Zoom authorization flow ^BETA

Zoom authorization

Beginning March 2026, Zoom requires that applications such as Cronofy Meeting Agents are attributed to a present attendee before being able to join a meeting. This increases transparency for all participants, but requires that the attendee provides authorization for Cronofy to join the meeting on their behalf.

For this, Cronofy uses Zoom On-Behalf-Of (OBF) tokens. Zoom provides some context on their reasoning for this in their developer site here.

Cronofy handles this flow automatically.

When Cronofy creates the event and conference #

When using our API to create the event and provision the Zoom meeting , there is no extra flow needed. In this case, we already have an authorization sufficient to join the created meeting. We will join on behalf of the Zoom meeting owner, who in this case will also be the owner of the calendar event.

When Cronofy has not created the conference #

When using our Meeting Agent API to join a meeting that Cronofy has not provisioned, we will automatically request authorization from the user.

If we have no prior authorization – i.e. for the first meeting for a given user – then we will email the user to request their permission. This is done ahead of the meeting starting, so that we will be ready to join the meeting on time.

For the user, this will be a simple Zoom authorization flow where they consent to Cronofy accessing the meeting on their behalf. For subsequent meetings, we can reuse this authorization, so this is a one-time flow for each Zoom meeting owner.