DEV Community: Siva Kameswara Rao Munipalle The latest articles on DEV Community by Siva Kameswara Rao Munipalle (@sivamskr). https://dev.to/sivamskr https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3879192%2F06cfbf84-48f0-4c70-af8a-63303c027306.png DEV Community: Siva Kameswara Rao Munipalle https://dev.to/sivamskr en Integrating Zoom Server-to-Server OAuth with Salesforce: A Complete Guide Siva Kameswara Rao Munipalle Tue, 14 Apr 2026 19:04:08 +0000 https://dev.to/sivamskr/integrating-zoom-server-to-server-oauth-with-salesforce-a-complete-guide-3fk2 https://dev.to/sivamskr/integrating-zoom-server-to-server-oauth-with-salesforce-a-complete-guide-3fk2 <p>*<em>By a Salesforce Architect | April 2026</em></p> <h2> Introduction </h2> <p>If you've ever tried to pull Zoom Meeting Activity Reports into Salesforce, you've probably hit a frustrating wall. The standard OAuth General App works fine — but the moment you switch to Zoom's <strong>Server-to-Server (S2S) OAuth</strong> app, things break fast. Unauthorized errors, invalid tokens, and no clear path forward.</p> <p>This article explains <strong>why</strong> this happens and walks you through the <strong>complete working solution</strong> — including secure credential storage and a full Apex implementation.</p> <h2> The Problem: What Is Zoom Server-to-Server OAuth? </h2> <p>Zoom's Server-to-Server OAuth app is designed for backend, machine-to-machine communication. Unlike a regular OAuth app that requires a user to log in and authorize via a browser redirect, S2S OAuth generates tokens <strong>programmatically</strong> using just your app credentials.</p> <p>The token endpoint looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">POST https://zoom.us/oauth/token?grant_type=account_credentials&amp;account_id={ACCOUNT_ID} Authorization: Basic {Base64(CLIENT_ID:CLIENT_SECRET)} </span></code></pre> </div> <p>This is a variant of the <strong>OAuth 2.0 Client Credentials flow</strong> — but with a non-standard <code>grant_type</code> value (<code>account_credentials</code>) that Zoom uses instead of the standard <code>client_credentials</code>.</p> <h2> Why Salesforce Native OAuth Doesn't Work Here </h2> <p>Salesforce's built-in authentication mechanisms — <strong>Auth Providers</strong>, <strong>External Credentials</strong>, and <strong>Named Credentials</strong> — are built around the standard <strong>Authorization Code flow</strong>. This flow:</p> <ol> <li>Redirects the user to an external login page</li> <li>Gets an authorization code back via callback</li> <li>Exchanges that code for a token</li> </ol> <p>Zoom's S2S flow does <strong>none of this</strong>. There's no redirect, no callback URL, no user interaction. Salesforce simply has no native support for <code>grant_type=account_credentials</code>.</p> <p>This is why every attempt to use External Credentials or Auth Providers with Zoom S2S ends up in <strong>401 Unauthorized</strong> or <strong>invalid_token</strong> errors — Salesforce is trying to run a flow that Zoom's S2S endpoint doesn't support.</p> <h2> The Solution: Manual Token Management in Apex </h2> <p>Since Salesforce can't auto-manage the token exchange, we handle it ourselves. The architecture is straightforward:</p> <ol> <li> <strong>Store credentials securely</strong> in Protected Custom Metadata</li> <li> <strong>Fetch the token</strong> from Zoom's endpoint at runtime using Apex</li> <li> <strong>Use the token</strong> to call the Zoom API</li> <li> <strong>Whitelist the domains</strong> in Remote Site Settings</li> </ol> <h2> Step 1: Remote Site Settings </h2> <p>Before any callout can happen, you must whitelist Zoom's domains.</p> <p>Go to <strong>Setup → Remote Site Settings</strong> and add:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Remote Site Name</th> <th>URL</th> </tr> </thead> <tbody> <tr> <td>Zoom_Auth</td> <td><code>https://zoom.us</code></td> </tr> <tr> <td>Zoom_API</td> <td><code>https://api.zoom.us</code></td> </tr> </tbody> </table></div> <h2> Step 2: Store Credentials Securely Using Custom Metadata </h2> <p>Never hardcode credentials in Apex. Use <strong>Protected Custom Metadata</strong> so values are encrypted at rest and not visible to non-admin users.