OAuth Scopes


OAuth scopes provide a way to limit the amount of access granted to an app. Zoom has user-level, admin-level, and Master-level scopes:

  • A user-level app can only request scopes that allow access to an individual user’s associated data.
  • Admin scopes allow an account-level app with admin capabilities and require the installer of the app to be an account admin or owner in order to grant those abilities.
  • Master-level scopes can only be granted to an an account-level app by account owners.

An application can set one or multiple scopes while registering their OAuth app in the Zoom App Marketplace. Information regarding the requested scopes is presented to the user during the app installation process. For example:

Once a user authorizes the app with the requested scopes, the app requests Zoom for the user’s access token. This token represents the authorization permitted to the application to access and/or modify specific parts of a user’s data using Zoom Services, such as Zoom APIs and Webhooks.

In this document you will find a complete list of scopes, their descriptions, and the associated API calls that the app with permitted scope has access to.

Account scopes

The following are the available Account scopes and their associated API calls:

account:read:admin

This scope allows an app to view a Master account’s account and sub account information. This includes account settings, account lock settings, managed domains, and an account’s trusted domains.

Associated APIs

account:write:admin

This scope allows an app to manage sub accounts on behalf of a Master account. This includes creating or disassociating a sub account from a Master account, updating an account’s owner or account settings, and updating lock settings.

Associated APIs

account:master

This scope allows an app to view and manage a Master account’s sub accounts.

Associated APIs


Back to top.

Billing scopes

The following are the available Billing scopes and their associated API calls:

billing:master

This scope allows an app to view and manage billing details. This includes modifying a sub account, viewing sub accounts’ plans, and viewing a sub account’s plan data usage.

Associated APIs


Back to top.

Chat scopes

The following are the available Chat scopes and their associated API calls:

chat_message:read

This scope allows an app to view user’s chat messages and information, such as the date and time of when it was sent and the sender’s email address.

Associated APIs

chat_message:read:admin

Sensitive Information

This scope allows an app to view chat messages of all of an account’s users. This includes accessing information related to messages, such as the date and time of when it was sent and the sender’s email address.

Only users who are assigned a role that includes the View permission for chat messages can install and use apps that request this scope. Users who do not have this permission cannot install any apps that request this scope.

Associated APIs

chat_message:write

This scope allows an app to send chat messages, as well as update and delete a user’s previously-sent messages.

Associated APIs

chat_message:write:admin

Sensitive Information

This scope allows an app to send chat messages, as well as update and delete previously-sent messages for an account’s users.

Only users who are assigned a role that includes the Edit permission for chat messages can install and use apps that request this scope. Users who do not have this permission cannot install any apps that request this scope.

Associated APIs

imchat:read

Sensitive Information

This scope allows an app to view chat session information and user messages from a specific date.

Associated APIs

imchat:read:admin

Sensitive Information

This scope allows an app to view all users’ chat session details and messages.

Associated APIs

imchat:write

This scope allows an app to send chat messages, as well as update and delete previously-sent messages for a user.

Associated APIs

chat_channel:read

This scope allows an app to view chat channel information.

Associated APIs

chat_channel:write

This scope allows an app to view and manage chat channel information and perform actions on user’s behalf. This includes creating or updating channels, inviting or removing channels members, and removing a channel.

Associated APIs

chat_channel:read:admin

This scope allows an app to view information about the chat channels joined by an account’s users.

Only users who are assigned a role that includes the View permission for chat channels can install and use apps that request this scope. Users who do not have this permission cannot install any apps that request this scope.

Associated APIs

chat_channel:write:admin

This scope allows an app to view and manage information for chat channels joined by an account’s users, as well as perform actions on a user’s behalf. This includes creating or updating channels, inviting or removing channels members, and removing a channel.

Only users who are assigned a role that includes the Edit permission for chat channels can install and use apps that request this scope. Users who do not have this permission cannot install any apps that request this scope.

Associated APIs


Back to top.

Chatbot scopes

The following are the available Chatbot scopes and their associated API calls:

imchat:bot

This scope allows a chatbot to interact with users by sending messages to users, editing the sent messages, and deleting the sent messages.

Associated APIs


Back to top.

