Publishing Your Zoom OAuth App

This comprehensive guide will walk you through the exact steps required to create, configure, and submit a Zoom OAuth (General) application for the KiviCare Telemedicine Addon. Following these steps ensures your app meets Zoom’s security and functional requirements for production use.

---

Step 1: Initial App Creation

1. Navigate to the Zoom App Marketplace and log in.
2. In the upper right corner, click on the Develop dropdown menu and select Build App.
3. Choose the General App option and click Create.
4. At the top center of the screen, ensure you toggle from “Development” to the Production tab.

Step 2: Basic Configuration

Navigate to the Basic Information section in the left sidebar and fill in the details:

1. Developer Contact Information: Enter your Name and Email address.
2. Select how the app is managed: Select the User-managed option.
3. App Credentials: Copy the Client ID and Client Secret. Save these securely, as you will need to paste them into your kivicare admin dashboard -> Settings -> Integration -> Zoom Telemed -> Zoom OAuth Configuration.
4. OAuth Information:

• In the OAuth Redirect URL field, paste the redirect URL found in your KiviCare Admin Dashboard (Settings -> Integration -> Zoom Telemed -> Zoom OAuth Configuration -> Redirect URL).
• Check the box for “Use Strict Mode for Redirect URLs”.
• In the OAuth Allow Lists field, enter the exact same URL you used for the OAuth Redirect URL.

1. Click Continue.

Step 3: Access, Surface, Embed, Connect, & Custom Form

• You do not need to configure anything in these five sections. Simply click Continue at the bottom of each page until you reach the “Scopes” section.

Step 4: Scopes

1. Click on + Add Scopes.
2. Search for and select the following 5 scopes:

• meeting:write:meeting
• meeting:delete:meeting
• meeting:update:meeting
• meeting:read:meeting
• user:read:user

1. Click Continue.

Step 5: Actions

• Do nothing in this section. Click Continue.

Step 6: App Listing

This section defines how your app appears. Fill out the three sub-sections as follows:

1. App Information

• App Icon: Upload your app icon.
• App Name & Company Name: Enter your desired application and company names.
• Short Description: Paste the following text:

Automate Zoom meeting creation for virtual appointments directly from the KiviCare Clinic Management dashboard.

• Long Description: Paste the following text:
  The KiviCare Telemedicine integration bridges the gap between your physical clinic and the digital world. By integrating Zoom directly into the KiviCare workflow, it allows healthcare providers to offer high-quality virtual consultations without leaving their dashboard.

Key Features:

• Automated Provisioning: Zero-click meeting creation. When a tele-medical appointment is scheduled, the system automatically creates a secure Zoom meeting.
• Dynamic Link Distribution: Automatically generates and stores unique Start URLs for Doctors and Join URLs for Patients.
• Secure: Enforces Waiting Rooms and unique passwords for every meeting to prevent unauthorized access.
• Multi-Doctor Support: Supports individual OAuth connections for clinics with multiple independent practitioners.
• Cover Image: Upload a relevant cover image banner.
• App Gallery: Upload 4 screenshots demonstrating the integration.
  You can download and use these pre-made reference screenshots for your app gallery:
  1) image-1 2) image-2 3) image-3 4) image-4
• Adding Your App: Select “From your site”.
• Direct Landing URL: Enter your doctor dashboard Zoom settings URL. Format: {baseurl}/kivicare-doctor-dashboard/setting/zoom-configuration (You can easily copy this by logging into your Doctor Dashboard -> Settings -> Integration -> Zoom telemed setting).
• Other Marketplaces: For “Do you list this application on other app marketplaces or stores?”, select No.
• Categorize Your App:
• Marketplace Category: Select “Health and Wellness” and “Scheduling”.
• Industry Vertical: Select “Healthcare”.

2. Links & Support

• Provide valid URLs for your Privacy Policy, Terms of Use, Support, and Documentation. (Ensure these pages exist on your live website).
  You can use these pre-written content templates as a reference for your own pages:
  privacy-policy, terms-of-use, contact-us, zoom-integration-guide
• Crucial: Check the box that says: “This page includes language informing users of their data subject rights and how to exercise them.”