</p> <h3> Create the Custom Metadata Type </h3> <ol> <li>Go to <strong>Setup → Custom Metadata Types → New</strong> </li> <li>Label: <code>Zoom API Config</code> </li> <li>API Name: <code>Zoom_API_Config__mdt</code> </li> </ol> <h3> Add Fields </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field Label</th> <th>API Name</th> <th>Type</th> </tr> </thead> <tbody> <tr> <td>Client ID</td> <td><code>Client_ID__c</code></td> <td>Text(255)</td> </tr> <tr> <td>Client Secret</td> <td><code>Client_Secret__c</code></td> <td>Text(255)</td> </tr> <tr> <td>Account ID</td> <td><code>Account_ID__c</code></td> <td>Text(255)</td> </tr> <tr> <td>Base API URL</td> <td><code>Base_API_URL__c</code></td> <td>URL</td> </tr> <tr> <td>Token URL</td> <td><code>Token_URL__c</code></td> <td>URL</td> </tr> </tbody> </table></div> <h3> Create a Record </h3> <ul> <li>Label: <code>Default</code> </li> <li>Client ID: <em>(your Zoom Client ID)</em> </li> <li>Client Secret: <em>(your Zoom Client Secret)</em> </li> <li>Account ID: <em>(your Zoom Account ID)</em> </li> <li>Base API URL: <code>https://api.zoom.us/v2</code> </li> <li>Token URL: <code>https://zoom.us/oauth/token</code> </li> </ul> <blockquote> <p><strong>Note:</strong> Mark the metadata type as <strong>Protected</strong> to prevent access via SOQL from unmanaged packages.</p> </blockquote> <h2> Step 3: Apex Service Class — Token + API Call </h2> <div class="highlight js-code-highlight"> <pre class="highlight apex"><code><span class="cm">/** * ZoomS2SService * Handles Server-to-Server OAuth token generation * and API calls to Zoom's reporting endpoints. * * Author: Salesforce Architect * Version: 1.0 */</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">ZoomS2SService</span> <span class="p">{</span> <span class="c1">// ─────────────────────────────────────────────</span> <span class="c1">// Inner class to hold config from Custom Metadata</span> <span class="c1">// ─────────────────────────────────────────────</span> <span class="kd">private</span> <span class="kd">class</span> <span class="nc">ZoomConfig</span> <span class="p">{</span> <span class="n">String</span> <span class="n">clientId</span><span class="p">;</span> <span class="n">String</span> <span class="n">clientSecret</span><span class="p">;</span> <span class="n">String</span> <span class="n">accountId</span><span class="p">;</span> <span class="n">String</span> <span class="n">tokenUrl</span><span class="p">;</span> <span class="n">String</span> <span class="n">baseApiUrl</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// ─────────────────────────────────────────────</span> <span class="c1">// Load config from Protected Custom Metadata</span> <span class="c1">// ─────────────────────────────────────────────</span> <span class="kd">private</span> <span class="kd">static</span> <span class="n">ZoomConfig</span> <span class="nf">loadConfig</span><span class="p">()</span> <span class="p">{</span> <span class="n">Zoom_API_Config__mdt</span> <span class="n">config</span> <span class="o">=</span> <span class="p">[</span> <span class="k">SELECT</span> <span class="n">Client_ID__c</span><span class="p">,</span> <span class="n">Client_Secret__c</span><span class="p">,</span> <span class="n">Account_ID__c</span><span class="p">,</span> <span class="n">Token_URL__c</span><span class="p">,</span> <span class="n">Base_API_URL__c</span> <span class="k">FROM</span> <span class="n">Zoom_API_Config__mdt</span> <span class="k">WHERE</span> <span class="n">DeveloperName</span> <span class="o">=</span> <span class="s1">'</span><span class="s2">Default'</span> <span class="k">LIMIT</span> <span class="mi">1</span> <span class="p">];</span> <span class="n">ZoomConfig</span> <span class="n">zc</span> <span class="o">=</span> <span class="k">new</span> <span class="nf">ZoomConfig</span><span class="p">();</span> <span class="n">zc</span><span class="o">.