Contacts scopes

The following are the available Contacts scopes and their associated API calls:

contact:read

This scope allows an app to view a user’s company contacts.

Associated APIs

contact:read:admin

This scope allows an app to search for users in a Zoom account’s company contacts.

Associated APIs

chat_contact:read

This scope allows an app to retrieve a user’s chat contacts information.

Associated APIs


Back to top.

Dashboard scopes

The following are the available Dashboard scopes and their associated API calls:

dashboard_meetings:read:admin

This scope allows an app to view an account’s Meeting Dashboard data. This includes meeting and meeting participant metrics, the meeting’s quality score, and the quality of service provided to the participants during meetings.

Associated APIs

dashboard_webinars:read:admin

This scope allows an app to view an account’s Webinar Dashboard data. This includes webinar and webinar participant metrics, as well as the quality of service provided to the webinar’s participants.

Associated APIs

dashboard_zr:read:admin

This scope allows an app to view an account’s Zoom Rooms Dashboard data, such as Zoom Room information and issues.

Associated APIs

dashboard_home:read:admin

This scope allows an app to view the Dashboard client satisfaction metrics for Zoom meetings and webinars.

Associated APIs

dashboard_im:read:admin

This scope allows an app to view the Zoom Chat Dashboard metrics for the usage of the Zoom Chat client by an account’s users.

Associated APIs

dashboard_crc:read:admin

This scope allows an app to view the Cloud Room Connector (CRC) Dashboard metrics for an account’s CRC usage.

Associated APIs


Back to top.

Devices (H323) scopes

The following are the available Devices (H323) scopes and their associated API calls:

h323:read:admin

This scope allows an app to an account’s H.323/SIP device information. This includes information such as the device name, ID, protocol, and encryption options.

Associated APIs

h323:write:admin

This scope allows an app to manage an account’s H.323/SIP devices.

Associated APIs


Back to top.

Group scopes

The following are the available Group scopes and their associated API calls:

group:read:admin

This scope allows an app to view group information.

Associated APIs

group:write:admin

This scope allows an app to perform actions on behalf of a group administrator. This include managing group members and settings, updating a group name, or deleting groups.

Associated APIs


Back to top.

IM Group scopes

The following are the available IM Group scopes and their associated API calls:

imgroup:read:admin

This scope allows an app to perform actions on behalf of an IM group administrator, such as viewing IM group and member details in a Zoom account.

Associated APIs

imgroup:write:admin

This scope allows an app to perform actions on behalf of an IM group administrator. This includes creating or updating an IM group, deleting an IM group, or updating the IM group’s members.

Associated APIs


Back to top.

Meeting scopes

The following are the available Meeting scopes and their associated API calls:

meeting:read

This scope allows an app to view a user’s meeting information. This includes meeting reports, participants, polls, and registrant information.

Associated APIs

meeting:read:admin

This scope allows an app to view the meeting information for all users in the Zoom account. This includes meeting reports, participants, polls, and registrants.

Associated APIs

meeting:write

This scope allows an app to view and manage user’s meetings. This includes performing actions such as scheduling and updating meetings, deleting meetings, and updating live streaming options.

Associated APIs

meeting:write:admin

This scope allows an app to view and manage meeting information of all the users that are in the Zoom account. This includes performing actions such as scheduling and updating meetings, deleting meetings, and updating live streaming options.

Associated APIs

meeting:master

This scope allows an app to manage meeting information for a Master account’s sub accounts.

Associated APIs


Back to top.

PAC scopes

The following are the available Personal Audio Conferencing (PAC) scopes and their associated API calls:

pac:read

This scope allows an app to view PAC details for a user.

Associated APIs

pac:read:admin

This scope allows an app to view PAC details for all users in an account. This includes dedicated and global dial-in numbers, conference IDs, and passwords used to join a conference.

Associated APIs

pac:write:admin

This scope allows an app to view and manage the PAC information for all users in an account.

pac:master

This scope allows an app to view and manage PAC information for all sub accounts associated with a Master account.


Back to top.

Phone scopes

The following are the available Phone scopes and their associated API calls:

phone:read

This scope allows an app to view details about a user’s Zoom Phone. This includes phone numbers associated with the user, the user’s Zoom Phone profile details and calling plans, site details, voicemails, and recordings of the user’s phone calls.

