Zoom Server-to-Server OAuth apps let your workflows authenticate to Zoom at the account level instead of through a person's OAuth login. A Zoom admin creates the app once, grants it exactly the scopes it needs, and Sim mints short-lived access tokens from the app's credentials on demand — no user consent to expire, and permissions that are auditable from the Zoom Marketplace.
This is the recommended way to use Zoom in production workflows: the credentials don't depend on any user staying logged in, the granted scopes are explicit, and tokens are minted fresh whenever a workflow runs.
Prerequisites
You need a Zoom admin whose role has permission to view and edit Server-to-Server OAuth apps, plus permission for the scopes the app will use. The Develop option in the Zoom Marketplace only appears for accounts with this permission.
Scope selection is capped by the creating admin's own role permissions, and Zoom automatically removes admin-level scopes from the app if that admin's role is later downgraded — workflows then start failing with scope errors even though nothing changed in Sim. Create the app from an admin account you expect to keep.
Setting Up the Server-to-Server OAuth App
1. Create the App
Sign in at marketplace.zoom.us as a Zoom admin, click Develop → Build an app, select Server-to-Server OAuth app, and click Create. Give it a name (e.g. Sim)
On the App Credentials page, copy the Account ID, Client ID, and Client secret — these are the three values you'll paste into Sim
Use the Account ID from this App Credentials page — it's an opaque string, not a number. The numeric account number shown in your Zoom web-portal profile is a different value, and pasting it is a documented common mistake that produces "bad request" errors when minting tokens.
In the Information section, fill in the required short description, company name, and developer name and email — the app can't be activated without them
In Scopes, click Add Scopes and add the admin-level granular scopes your workflows need (see the list below)
In Activation, resolve any remaining blockers and activate the app
Tokens cannot be minted until the app is activated — and deactivating it later immediately kills every token it has issued, stopping all workflows that use the credential.
2. Choose Scopes
Server-to-Server OAuth apps use Zoom's granular scopes with account-level (:admin) variants. Grant only what your workflows use. The set Sim's Zoom tools can draw on is:
Users:
user:read:user:adminMeetings:
meeting:read:meeting:admin
meeting:read:list_meetings:admin
meeting:write:meeting:admin
meeting:update:meeting:admin
meeting:delete:meeting:admin
meeting:read:invitation:admin
meeting:read:list_past_participants:adminCloud recordings:
cloud_recording:read:list_user_recordings:admin
cloud_recording:read:list_recording_files:admin
cloud_recording:delete:recording_file:adminMatch these against what the Marketplace Scopes picker actually offers — Zoom's granular-scope catalog shows the :admin variants for account-level apps, but names occasionally differ from the user-level scopes Sim's OAuth flow requests. If a picker entry differs slightly from this list, prefer the picker's name for the matching action.
A missing scope surfaces at run time as a 4xx error from the Zoom API naming a scope problem. Add the scope in the app's Scopes section and re-run the workflow — no changes are needed in Sim.
3. Copy the Credentials
The Client secret is bearer material for your entire Zoom account, limited only by the app's scopes. Treat it like a password — do not commit it to source control or share it publicly. Sim encrypts it at rest.
Regenerating the Client secret in the Zoom Marketplace invalidates the stored pair. If you rotate it, update the credential in Sim right away.
Adding the Service Account to Sim
Open Integrations from your workspace sidebar
Search for "Zoom" and open it, then click Add to Sim and choose Add server-to-server app
In the Add Zoom server-to-server app dialog, paste the Client ID, Client secret, and Account ID, and optionally set a display name and description
Click Add server-to-server app. Sim verifies the credentials by minting a real access token from Zoom — if it fails, the error tells you whether Zoom rejected the credentials or couldn't be reached. A rejection usually means bad credentials, an app that isn't a Server-to-Server OAuth app, or an app that hasn't been activated.
Using the Service Account in Workflows
Add a Zoom block to your workflow. In the credential dropdown, your Zoom service account appears alongside any OAuth credentials. Select it and configure the block as you normally would.
The block calls api.zoom.us with a freshly minted access token — the same requests as the OAuth flow, so every Zoom tool works, subject to the scopes you granted.
The me keyword does not work with service accounts. With a personal OAuth connection, user-scoped operations (create meeting, list meetings, list recordings) accept me for the connected user. A Server-to-Server app has no user context — Zoom rejects me with an error like "This API does not support client credentials for authorization." Always pass an explicit user ID or email address in the block's user field when using a service account.
Sim's Zoom tools call the standard api.zoom.us host. Standard commercial Zoom accounts work as-is; Zoom for Government and other regionally partitioned accounts may not be reachable at that host and aren't currently supported with service accounts.
Token Behavior
Access tokens minted from the app live for one hour and there is no refresh token — Sim simply mints a new token when one is needed. Zoom explicitly allows multiple concurrently valid tokens, so minting never invalidates workflows already in flight. Two events do kill tokens:
- Deactivating the app — all minted tokens die immediately and no new ones can be issued until it's reactivated
- Regenerating the Client secret — the stored credentials stop working; paste the new secret into the credential in Sim