</span><span class="py">clientId</span> <span class="o">=</span> <span class="n">config</span><span class="o">.</span><span class="py">Client_ID__c</span><span class="p">;</span> <span class="n">zc</span><span class="o">.</span><span class="py">clientSecret</span> <span class="o">=</span> <span class="n">config</span><span class="o">.</span><span class="py">Client_Secret__c</span><span class="p">;</span> <span class="n">zc</span><span class="o">.</span><span class="py">accountId</span> <span class="o">=</span> <span class="n">config</span><span class="o">.</span><span class="py">Account_ID__c</span><span class="p">;</span> <span class="n">zc</span><span class="o">.</span><span class="py">tokenUrl</span> <span class="o">=</span> <span class="n">config</span><span class="o">.</span><span class="py">Token_URL__c</span><span class="p">;</span> <span class="n">zc</span><span class="o">.</span><span class="py">baseApiUrl</span> <span class="o">=</span> <span class="n">config</span><span class="o">.</span><span class="py">Base_API_URL__c</span><span class="p">;</span> <span class="k">return</span> <span class="n">zc</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// ─────────────────────────────────────────────</span> <span class="c1">// Step 1: Fetch Access Token from Zoom</span> <span class="c1">// ─────────────────────────────────────────────</span> <span class="kd">public</span> <span class="kd">static</span> <span class="n">String</span> <span class="nf">getAccessToken</span><span class="p">()</span> <span class="p">{</span> <span class="n">ZoomConfig</span> <span class="n">config</span> <span class="o">=</span> <span class="nf">loadConfig</span><span class="p">();</span> <span class="c1">// Build Basic Auth header: Base64(clientId:clientSecret)</span> <span class="n">String</span> <span class="n">rawCredentials</span> <span class="o">=</span> <span class="n">config</span><span class="o">.</span><span class="py">clientId</span> <span class="o">+</span> <span class="s1">'</span><span class="s2">:'</span> <span class="o">+</span> <span class="n">config</span><span class="o">.</span><span class="py">clientSecret</span><span class="p">;</span> <span class="n">String</span> <span class="n">encodedCredentials</span> <span class="o">=</span> <span class="n">EncodingUtil</span><span class="o">.</span><span class="nf">base64Encode</span><span class="p">(</span><span class="n">Blob</span><span class="o">.</span><span class="nf">valueOf</span><span class="p">(</span><span class="n">rawCredentials</span><span class="p">));</span> <span class="c1">// Build the token request</span> <span class="n">HttpRequest</span> <span class="n">tokenRequest</span> <span class="o">=</span> <span class="k">new</span> <span class="nf">HttpRequest</span><span class="p">();</span> <span class="n">tokenRequest</span><span class="o">.</span><span class="nf">setEndpoint</span><span class="p">(</span> <span class="n">config</span><span class="o">.</span><span class="py">tokenUrl</span> <span class="o">+</span> <span class="s1">'</span><span class="s2">?grant_type=account_credentials&amp;account_id='</span> <span class="o">+</span> <span class="n">config</span><span class="o">.</span><span class="py">accountId</span> <span class="p">);</span> <span class="n">tokenRequest</span><span class="o">.</span><span class="nf">setMethod</span><span class="p">(</span><span class="s1">'</span><span class="s2">POST'</span><span class="p">);</span> <span class="n">tokenRequest</span><span class="o">.</span><span class="nf">setHeader</span><span class="p">(</span><span class="s1">'</span><span class="s2">Authorization'</span><span class="p">,</span> <span class="s1">'</span><span class="s2">Basic '</span> <span class="o">+</span> <span class="n">encodedCredentials</span><span class="p">);</span> <span class="n">tokenRequest</span><span class="o">.