build-zoom-rest-api-app
Provides expert guidance for building server-side integrations with the Zoom REST API, covering endpoint management and OAuth requirements.
Install this skill
Security score
The build-zoom-rest-api-app skill was audited on May 23, 2026 and we found 58 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 207 | const url = `https://api.zoom.us/v2/meetings/${encoded}`; |
Curl to non-GitHub URL
| 82 | curl -X POST "https://zoom.us/oauth/token" \ |
Curl to non-GitHub URL
| 101 | curl -X POST "https://api.zoom.us/v2/users/HOST_USER_ID/meetings" \ |
Curl to non-GitHub URL
| 121 | curl "https://api.zoom.us/v2/users?page_size=300&status=active" \ |
Curl to non-GitHub URL
| 229 | curl -L -H "Authorization: Bearer ACCESS_TOKEN" "https://zoom.us/rec/download/..." |
Webhook reference - potential data exfiltration
| 26 | - "webhook verification" |
Webhook reference - potential data exfiltration
| 50 | 3. **[Meeting Lifecycle](examples/meeting-lifecycle.md)** - Create → Update → Start → End → Delete with webhooks |
Webhook reference - potential data exfiltration
| 69 | - Webhooks not arriving → [Webhook Server](examples/webhook-server.md) |
Webhook reference - potential data exfiltration
| 74 | - [Webhook Server](examples/webhook-server.md) - Express.js server with CRC validation |
Webhook reference - potential data exfiltration
| 75 | - [Recording Pipeline](examples/recording-pipeline.md) - Auto-download via webhook events |
Webhook reference - potential data exfiltration
| 161 | | **Webhooks** | Real-time event notifications for 100+ event types | |
Webhook reference - potential data exfiltration
| 232 | ### Use Webhooks Instead of Polling |
Webhook reference - potential data exfiltration
| 238 | // DO: Receive webhook events in real-time |
Webhook reference - potential data exfiltration
| 239 | app.post('/webhook', (req, res) => { |
Webhook reference - potential data exfiltration
| 247 | > **Webhook setup details:** See the **[zoom-webhooks](../webhooks/SKILL.md)** skill for comprehensive webhook implementation. |
Webhook reference - potential data exfiltration
| 259 | - **[Meeting Lifecycle](examples/meeting-lifecycle.md)** - Full Create → Update → Start → End → Delete flow with webhook events |
Webhook reference - potential data exfiltration
| 261 | - **[Recording Pipeline](examples/recording-pipeline.md)** - Download recordings via webhooks + API |
Webhook reference - potential data exfiltration
| 262 | - **[Webhook Server](examples/webhook-server.md)** - Express.js server with CRC validation and signature verification |
Webhook reference - potential data exfiltration
| 332 | | Webhook Sample | [webhook-sample-node.js](https://github.com/zoom/webhook-sample-node.js) | |
Webhook reference - potential data exfiltration
| 371 | - Webhook event integration |
Webhook reference - potential data exfiltration
| 376 | 6. **Set up webhooks** → [examples/webhook-server.md](examples/webhook-server.md) |
Webhook reference - potential data exfiltration
| 399 | │ ├── recording-pipeline.md # Download recordings via webhooks |
Webhook reference - potential data exfiltration
| 400 | │ ├── webhook-server.md # Express.js CRC + signature verification |
Webhook reference - potential data exfiltration
| 443 | 2. [Meeting Lifecycle](examples/meeting-lifecycle.md) - Full CRUD + webhook events |
Webhook reference - potential data exfiltration
| 451 | 1. [Recording Pipeline](examples/recording-pipeline.md) - Webhook-triggered downloads |
Webhook reference - potential data exfiltration
| 455 | 1. [Webhook Server](examples/webhook-server.md) - CRC validation, signature check |
Webhook reference - potential data exfiltration
| 456 | 2. Cross-reference: [zoom-webhooks](../webhooks/SKILL.md) for comprehensive webhook docs |
Webhook reference - potential data exfiltration
| 510 | Complete CRUD with webhook integration — the pattern most developers need first. |
Webhook reference - potential data exfiltration
| 568 | ### "Webhooks not arriving" |
Webhook reference - potential data exfiltration
| 569 | → [Webhook Server](examples/webhook-server.md) - CRC validation required |
Webhook reference - potential data exfiltration
| 584 | | **[zoom-webhooks](../webhooks/SKILL.md)** | Deep webhook implementation, event catalog | |
Access to .env file
| 594 | - See [references/environment-variables.md](references/environment-variables.md) for standardized `.env` keys and where to find each value. |
External URL reference
| 39 | **Official Documentation**: https://developers.zoom.us/api-hub/ |
External URL reference
| 40 | **API Hub Reference**: https://developers.zoom.us/api-hub/meetings/ |
External URL reference
| 41 | **OpenAPI Inventories**: `https://developers.zoom.us/api-hub/<domain>/methods/endpoints.json` |
External URL reference
| 82 | curl -X POST "https://zoom.us/oauth/token" \ |
External URL reference
| 101 | curl -X POST "https://api.zoom.us/v2/users/HOST_USER_ID/meetings" \ |
External URL reference
| 121 | curl "https://api.zoom.us/v2/users?page_size=300&status=active" \ |
External URL reference
| 128 | https://api.zoom.us/v2 |
External URL reference
| 137 | | Global (default) | `https://api.zoom.us/v2` | |
External URL reference
| 138 | | Australia | `https://api-au.zoom.us/v2` | |
External URL reference
| 139 | | Canada | `https://api-ca.zoom.us/v2` | |
External URL reference
| 140 | | European Union | `https://api-eu.zoom.us/v2` | |
External URL reference
| 141 | | India | `https://api-in.zoom.us/v2` | |
External URL reference
| 142 | | Saudi Arabia | `https://api-sa.zoom.us/v2` | |
External URL reference
| 143 | | Singapore | `https://api-sg.zoom.us/v2` | |
External URL reference
| 144 | | United Kingdom | `https://api-uk.zoom.us/v2` | |
External URL reference
| 145 | | United States | `https://api-us.zoom.us/v2` | |
External URL reference
| 147 | **Note:** You can always use the global URL `https://api.zoom.us` regardless of the `api_url` value. |
External URL reference
| 170 | - App registered on [Zoom App Marketplace](https://marketplace.zoom.us/) |
External URL reference
| 207 | const url = `https://api.zoom.us/v2/meetings/${encoded}`; |
External URL reference
| 229 | curl -L -H "Authorization: Bearer ACCESS_TOKEN" "https://zoom.us/rec/download/..." |
External URL reference
| 337 | - **API Reference**: https://developers.zoom.us/api-hub/ |
External URL reference
| 338 | - **GraphQL Playground**: https://nws.zoom.us/graphql/playground |
External URL reference
| 339 | - **Postman Collection**: https://marketplace.zoom.us/docs/api-reference/postman |
External URL reference
| 340 | - **Developer Forum**: https://devforum.zoom.us/ |
External URL reference
| 341 | - **Changelog**: https://developers.zoom.us/changelog/ |
External URL reference
| 342 | - **Status Page**: https://status.zoom.us/ |