tokenRes = await fetch('https://zoom.us/oauth/token', {
    method: 'POST',
    headers: {
      'Authorization': `Basic ${credentials}`,
      'Content-Type': 'application/x-www-form-urlencoded'
    },
    body: `grant_type=account_credentials&account_id=${accountId}`
  });

  const tokenData = await tokenRes.json();
  const baseUrl = tokenData.api_url
    ? `${tokenData.api_url}/v2`
    : 'https://api.zoom.us/v2';

  return {
    accessToken: tokenData.access_token,
    baseUrl,
    async request(method, path, body = null) {
      const res = await fetch(`${this.baseUrl}${path}`, {
        method,
        headers: {
          'Authorization': `Bearer ${this.accessToken}`,
          'Content-Type': 'application/json'
        },
        body: body ? JSON.stringify(body) : undefined
      });
      if (!res.ok) {
        const err = await res.json();
        throw new Error(`Zoom API ${res.status}: ${err.message}`);
      }
      return res.json();
    }
  };
}
```

## The `me` Keyword

The `me` keyword substitutes for `userId` or `accountId` in API paths. Its behavior varies by app type:

| App Type | `me` Behavior | When to Use |
|----------|---------------|-------------|
| **User-level OAuth** | Resolves to the authenticated user | **MUST use** — providing `userId` causes invalid token error |
| **Server-to-Server OAuth** | Not supported | **MUST NOT use** — provide actual `userId` or email |
| **Account-level OAuth** | Resolves to the user who installed the app | Can use either `me` or `userId` |

### Examples

```bash
# User OAuth app — MUST use me
GET /v2/users/me
GET /v2/users/me/meetings

# S2S OAuth app — MUST use actual userId or email
GET /v2/users/abc123def
GET /v2/users/john@example.com
GET /v2/users/john@example.com/meetings
```

### Common Error

Using `userId` with a User-level OAuth token:

```json
{
  "code": 4700,
  "message": "Invalid access token, does not contain scopes."
}
```

**Fix:** Replace the `userId` with `me`.

## Meeting ID vs UUID

- **Meeting ID**: Numeric identifier for the meeting. Reusable for recurring meetings. Expires 30 days after last use.
- **UUID**: Unique identifier for a specific meeting *instance*. Never expires. Generated per occu

What is this skill?

Documents HTTPS base path https://api.zoom.us/v2/ and GraphQL at https://api.zoom.us/v3/graphql

Maps OAuth api_url to regional hosts (EU, APAC, US, vanity, and other listed regions)

Explains identifier and time-format conventions for REST requests

Notes global api.zoom.us availability alongside data-residency routing

Tables regional base URLs for compliance-oriented deployments

REST uses API version /v2; GraphQL uses /v3/graphql on api.zoom.us

Regional routing table covers Global, AU, CA, EU, IN, SA, SG, UK, US, and vanity hosts

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 853 installs on skills.sh; 19.6k GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

BuildIntegrations & version control

Also useful

ShipSecurity

SKILL.md

READMESKILL.md - Build Zoom Rest Api App

# API Architecture

Core design patterns for the Zoom REST API — base URLs, regional routing, identifiers, time formats, and request conventions.

## Base URL

All requests use HTTPS with API version `/v2` in the path:

```
https://api.zoom.us/v2/
```

**GraphQL** uses a separate versioned endpoint:

```
https://api.zoom.us/v3/graphql
```

## Regional Base URLs

The OAuth token response includes an `api_url` field indicating the user's data region. Use this for data residency compliance:

```json
{
  "access_token": "eyJ...",
  "api_url": "https://api-eu.zoom.us"
}
```

Construct your regional base URL by appending `/v2/`:

| Region | API URL | Base URL |
|--------|---------|----------|
| Global (default) | `https://api.zoom.us` | `https://api.zoom.us/v2` |
| Australia | `https://api-au.zoom.us` | `https://api-au.zoom.us/v2` |
| Canada | `https://api-ca.zoom.us` | `https://api-ca.zoom.us/v2` |
| European Union | `https://api-eu.zoom.us` | `https://api-eu.zoom.us/v2` |
| India | `https://api-in.zoom.us` | `https://api-in.zoom.us/v2` |
| Saudi Arabia | `https://api-sa.zoom.us` | `https://api-sa.zoom.us/v2` |
| Singapore | `https://api-sg.zoom.us` | `https://api-sg.zoom.us/v2` |
| United Kingdom | `https://api-uk.zoom.us` | `https://api-uk.zoom.us/v2` |
| United States | `https://api-us.zoom.us` | `https://api-us.zoom.us/v2` |
| Vanity account | `https://{vanity}.zoom.us` | `https://{vanity}.zoom.us/v2` |

**Important:** The global URL `https://api.zoom.us` always works regardless of user region. Regional URLs are for compliance, not required.

### Node.js — Dynamic Base URL from Token

```javascript
async function getZoomClient(accountId, clientId, clientSecret) {
  const credentials = Buffer.from(`${clientId}:${clientSecret}`).toString('base64');

  const tokenRes = await fetch('https://zoom.us/oauth/token', {
    method: 'POST',
    headers: {
      'Authorization': `Basic ${credentials}`,
      'Content-Type': 'application/x-www-form-urlencoded'
    },
    body: `grant_type=account_credentials&account_id=${accountId}`
  });

  const tokenData = await tokenRes.json();
  const baseUrl = tokenData.api_url
    ? `${tokenData.api_url}/v2`
    : 'https://api.zoom.us/v2';

  return {
    accessToken: tokenData.access_token,
    baseUrl,
    async request(method, path, body = null) {
      const res = await fetch(`${this.baseUrl}${path}`, {
        method,
        headers: {
          'Authorization': `Bearer ${this.accessToken}`,
          'Content-Type': 'application/json'
        },
        body: body ? JSON.stringify(body) : undefined
      });
      if (!res.ok) {
        const err = await res.json();
        throw new Error(`Zoom API ${res.status}: ${err.message}`);
      }
      return res.json();
    }
  };
}
```

## The `me` Keyword

The `me` keyword substitutes for `userId` or `accountId` in API paths. Its behavior varies by app type:

| App Type | `me` Behavior | When to Use |
|----------|---------------|-------------|
| **User-level OAuth** | Resolves to the authenticated user | **MUST use** — providing `userId` causes invalid token error |
| **Server-to-Server OAuth** | Not supported | **MUST NOT use** — provide actual `userId` or email |
| **Account-level OAuth** | Resolves to the user who installed the app | Can use either `me` or `userId` |

### Examples

```bash
# User OAuth app — MUST use me
GET /v2/users/me
GET /v2/users/me/meetings

# S2S OAuth app — MUST use actual userId or email
GET /v2/users/abc123def
GET /v2/users/john@example.com
GET /v2/users/john@example.com/meetings
```

### Common Error

Using `userId` with a User-level OAuth token:

```json
{
  "code": 4700,
  "message": "Invalid access token, does not contain scopes."
}
```

**Fix:** Replace the `userId` with `me`.

## Meeting ID vs UUID

- **Meeting ID**: Numeric identifier for the meeting. Reusable for recurring meetings. Expires 30 days after last use.
- **UUID**: Unique identifier for a specific meeting *instance*. Never expires. Generated per occu

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is build-zoom-rest-api-app for?

When should I use build-zoom-rest-api-app?

Is build-zoom-rest-api-app safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is build-zoom-rest-api-app for?

When should I use build-zoom-rest-api-app?

Is build-zoom-rest-api-app safe to install?

SKILL.md