</span><span class="nf">setHeader</span><span class="p">(</span><span class="s1">'</span><span class="s2">Content-Type'</span><span class="p">,</span> <span class="s1">'</span><span class="s2">application/x-www-form-urlencoded'</span><span class="p">);</span> <span class="n">Http</span> <span class="n">http</span> <span class="o">=</span> <span class="k">new</span> <span class="nf">Http</span><span class="p">();</span> <span class="n">HttpResponse</span> <span class="n">tokenResponse</span> <span class="o">=</span> <span class="n">http</span><span class="o">.</span><span class="nf">send</span><span class="p">(</span><span class="n">tokenRequest</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">tokenResponse</span><span class="o">.</span><span class="nf">getStatusCode</span><span class="p">()</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">CalloutException</span><span class="p">(</span> <span class="s1">'</span><span class="s2">Failed to retrieve Zoom access token. Status: '</span> <span class="o">+</span> <span class="n">tokenResponse</span><span class="o">.</span><span class="nf">getStatusCode</span><span class="p">()</span> <span class="o">+</span> <span class="s1">'</span><span class="s2"> Body: '</span> <span class="o">+</span> <span class="n">tokenResponse</span><span class="o">.</span><span class="nf">getBody</span><span class="p">()</span> <span class="p">);</span> <span class="p">}</span> <span class="c1">// Parse the token response</span> <span class="n">Map</span><span class="o">&lt;</span><span class="n">String</span><span class="p">,</span> <span class="n">Object</span><span class="o">&gt;</span> <span class="n">tokenData</span> <span class="o">=</span> <span class="p">(</span><span class="n">Map</span><span class="o">&lt;</span><span class="n">String</span><span class="p">,</span> <span class="n">Object</span><span class="o">&gt;</span><span class="p">)</span> <span class="n">JSON</span><span class="o">.</span><span class="nf">deserializeUntyped</span><span class="p">(</span><span class="n">tokenResponse</span><span class="o">.</span><span class="nf">getBody</span><span class="p">());</span> <span class="k">return</span> <span class="p">(</span><span class="n">String</span><span class="p">)</span> <span class="n">tokenData</span><span class="o">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'</span><span class="s2">access_token'</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// ─────────────────────────────────────────────</span> <span class="c1">// Step 2: Call Zoom Meeting Activities Report API</span> <span class="c1">// ─────────────────────────────────────────────</span> <span class="kd">public</span> <span class="kd">static</span> <span class="n">String</span> <span class="nf">getMeetingActivityReport</span><span class="p">(</span><span class="n">String</span> <span class="n">fromDate</span><span class="p">,</span> <span class="n">String</span> <span class="n">toDate</span><span class="p">)</span> <span class="p">{</span> <span class="n">ZoomConfig</span> <span class="n">config</span> <span class="o">=</span> <span class="nf">loadConfig</span><span class="p">();</span> <span class="n">String</span> <span class="n">accessToken</span> <span class="o">=</span> <span class="nf">getAccessToken</span><span class="p">();</span> <span class="c1">// Build API request</span> <span class="n">HttpRequest</span> <span class="n">apiRequest</span> <span class="o">=</span> <span class="k">new</span> <span class="nf">HttpRequest</span><span class="p">();</span> <span class="n">apiRequest</span><span class="o">.</span><span class="nf">setEndpoint</span><span class="p">(</span> <span class="n">config</span><span class="o">.</span><span class="py">baseApiUrl</span> <span class="o">+</span> <span class="s1">'</span><span class="s2">/report/meeting_activities'</span> <span class="o">+</span> <span class="s1">'</span><span class="s2">?from='</span> <span class="o">+</span> <span class="n">fromDate</span> <span class="o">+</span> <span class="s1">'</span><span class="s2">&amp;to='</span> <span class="o">+</span> <span class="n">toDate</span> <span class="p">);</span> <span class="n">apiRequest</span><span class="o">.</span><span class="nf">setMethod</span><span class="p">(</span><span class="s1">'</span><span class="s2">GET'</span><span class="p">);</span> <span class="n">apiRequest</span><span class="o">.