test.asdc.cc
Multi-app Zoom utility endpoint. Add each Zoom app to /var/www/test.asdc.cc/zoom-app-clients.json, keyed by its client ID.
Some of these utilities may also be implemented on nodejs.asdc.cc as the shared Node.js service is expanded.
Webhook Receiver
- Configure Zoom webhook URL as
https://test.asdc.cc/?clientid={clientid}. - Alternative path:
https://test.asdc.cc/webhook?clientid={clientid}. - Webhook payloads are appended to
webhook.txt; per-client logs are saved underwebhooks/. - The public
webhook.txtfile is cleared daily at midnight server time. - Read a per-client log with
GET /webhook?clientid={clientid}.
OAuth Redirect
Use this redirect URL in the Zoom app OAuth settings:
https://test.asdc.cc/redirecturlforoauth?type=user&clientid={clientid}
The callback exchanges Zoom's code with the matching client secret from the JSON registry. It stores the latest access token and refresh token in a private local token store indexed by:
cid: client ID parsed from the access tokenissclaim, for examplezm:cid:{clientid}.aid: Zoom account ID from the access token.uid: Zoom user ID from the access token.
Retrieve a valid access token with:
GET /accesstoken?cid={cid}&aid={aid}&uid={uid}
If the stored access token is expired or close to expiry, the service uses the stored refresh token to request a new access token and refresh token, then overwrites the old stored record.
400: missingcid,aid, oruid.404: no stored token record for that tuple.409: token record exists but has no refresh token; re-authorize the user.
S2S Access Token API
Generate a one-off Server-to-Server OAuth access token with:
GET /s2s/token?clientid={clientid}&clientsecret={clientsecret}&accountid={accountid}
The accountid value is sent to Zoom as account_id. The token response is returned directly and is not stored.
Generate a one-off client credentials access token with:
GET /clientcredentials/token?clientid={clientid}&clientsecret={clientsecret}
This calls Zoom with grant_type=client_credentials. The token response is returned directly and is not stored.
Use this flow for Marketplace app-owned scopes that require the client credentials grant.
Deauthorization
Use this URL as the Zoom app Deauthorization Notification Endpoint:
https://test.asdc.cc/deauthorize
When Zoom sends app_deauthorized, the service deletes the stored OAuth token record matching:
payload.client_idascid.payload.account_idasaid.payload.user_idasuid.
Deauthorization payloads are not appended to the public webhook log.
SDK Signatures
- Meeting SDK:
POST /meeting/?clientid={clientid}with JSON{"meetingNumber":"123456789","role":0}. - Video SDK:
POST /video/?clientid={clientid}with JSON{"sessionName":"demo","role":1,"sessionKey":"optional"}.
Health
Check service status with GET /health.