For Zoom Marketplace Security & Privacy review.
App type: User-managed OAuth (General app). Not a Zoom in-client / in-meeting app. Users interact via Telegram and our Mini App only.
https://zoom.us/oauth/authorize?response_type=code&client_id=25bg0QtHTVyrLWzx1WQwgQ&redirect_uri=https://assistant.obuchat.me/oauth/zoom/callbackhttps://assistant.obuchat.me/oauth/zoom/callbackhttps://stagassistant.obuchat.me/oauth/zoom/callbackhttps://assistant.obuchat.me/webhook/deauthorizeSingle-user flow (one Telegram user ↔ one Zoom account). No multi-role app.
No shared Telegram password required. Reviewers use their own Telegram account. We pre-approve reviewer Telegram user IDs on request (within 24 hours).
| Service | How reviewers access |
|---|---|
| Telegram |
Bot: https://t.me/PshAssistent_bot Open the bot with your own Telegram account. If you see an access gate: email support@obuchat.me with your Telegram user ID (Settings → Advanced — or send /start and we reply with ID). We add you to the allowlist within 24 hours.
|
| Zoom |
Connect your own Zoom test account via OAuth (/zoom_auth).Use a Zoom account with permission to host meetings. Dummy meetings are fine. |
Important: OAuth on production uses Production Client ID (25bg0QtHTVyrLWzx1WQwgQ) on assistant.obuchat.me.
/zoom_auth or Mini App → Profile → Zoom → Connect.All scopes below are required (not optional) in our Marketplace submission.
| Scope | How to test |
|---|---|
user:read:user |
|
user:read:token |
|
meeting:write:meeting |
|
meeting:update:meeting |
|
meeting:delete:meeting |
|
cloud_recording:read:recording |
|
/webhook/deauthorize receives app_deauthorized and deletes stored OAuth tokens within 24 hours./zoom_auth is required again before creating meetings.meeting.ended — optional post-meeting notification to the host in Telegram.
Obuchat Assistant does not run inside the Zoom desktop or mobile meeting client. There is no in-meeting UI, no Meeting surface, and no Zoom Apps SDK embed. All interaction is through Telegram chat and the web Mini App at assistant.obuchat.me.