Zoom General
Pick the correct Zoom Marketplace app type, OAuth model, surfaces, and embeds before building meetings, phone, or webhook automation.
Overview
zoom-general is an agent skill most often used in Validate (also Build integrations) that explains Zoom Marketplace app types, OAuth modes, surfaces, and embed SDK choices.
Install
npx skills add https://github.com/anthropics/knowledge-work-plugins --skill zoom-generalWhat is this skill?
- Compares 3 Marketplace app types: General App, Server-to-Server OAuth, and Webhook Only
- General App modules: Admin vs User OAuth, 10+ product surfaces, and Meeting, Contact Center, and Phone embed SDKs
- Access tab concepts: Secret Token, Event Subscription, and WebSockets for real-time events
- Scopes tied to API methods and Zoom app submission review
- Embeds table for Meeting SDK, Contact Center SDK, and Phone SDK embedding choices
- 3 Zoom Marketplace app types documented in overview table
Adoption & trust: 833 installs on skills.sh; 19.6k GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are unsure which Zoom app type, OAuth scope model, and embed surface match your automation or in-app experience.
Who is it for?
Builders planning a new Zoom integration who need a single decision map across meetings, phone, chat, and webhooks.
Skip if: Teams that already finalized app credentials and only need Phone Smart Embed wiring—use build-zoom-phone-integration instead.
When should I use this skill?
Before creating or reconfiguring a Zoom Marketplace app or when choosing embed SDKs and OAuth authorization model.
What do I get? / Deliverables
You can commit to General, S2S, or Webhook-only setup and the right Admin vs User OAuth before implementation skills take over.
- Chosen app type and OAuth model
- Surface and embed shortlist
- Scope planning notes for submission
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
First appears in Validate → scope when you decide which Zoom app type and surfaces fit the product—not after code is written. Scope subphase fits narrowing integration surface area (General vs S2S vs Webhook Only) and admin vs user OAuth.
Where it fits
Decide between User OAuth self-serve and Admin account-wide scopes before estimating build time.
Confirm Phone surface and Phone SDK embed align with the General App you registered.
Verify Secret Token and Event Subscription setup match Zoom’s webhook verification requirements.
Add a Webhook Only app for new listeners without expanding API scope on an existing General App.
How it compares
Marketplace and OAuth scoping primer, not a telephony lifecycle or next-safe-action server pattern.
Common Questions / FAQ
Who is zoom-general for?
Solo SaaS and automation builders evaluating Zoom integrations before creating a Marketplace app or choosing embed SDKs.
When should I use zoom-general?
In Validate when scoping OAuth and surfaces; in Build when confirming scopes and Access tab settings; in Operate when revisiting app type for new webhook-only listeners.
Is zoom-general safe to install?
It is documentation-only guidance—check this page’s Security Audits panel and follow Zoom’s official submission and secret-handling practices in your repo.
Workflow Chain
Then invoke: skill anthropics knowledge work plugins build zo
SKILL.md
READMESKILL.md - Zoom General
# App Types Choose the right Zoom app type for your integration. ## Overview Zoom Marketplace has 3 app types: | App Type | Use Case | |----------|----------| | **General App** | Flexible - configure surfaces, embeds, OAuth, webhooks | | **Server-to-Server OAuth** | Backend automation, no user authorization | | **Webhook Only** | Receive events only, no API access | ## General App The modular app type. Pick what you need: ### OAuth Type (choose one) | Type | Scopes | Authorization | |------|--------|---------------| | **Admin** | Admin scopes (`*:admin`) | Entire account OR specific users | | **User** | User scopes | Only themselves (self-service) | ### Surfaces (product contexts) Your app can interact with these Zoom products: - Meetings - Webinars - Rooms - Phone - Team Chat - Contact Center - Whiteboard - Virtual Agent - Events - Mail - Workflows ### Embeds (SDKs) Embed Zoom functionality in your app: | Embed | Description | |-------|-------------| | **Meeting SDK** | Embed Zoom meetings | | **Contact Center SDK** | Embed Contact Center | | **Phone SDK** | Embed Phone functionality | ### Access Configure in the Access tab: - **Secret Token** - Verify webhook notifications - **Event Subscription** - Webhooks - **WebSockets** - Real-time event connections ### Scopes Define which API methods the app can call. Scopes are: - Restricted to specific resources - Reviewed by Zoom during app submission ### Features in General App General App can also include: - **Zoom Apps** - Apps that run inside Zoom client ## Server-to-Server OAuth Backend automation without user authorization. - No user interaction required - Access your account's data - Can include webhooks and zoom-websockets - Best for: automation, reporting, integrations ## Webhook Only Event notifications only. - Receive events, no API calls - No OAuth tokens needed - Best for: event logging, triggering external workflows Use this when you ONLY need events. Otherwise, add webhooks to General App or S2S. ## Decision Guide | Need | App Type | |------|----------| | Call APIs for your account (backend) | Server-to-Server OAuth | | Call APIs on behalf of users | General App (Admin or User OAuth) | | Embed Zoom meetings | General App + Meeting SDK embed | | Embed Contact Center | General App + Contact Center SDK embed | | Embed Phone | General App + Phone SDK embed | | Build in-client app | General App + Zoom Apps | | Receive events only | Webhook Only | | Receive events + call APIs | General App or S2S (with webhooks) | ## Resources - **App types docs**: https://developers.zoom.us/docs/integrations/ - **Marketplace**: https://marketplace.zoom.us/ # Authentication Authentication methods for Zoom APIs and SDKs. ## Overview Zoom supports multiple authentication methods depending on your use case: | Method | Use Case | |--------|----------| | **OAuth 2.0** | User-authorized access (on behalf of user) | | **Server-to-Server OAuth** | Server-side automation (no user interaction) | | **SDK JWT** | Meeting SDK and Video SDK authentication | ## OAuth 2.0 For apps that act on behalf of users. ### Flow ``` 1. User clicks "Connect with Zoom" 2. Redirect to Zoom authorization URL 3. User grants permission 4. Zoom redirects back with auth code 5. Exchange code for access token 6. Use token to call APIs ``` ### Authorization URL ``` https://zoom.us/oauth/authorize?response_type=code&client_id={clientId}&redirect_uri={redirectUri} ``` ### Token Exchange ```bash curl -X POST "https://zoom.us/oauth/token" \ -H "Authorization: Basic {base64(clientId:clientSecret)}" \ -d "grant_type=authorization_code&code={authCode}&redirect_uri={redirectUri}" ``` ## Server-to-Server OAuth For server-side automation without user interaction. ### Get Access Token ```bash curl -X POST "https://zoom.us/oauth/token?grant_type=account_credentials&account_id={accountId}" \ -H "Authorization: Basic {base64(clientId:clientSecret)}" ``` ### Response ```json { "acce