Zoom
Use a Zoom OAuth app when a Zoom MCP integration asks for a Zoom Client ID and Client Secret.
See Overview for prerequisites and secret-handling guidance.
Create The Zoom OAuth App
- Decide which Zoom account should own the integration. You need developer or admin authorization on that account to create and activate the app.
- Log in to the Zoom App Marketplace at marketplace.zoom.us as a developer or admin.
- Click Develop, then Build App.
- Select General App and click Create. A General App uses user-managed OAuth 2.0, which is the authorization model Zoom's remote MCP servers use.
- Open Basic Information. Under App Credentials, locate the Client ID and Client Secret. Zoom provides separate Development and Production credentials, so use the set that matches your environment.
- Under OAuth Information, paste the QuilrAI callback URL into the OAuth Redirect URL field, then add the same URL to the OAuth Allow List. Copy the callback URL from the QuilrAI MCP setup screen and match it exactly.
- Open Scopes and add the granular scopes the Zoom MCP integration requests, for example meeting, cloud recording, and chat scopes. Start with the least privileged scopes that support the tools you plan to enable. The main Zoom MCP server, the Docs server, and the Whiteboard server each expose a different scope set, so add scopes for the specific server you are enabling.
- Activate the app. Zoom cannot issue tokens for an app that is not activated.
- Copy the Client ID and Client Secret from App Credentials.
- Paste the Client ID and Client Secret into the QuilrAI manual OAuth setup screen, then click Connect and authorize Zoom. Zoom completes the OAuth 2.1 authorization-code flow with PKCE, and access is scoped to the authorizing user's own Zoom permissions.
Keep In Mind
- Zoom remote MCP servers do not support Dynamic Client Registration, so you must create a provider-owned OAuth app and enter the Client ID and Client Secret manually.
- A General App uses user-managed OAuth. Each user authorizes individually, and access is limited to that user's own Zoom permissions, so per-user authorization is enforced by Zoom rather than by a single shared service identity.
- Zoom apps provide separate Development and Production credentials and redirect URLs. Create a separate app, or use the matching credential set, for each QuilrAI environment whose callback URL differs.
- The app must be activated in Zoom before tokens can be issued. If the app is later deactivated, existing tokens stop working.
- If your Zoom account restricts app installs, an account admin may need to approve the app before users can authorize it.
- For account-level automation that runs without a signed-in user, create a Server-to-Server OAuth app instead and use the account-credentials flow. The standard MCP path is the user-managed General App described above.