</span><span class="nf">setHeader</span><span class="p">(</span><span class="s1">'</span><span class="s2">Authorization'</span><span class="p">,</span> <span class="s1">'</span><span class="s2">Bearer '</span> <span class="o">+</span> <span class="n">accessToken</span><span class="p">);</span> <span class="n">apiRequest</span><span class="o">.</span><span class="nf">setHeader</span><span class="p">(</span><span class="s1">'</span><span class="s2">Content-Type'</span><span class="p">,</span> <span class="s1">'</span><span class="s2">application/json'</span><span class="p">);</span> <span class="n">Http</span> <span class="n">http</span> <span class="o">=</span> <span class="k">new</span> <span class="nf">Http</span><span class="p">();</span> <span class="n">HttpResponse</span> <span class="n">apiResponse</span> <span class="o">=</span> <span class="n">http</span><span class="o">.</span><span class="nf">send</span><span class="p">(</span><span class="n">apiRequest</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">apiResponse</span><span class="o">.</span><span class="nf">getStatusCode</span><span class="p">()</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">CalloutException</span><span class="p">(</span> <span class="s1">'</span><span class="s2">Zoom API call failed. Status: '</span> <span class="o">+</span> <span class="n">apiResponse</span><span class="o">.</span><span class="nf">getStatusCode</span><span class="p">()</span> <span class="o">+</span> <span class="s1">'</span><span class="s2"> Body: '</span> <span class="o">+</span> <span class="n">apiResponse</span><span class="o">.</span><span class="nf">getBody</span><span class="p">()</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="n">apiResponse</span><span class="o">.</span><span class="nf">getBody</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Step 4: Parse and Use the Response </h2> <div class="highlight js-code-highlight"> <pre class="highlight apex"><code><span class="cm">/** * ZoomMeetingActivityParser * Parses the Zoom Meeting Activity Report response * and maps it to Salesforce-friendly structures. */</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">ZoomMeetingActivityParser</span> <span class="p">{</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">MeetingActivity</span> <span class="p">{</span> <span class="kd">public</span> <span class="n">String</span> <span class="n">meetingId</span><span class="p">;</span> <span class="kd">public</span> <span class="n">String</span> <span class="n">topic</span><span class="p">;</span> <span class="kd">public</span> <span class="n">String</span> <span class="n">hostEmail</span><span class="p">;</span> <span class="kd">public</span> <span class="n">Integer</span> <span class="n">participantCount</span><span class="p">;</span> <span class="kd">public</span> <span class="n">String</span> <span class="n">startTime</span><span class="p">;</span> <span class="kd">public</span> <span class="n">String</span> <span class="n">endTime</span><span class="p">;</span> <span class="p">}</span> <span class="kd">public</span> <span class="kd">static</span> <span class="n">List</span><span class="o">&lt;</span><span class="n">MeetingActivity</span><span class="o">&gt;</span> <span class="nf">parse</span><span class="p">(</span><span class="n">String</span> <span class="n">jsonResponse</span><span class="p">)</span> <span class="p">{</span> <span class="n">List</span><span class="o">&lt;</span><span class="n">MeetingActivity</span><span class="o">&gt;</span> <span class="n">activities</span> <span class="o">=</span> <span class="k">new</span> <span class="n">List</span><span class="o">&lt;</span><span class="n">MeetingActivity</span><span class="o">&gt;</span><span class="p">();</span> <span class="n">Map</span><span class="o">&lt;</span><span class="n">String</span><span class="p">,</span> <span class="n">Object</span><span class="o">&gt;</span> <span class="n">responseMap</span> <span class="o">=</span> <span class="p">(</span><span class="n">Map</span><span class="o">&lt;</span><span class="n">String</span><span class="p">,</span> <span class="n">Object</span><span class="o">&gt;</span><span class="p">)</span> <span class="n">JSON</span><span class="o">.