Zoom
Authentication & Authorization
Credentials
- Zoom connects via OAuth 2.0 Authorization Code Grant Flow.
- Client ID and Client Secret credentials can be obtained through the Zoom account See Zoom Connection Instructions.
- DataGrail uses Refresh Token Flow to periodically update Access Token after it expires to keep the connection alive.
- Publicly exposing your API credentials can allow unauthorized access to the Zoom API endpoints, and your Zoom data by a third party. DataGrail stores your API credentials encrypted and protected.
Scopes
Zoom API requires specific scopes that need to be approved by you in order to grant DataGrail read on certain objects necessary to complete access requests.
Granular scopes
Newly created apps use granular scopes:
- user:read:user:admin
- user:read:settings:admin
- group:read:group:admin
- meeting:read:list_meetings:admin
- webinar:read:list_webinars:admin
- cloud_recording:read:list_user_recordings:admin
- phone:read:user:admin
- phone:read:user_setting:admin
- phone:read:list_recordings:admin
- phone:read:list_voicemails:admin
- phone:read:list_call_logs:admin
Classic scopes
Previously-created apps use the previously-available scopes, now called classic scopes. If you upgrade your app you will still be able to use classic scopes:
- meeting:read:admin
- webinar:read:admin
- group:read:admin
- imgroup:read:admin
- user:read:admin
- recording:read:admin
- phone:read:admin
Endpoints Utilized
- Request authorization:
- GET https://zoom.us/oauth/authorize
- Get and refresh access token:
- POST https://zoom.us/oauth/token
- Verify connection and access to the requested scopes:
- GET https://api.zoom.us/v2/users
Version
DataGrail Zoom integration currently supports version 2 (v2).
Limits
Zoom rate limits define the maximum number of requests a single account can make within a given period of time. When DataGrail exceed a rate limit, the API request will fail and return a HTTP 429 status code.
DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).
Access
For an access request, DataGrail will take the following actions:
- Check a user email by the Data Subject email.
- If a user match is found:
- Retrieve a user's settings by user ID.
- Retrieve a user's meetings by user ID.
- Retrieve a user's webinars by user ID.
- Retrieve a user's recordings by user ID.
- Get the user's Zoom phone profile by user ID.
- Retrieve the Zoom Phone profile settings of a user by user ID.
- Retrieve a user's Zoom phone call logs by user ID.
- Retrieve a user's Zoom Phone voicemails by user ID.
- Retrieve a user's Zoom Phone recordings by user ID.
- For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.
DataGrail also supports the Direct Contact Access workflow for Zoom.
Endpoints Utilized
- GET https://api.zoom.us/v2/users/{EMAIL}
- GET https://api.zoom.us/v2/users/{USER_ID}/settings
- GET https://api.zoom.us/v2/users/{USER_ID}/meetings
- GET https://api.zoom.us/v2/users/{USER_ID}/webinars
- GET https://api.zoom.us/v2/users/{USER_ID}/recordings
- GET https://api.zoom.us/v2/phone/users/{USER_ID}
- GET https://api.zoom.us/v2/phone/users/{USER_ID}/settings
- GET https://api.zoom.us/v2/phone/users/{USER_ID}/call_logs
- GET https://api.zoom.us/v2/phone/users/{USER_ID}/voice_mails
- GET https://api.zoom.us/v2/phone/users/{USER_ID}/recordings
Deletion
DataGrail supports the Direct Contact Deletion workflow for Zoom.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.