3. EU & Discoverability

• Scroll down to App discoverability.
• Select the “Set my app as Unlisted” option.
• Click Continue.

Step 7: Monetization

• Do nothing in this section. Click Continue.

Step 8: Technical Design

This section requires specific text and documents to pass Zoom’s security review.

1. Overview Tab

• Technology Stack: Copy and paste the following text:

The application is a WordPress plugin built on PHP (compatible with 8.0+) running within the WordPress CMS environment.
1. Backend & Networking: It utilizes the WordPress HTTP API (WP_Http class) to perform RESTful requests to the Zoom Meeting API v2. It uses standard cURL/Streams for data transport over TLS 1.2+.
2. Database: Data persistence is handled via MySQL/MariaDB. It creates a custom table (wp_kc_appointment_zoom_mappings) to store non-sensitive meeting metadata (Meeting IDs, UUIDs, Join URLs). OAuth tokens and configuration secrets are stored in the WordPress wp_usermeta and wp_options tables.
3. Authentication: The app implements standard OAuth 2.0 for individual doctor authorization and Server-to-Server OAuth for clinic-wide management. Token lifecycle (exchange, refresh, and revocation) is managed internally by the plugin.
4. Frontend: The user interface (Doctor Dashboard and Settings) is built using React.js, which communicates with the PHP backend via custom endpoints extending the WordPress REST API.

• Architecture Diagram: Upload the architecture_diagram.png file.

2. Application Development

• Secure software development process (SSDLC)? Select Yes and upload SSDLC_policy.pdf.
• Undergo SAST and/or DAST? Select Yes and upload security_testing_report.pdf.
• 3rd Party Application penetration testing? Select Yes and upload Penetration_Testing_Summary.pdf.
• Additional Documents (Recommended): Upload KiviCare_Security_and_Privacy_Policies.pdf.

3. Security Section

• Answer Yes to all 3 questions.
• In the text box asking to “Provide details on how this data is protected ‘at rest’”, paste the following:

Protection Mechanism:
1) Storage Location: Zoom OAuth Access and Refresh tokens are stored within the WordPress database (wp_usermeta table) linked to the specific Doctor’s user ID.
2) Encryption: We rely on database-level encryption (TDE) where available on the host server. Access to this table is strictly restricted to authenticated WordPress Administrators via Role-Based Access Control (RBAC).
3) Lifecycle: Tokens are automatically purged from the database immediately upon the user initiating the ‘Disconnect’ action from the application dashboard.

• Click Continue.

Step 9: Beta Test

• Click the Add App button to test the configuration, then click Continue.

Step 10: App Submission

Finalize your submission for the Zoom review team:

1. Release notes for the app reviewer: Copy and paste the following exactly:

App Description:
KiviCare Telemedicine is an integration for our clinic management system. It allows doctors to link their Zoom accounts to automatically generate meeting links for patient appointments.

Testing Instructions (Crucial):
Please DO NOT click the “Add App” button inside the Zoom Marketplace, as it will fail (our security logic requires a Doctor ID state parameter).

Instead, please follow these steps:
1) Go to the Login page URL provided below.
2) Log in using the Test Account credentials provided below.
3) You will be redirected to the Doctor Dashboard.
4) Go to Settings > Zoom Telemed setting.
5) Click the “Connect to Zoom” button.
6) This will launch the OAuth flow. Click “Allow” to see the “Connected” success state.

2. App Activation: Select the “Activate my app immediately after it is approved” option.
3. Test account and credentials:

• Select “Login page URL”.
• Enter the login URL for your WordPress site.
• Provide the Username and Password for a user with the Doctor role so the reviewer can test the connection.

2. Submit: Check the Marketplace Developer Agreement box and click Submit.

You will receive an email from the Zoom Marketplace team once your app has been reviewed and approved!