</span><span class="nf">deserializeUntyped</span><span class="p">(</span><span class="n">jsonResponse</span><span class="p">);</span> <span class="n">List</span><span class="o">&lt;</span><span class="n">Object</span><span class="o">&gt;</span> <span class="n">meetings</span> <span class="o">=</span> <span class="p">(</span><span class="n">List</span><span class="o">&lt;</span><span class="n">Object</span><span class="o">&gt;</span><span class="p">)</span> <span class="n">responseMap</span><span class="o">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'</span><span class="s2">activity_logs'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">meetings</span> <span class="o">==</span> <span class="kc">null</span><span class="p">)</span> <span class="k">return</span> <span class="n">activities</span><span class="p">;</span> <span class="k">for</span> <span class="p">(</span><span class="n">Object</span> <span class="n">obj</span> <span class="p">:</span> <span class="n">meetings</span><span class="p">)</span> <span class="p">{</span> <span class="n">Map</span><span class="o">&lt;</span><span class="n">String</span><span class="p">,</span> <span class="n">Object</span><span class="o">&gt;</span> <span class="n">meetingData</span> <span class="o">=</span> <span class="p">(</span><span class="n">Map</span><span class="o">&lt;</span><span class="n">String</span><span class="p">,</span> <span class="n">Object</span><span class="o">&gt;</span><span class="p">)</span> <span class="n">obj</span><span class="p">;</span> <span class="n">MeetingActivity</span> <span class="n">activity</span> <span class="o">=</span> <span class="k">new</span> <span class="nf">MeetingActivity</span><span class="p">();</span> <span class="n">activity</span><span class="o">.</span><span class="py">meetingId</span> <span class="o">=</span> <span class="p">(</span><span class="n">String</span><span class="p">)</span> <span class="n">meetingData</span><span class="o">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'</span><span class="s2">meeting_id'</span><span class="p">);</span> <span class="n">activity</span><span class="o">.</span><span class="py">topic</span> <span class="o">=</span> <span class="p">(</span><span class="n">String</span><span class="p">)</span> <span class="n">meetingData</span><span class="o">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'</span><span class="s2">topic'</span><span class="p">);</span> <span class="n">activity</span><span class="o">.</span><span class="py">hostEmail</span> <span class="o">=</span> <span class="p">(</span><span class="n">String</span><span class="p">)</span> <span class="n">meetingData</span><span class="o">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'</span><span class="s2">host_email'</span><span class="p">);</span> <span class="n">activity</span><span class="o">.</span><span class="py">participantCount</span> <span class="o">=</span> <span class="p">(</span><span class="n">Integer</span><span class="p">)</span> <span class="n">meetingData</span><span class="o">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'</span><span class="s2">participants_count'</span><span class="p">);</span> <span class="n">activity</span><span class="o">.</span><span class="py">startTime</span> <span class="o">=</span> <span class="p">(</span><span class="n">String</span><span class="p">)</span> <span class="n">meetingData</span><span class="o">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'</span><span class="s2">start_time'</span><span class="p">);</span> <span class="n">activity</span><span class="o">.</span><span class="py">endTime</span> <span class="o">=</span> <span class="p">(</span><span class="n">String</span><span class="p">)</span> <span class="n">meetingData</span><span class="o">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'</span><span class="s2">end_time'</span><span class="p">);</span> <span class="n">activities</span><span class="o">.