Associated APIs

phone:read:admin

This scope allows an app to view Zoom Phone details for all users in an account. This includes phone numbers associated with users, users’ Zoom Phone profiles and calling plans, site details, voicemails, and recordings of users’ phone calls.

Associated APIs

Auto receptionists

Blocked lists

Call logs

Call handling

Call queues

Common area phones

Devices

Emergency service locations

External contacts

Monitoring groups

Recordings

Reports

Setting templates

Shared line groups

Sites


Back to top.

phone:write

This scope allows an app to update a user’s Zoom Phone profile.

Associated APIs

phone:write:admin

This scope allows an app with access to Zoom Phone management permissions and the app can perform actions such as updating users’ Zoom Phone settings, Zoom Phone profile that includes information related to calling plans enabled for the user, email address of the user, and site details, adding and removing user phone numbers, managing auto-receptionist configurations, blocked lists, call queues, devices, common area phones, phone sites.

Associated APIs

Auto receptionists

Blocked lists

Call logs

Call handling

Call queues

Common area phones

Devices

Emergency service locations

External contacts

Monitoring groups

Recordings

Reports

Setting templates

Shared access

Shared line groups

Sites


Back to top.

phone_peering

Phone peering API are for use by partners that have completed the MoU to peer with Zoom. To become a peering provider/ carrier, please submit your request.

phone_peering:read:admin

View your E164 numbers.

Associated API

phone_peering:write:admin

View and manage your E164 numbers.

Associated API


Back to top.

phone_call_log

Call log API.

phone_call_log:read

View call log information.

phone_call_log:read:admin

View all users’ call log information.

Associated API

phone_call_log:write

View and manage call logs.

phone_call_log:write:admin

View and manage all user’s call log information.

Associated API


Back to top.

phone_recording

Call recording API.

phone_recording:read

View recording information.

phone_recording:read:admin

View all users’ recording information.

Associated API


Back to top.

phone_sms

SMS API.

phone_sms:read

View Zoom Phone SMS information.

Associated API

phone_sms:read:admin

View all users’ Zoom Phone SMS information.

Associated API


Back to top.

phone_voicemail

Zoom phone voicemail API.

phone_voicemail:read

View call voicemails.

phone_voicemail:read:admin

View all users’ call voicemail information.

Associated API

phone_voicemail:write

View and manage call voicemail information.

phone_voicemail:write:admin

View and manage all users’ call voicemail information.

Associated API


Back to top.

Recording scopes

The following are the available Cloud recording and Archiving scopes and their associated API calls:

recording:read

This scope allows an app to view a user’s meeting or webinar recordings.

Associated APIs

recording:read:admin

This scope allows an app to view all users’ meeting or webinar recordings.

Associated APIs

recording:write

This scope allows an app to view and manage a user’s meeting or webinar recordings.

Associated APIs

recording:write:admin

This scope allows an app to view and manage all users’ meeting or webinar recordings.

Associated APIs


Back to top.

Report scopes

The following are the available Report scopes and their associated API calls:

report:read:admin

This scope allows an app to view an account’s meeting and webinar statistics via usage, user activity, meeting, and webinar reports.

Associated APIs

report_chat:read:admin

This scope allows an app to view an account’s chat history statistics.

Associated APIs

report:master

This scope allows an app to view a Master account’s sub accounts’ meeting and webinar statistics via usage, user activity, meeting, and webinar reports.

Associated APIs


Back to top.

Role scopes

The following are the available Role scopes and their associated API calls:

role:read:admin

This scope allows an app to view an account’s role details and assigned member information.

Associated APIs

role:write:admin

This scope allows an app to perform actions on behalf of an administrator. This includes creating a role, updating role details, and managing members’ roles.

Associated APIs


Back to top.

SCIM2 scopes

The following are the available System Cross-domain Identity Management (SCIM2) scopes and their associated API calls:

scim2

This scope allows an app to provide support for provisioning users through the User resource for users that exist in a corporate account using identity providers.

Associated APIs


Back to top.

SIP Phone scopes

The following are the available Zoom Phone System Integration (SIP) scopes and their associated API calls:

sip_phone:read:admin

This scope allows an app to view an account’s SIP phone information.

