Zoom Integration

Cloud vs self-hosted

On tymeslot.app, the Zoom app is already configured — just click "Connect Zoom" in your dashboard and authorise on Zoom's consent screen. No setup required.

Self-hosters need to create their own Zoom Marketplace app and configure three environment variables. The rest of this guide walks through that process.

Prerequisites (self-hosters)

• A Zoom account — any paid plan (Pro, Business, Enterprise) supports the meeting API. Free Zoom accounts can authenticate but cannot create meetings programmatically.
• Access to the Zoom App Marketplace with developer permissions on your account.
• Your Tymeslot deployment running over HTTPS with a public hostname (Zoom does not allow plain-HTTP redirect URLs except http://localhost for local development).

1 Create the Zoom Marketplace app

1. Go to marketplace.zoom.us/develop/create and sign in with your Zoom account.
2. Click Build App → choose General App (not "Server-to-Server OAuth", not "JWT" which is deprecated).
3. Set the app type to User-managed. Each Tymeslot user will authorise their own Zoom account.
4. Name your app — e.g. Tymeslot Self-Hosted . This is what users see on Zoom's consent screen.

2 Configure OAuth redirect and scopes

In the Marketplace app's App Credentials tab, add your callback URL. Replace your-domain.com with your Tymeslot host:

https://your-domain.com/auth/zoom/video/callback

The redirect URL is automatically added to the OAuth Allow List by Zoom — no manual step needed. You can add further allowed URLs (e.g. a staging host) from the same Allow List section if needed.

Still on the Basic Information tab, scroll down to Deauthorization Notification and paste your deauth endpoint:

https://your-domain.com/auth/zoom/deauthorize

Zoom signs every deauthorization request with HMAC-SHA256 against the Secret Token shown in that same section. Copy it — you'll set it as ZOOM_DEAUTH_SECRET in the next step. The deauthorization endpoint is required before submitting the Marketplace app for production review.

Then in the Scopes tab, add:

• meeting:write:meeting — create meetings on the user's behalf
• meeting:read:meeting — verify meeting status
• user:read:user — fetch the connected user's profile for display

3 Set environment variables

From the Basic Information tab, copy your Client ID and Client Secret, and the Secret Token from the Deauthorization Notification section. Generate a 32-byte state secret for CSRF protection. Then add these to your Tymeslot environment:

export ZOOM_CLIENT_ID="<your client id>"
export ZOOM_CLIENT_SECRET="<your client secret>"
export ZOOM_STATE_SECRET="$(openssl rand -hex 32)"
export ZOOM_DEAUTH_SECRET="<marketplace secret token>"

For Docker Compose deployments, add these to your .env file. For Cloudron, set them in the App Configure dialog. Restart Tymeslot after setting them.

4 Connect from the dashboard

1. Restart Tymeslot so it picks up the new env vars.
2. Go to Dashboard → Video Integration.
3. Click Connect Zoom.
4. Authorise on Zoom's consent screen.
5. You'll be redirected back to Tymeslot with a success notice.

5 Enable Zoom on a meeting type

Each meeting type chooses its own video provider. To use Zoom for a specific meeting type:

1. Go to Dashboard → Meeting Types and pick a meeting type.
2. In the Location section, choose Video meeting.
3. Pick Zoom from the integration dropdown.
4. Save. The next confirmed booking on this type will create a Zoom meeting and email the join link automatically.

Publishing the Marketplace app (optional)

While your Zoom app is in Development mode, only your own Zoom account can install it. That is fine for single-tenant self-hosting where you are the only Zoom-connected user.

To let other users (e.g. team members or your customers) connect their own Zoom accounts to your Tymeslot deployment, submit the Marketplace app for publication via App Submission in the portal. Zoom's review typically takes 1–3 weeks. During that period you can manually whitelist individual Zoom accounts via the Marketplace's Beta Test → Add User form.

Zoom's review requires:

• A step-by-step test plan document (Google Doc, Confluence, or similar) covering app authorisation, each scope used, and the full booking flow. Add the link in the release notes at submission time.
• Test account credentials your reviewer can use to log in and walk through the integration. Include these in the release notes.
• A Zoom account with at least a paid plan (Pro or above) associated with the developer account — free accounts require a credit card on file or a completed US compliance form before review can proceed.

❓ Frequently Asked Questions

Verification Checklist

• The "Connect Zoom" button appears on the Video Integration dashboard page.
• Authorising redirects you to Zoom's consent screen and back without errors.
• The connected integration shows your Zoom email address.
• Booking a test meeting on a Zoom-enabled meeting type creates a real Zoom room — visible at zoom.us/meeting/scheduled .
• The confirmation email contains a Zoom join URL of the form https://zoom.us/j/... .
• Removing the app from zoom.us/profile → Apps → Tymeslot → Remove makes the integration disappear from the Tymeslot Video Integration dashboard within seconds.