</span><span class="nf">add</span><span class="p">(</span><span class="n">activity</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="n">activities</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Step 5: Putting It All Together — Sample Invocation </h2> <div class="highlight js-code-highlight"> <pre class="highlight apex"><code><span class="cm">/** * Example: Call from a Scheduled Job, Flow, or LWC Controller */</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">ZoomReportController</span> <span class="p">{</span> <span class="nd">@AuraEnabled</span> <span class="kd">public</span> <span class="kd">static</span> <span class="n">List</span><span class="o">&lt;</span><span class="n">ZoomMeetingActivityParser</span><span class="o">.</span><span class="py">MeetingActivity</span><span class="o">&gt;</span> <span class="nf">fetchReport</span><span class="p">(</span> <span class="n">String</span> <span class="n">fromDate</span><span class="p">,</span> <span class="n">String</span> <span class="n">toDate</span> <span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Fetch raw JSON from Zoom API</span> <span class="n">String</span> <span class="n">rawResponse</span> <span class="o">=</span> <span class="n">ZoomS2SService</span><span class="o">.</span><span class="nf">getMeetingActivityReport</span><span class="p">(</span><span class="n">fromDate</span><span class="p">,</span> <span class="n">toDate</span><span class="p">);</span> <span class="c1">// Parse into structured list</span> <span class="n">List</span><span class="o">&lt;</span><span class="n">ZoomMeetingActivityParser</span><span class="o">.</span><span class="py">MeetingActivity</span><span class="o">&gt;</span> <span class="n">activities</span> <span class="o">=</span> <span class="n">ZoomMeetingActivityParser</span><span class="o">.</span><span class="nf">parse</span><span class="p">(</span><span class="n">rawResponse</span><span class="p">);</span> <span class="k">return</span> <span class="n">activities</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">e</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">AuraHandledException</span><span class="p">(</span><span class="s1">'</span><span class="s2">Error fetching Zoom report: '</span> <span class="o">+</span> <span class="n">e</span><span class="o">.</span><span class="nf">getMessage</span><span class="p">());</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Sample Call </h3> <div class="highlight js-code-highlight"> <pre class="highlight apex"><code><span class="c1">// In Developer Console or Anonymous Apex</span> <span class="n">String</span> <span class="n">rawJson</span> <span class="o">=</span> <span class="n">ZoomS2SService</span><span class="o">.</span><span class="nf">getMeetingActivityReport</span><span class="p">(</span><span class="s1">'</span><span class="s2">2026-04-01'</span><span class="p">,</span> <span class="s1">'</span><span class="s2">2026-04-15'</span><span class="p">);</span> <span class="n">System</span><span class="o">.</span><span class="nf">debug</span><span class="p">(</span><span class="n">rawJson</span><span class="p">);</span> </code></pre> </div> <h2> Optional: Cache the Token with Platform Cache </h2> <p>Zoom's S2S tokens are valid for <strong>1 hour</strong>. To avoid generating a new token on every API call, use <strong>Salesforce Platform Cache</strong> to store and reuse the token within its validity window.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight apex"><code><span class="kd">public</span> <span class="kd">static</span> <span class="n">String</span> <span class="nf">getAccessTokenCached</span><span class="p">()</span> <span class="p">{</span> <span class="n">Cache</span><span class="o">.</span><span class="py">OrgPartition</span> <span class="n">orgCache</span> <span class="o">=</span> <span class="n">Cache</span><span class="o">.</span><span class="py">Org</span><span class="o">.