Associated APIs

sip_phone:write:admin

This scope allows an app to manage SIP Phones configured on users’ accounts. This includes actions such as enabling users to use SIP phones, updating SIP Phone configurations, and removing SIP Phone from users’ accounts.

Associated APIs


Back to top.

SIP Trunk scopes

The following are the available Session Initiation Protocol (SIP) Trunk scopes and their associated API calls:

sip_trunk:read:admin

This scope allows an app to view SIP trunks information for a sub account or Master account enrolled in the SIP Connected Audio Plan. An app with this scope has access to information such as names of the assigned SIP trunks, the SIP server’s IP address, and the account’s DNIS (Dialed Number Identification Service) identifier.

Associated APIs

sip_trunk:master

This scope allows an app to view and manage a Master account’s sub accounts’ SIP trunk configurations and numbers. An app with this scope can perform actions such as adding internal call-out countries, adding new internal numbers, and deleting existing numbers.

Associated APIs


Back to top.

TrackingField scopes

The following are the available Tracking Field scopes and their associated API calls:

tracking_fields:read:admin

This scope allows an app to view tracking fields information for all users in an account.

Associated APIs

tracking_fields:write:admin

This scope allows an app to manage tracking fields. This includes performing actions such as creating, updating, and deleting tracking fields on behalf of an administrator.

Associated APIs


Back to top.

TSP scopes

The following are the available Telephony Service Provider (TSP) scopes and their associated API calls:

tsp:read

This scope allows an app to view a user’s TSP account information. This includes information such as the TSP name, the user’s dial-in numbers, and conference codes.

Associated APIs

tsp:read:admin

This scope allows an app to view all users’ TSP account information. This includes user information such as the TSP name, user dial-in numbers, and users’ conference codes.

Associated APIs

tsp:write

This scope allows an app to view and manage a user’s TSP information. This includes updating a user’s TSP account information, setting a global dial-in URL, and deleting a user’s TSP account.

Associated APIs

tsp:write:admin

This scope allows an app to view and manage an account’s users’ TSP account information. This includes updating a user’s TSP account information, setting a global dial-in URL, and deleting a user’s TSP account.

Associated APIs


Back to top.

User scopes

The following are the available User scopes and their associated API calls:

user:read

This scope allows an app to view a user’s profile information. This includes information such as user settings, the user’s permissions, user tokens that allow the user to join a Meeting SDK meeting, and the user’s scheduling privileges.

Associated APIs

user:read:admin

This scope allows an app to view information for all users in a Zoom account. This includes information such as profile information, user settings, user permissions, user tokens that allow the user to join a Meeting SDK meeting, and the user’s scheduling privileges.

Associated APIs

user:write

This scope allows an app to view and manage an individual user’s profile information, such as user settings and permissions.

Associated APIs

user:write:admin

This scope allows an app to view and manage user information of all users in a Zoom account.

Associated APIs

user_info:read

This scope allows an app to view user information.

Associated APIs

user_zak:read

This scope allows an app to view a user’s Zoom Access Token (ZAK).

Associated APIs

user:master

This scope allows an app to view and manage sub account users’ information.

Associated APIs


Back to top.

Webinar scopes

The following are the available Webinar scopes and their associated API calls:

webinar:read

This scope allows an app to view user’s webinars information. This includes polls, webinar registrants and absentees, and webinar panelists.

Associated APIs

webinar:read:admin

This scope allows an app to view an account’s users’ webinar information. This includes polls, webinar registrants and absentees, and and updating live streaming settings.

Associated APIs

webinar:write

This scope allows an app to view and manage a user’s webinars. This includes scheduling new webinars, updating webinar details, deleting webinars, and managing registrants.

Associated APIs

webinar:write:admin

This scope allows an app to view and manage an account’s users’ webinar information. This includes scheduling and updating webinars, deleting webinars, and updating live streaming settings.

Associated APIs


Back to top.

Zoom Apps scopes

The following are the available Zoom Apps scopes and their associated API calls.

zoomapp:inmeeting

This scope allows a Zoom Apps app to be added for use in Zoom Meetings. It allows the app access to temporary identifiers for the user and meeting. Additionally, it allows the app to notify other participants in the meeting that the user is using the app.

Associated APIs

None


Back to top.