</span><span class="nf">getPartition</span><span class="p">(</span><span class="s1">'</span><span class="s2">local.ZoomCache'</span><span class="p">);</span> <span class="n">String</span> <span class="n">cachedToken</span> <span class="o">=</span> <span class="p">(</span><span class="n">String</span><span class="p">)</span> <span class="n">orgCache</span><span class="o">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'</span><span class="s2">zoomAccessToken'</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">cachedToken</span> <span class="o">!=</span> <span class="kc">null</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">cachedToken</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// No cache hit — generate a new token</span> <span class="n">String</span> <span class="n">freshToken</span> <span class="o">=</span> <span class="nf">getAccessToken</span><span class="p">();</span> <span class="c1">// Cache for 55 minutes (3300 seconds) — slightly under the 60-min expiry</span> <span class="n">orgCache</span><span class="o">.</span><span class="nf">put</span><span class="p">(</span><span class="s1">'</span><span class="s2">zoomAccessToken'</span><span class="p">,</span> <span class="n">freshToken</span><span class="p">,</span> <span class="mi">3300</span><span class="p">);</span> <span class="k">return</span> <span class="n">freshToken</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p><strong>Prerequisite:</strong> Create a Platform Cache partition named <code>ZoomCache</code> under <strong>Setup → Platform Cache</strong>.</p> </blockquote> <h2> Architecture Summary </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌──────────────────────────────────────────────────────────┐ │ SALESFORCE ORG │ │ │ │ ┌─────────────────┐ ┌──────────────────────────┐ │ │ │ Protected Custom │──────▶│ ZoomS2SService.cls │ │ │ │ Metadata (Creds) │ │ - loadConfig() │ │ │ └─────────────────┘ │ - getAccessToken() │ │ │ │ - getMeetingActivity() │ │ │ ┌─────────────────┐ └────────────┬─────────────┘ │ │ │ Platform Cache │◀───────────────────┘ │ │ │ (Token, 55 min) │ │ │ └─────────────────┘ │ └──────────────────────────────┬───────────────────────────┘ │ HTTPS Callout ┌───────────────▼────────────────┐ │ ZOOM APIs │ │ POST /oauth/token │ │ GET /v2/report/meeting_ │ │ activities │ └─────────────────────────────────┘ </code></pre> </div> <h2> Common Errors and Fixes </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Error</th> <th>Cause</th> <th>Fix</th> </tr> </thead> <tbody> <tr> <td><code>401 Unauthorized</code></td> <td>Wrong Client ID/Secret encoding</td> <td>Verify Base64 of <code>clientId:clientSecret</code> with no spaces</td> </tr> <tr> <td><code>400 Bad Request</code></td> <td>Missing or wrong <code>account_id</code> param</td> <td>Confirm Account ID from Zoom App settings</td> </tr> <tr> <td><code>System.CalloutException: Unauthorized endpoint</code></td> <td>Remote Site missing</td> <td>Add <code>zoom.us</code> and <code>api.zoom.us</code> to Remote Site Settings</td> </tr> <tr> <td><code>Scope not granted</code></td> <td>Missing scopes on Zoom app</td> <td>Add <code>report:read:admin</code> scope in Zoom App settings</td> </tr> <tr> <td><code>Token expired</code></td> <td>Token older than 60 min</td> <td>Use Platform Cache or regenerate token per request</td> </tr> </tbody> </table></div> <h2> Key Takeaways </h2> <ul> <li>Zoom's S2S OAuth uses a <strong>non-standard Client Credentials flow</strong> that Salesforce's native auth framework cannot handle automatically.</li> <li>The correct approach is to <strong>manually manage token generation in Apex</strong> using a Basic Auth header.</li> <li>Always store credentials in <strong>Protected Custom Metadata</strong> — never hardcode them.</li> <li>Use <strong>Platform Cache</strong> to avoid unnecessary token regeneration and stay within Zoom's rate limits.</li> <li>This same pattern applies to <strong>any third-party API</strong> that uses a non-standard OAuth variant not natively supported by Salesforce.</li> </ul> <p><em>Have questions or a different approach that worked for you? Drop a comment below.</em></p> api backend security tutorial