# Zoom authorization flow

> **BETA**

Beginning March 2026, Zoom requires that applications such as Cronofy Meeting
Agents are attributed to a present attendee before being able to join a meeting.
This increases transparency for all participants, but requires that the attendee
provides authorization for Cronofy to join the meeting on their behalf.

For this, Cronofy uses Zoom On-Behalf-Of (OBF) tokens. Zoom provides some context
on their reasoning for this in their [developer site here](https://developers.zoom.us/blog/app-attribution-path/).

Cronofy handles this flow automatically.

## When Cronofy creates the event and conference
When using our API to [create the event and provision the Zoom meeting](/developers/conferencing-services/index.md)
, there is no extra flow needed. In this case, we already have an authorization sufficient
to join the created meeting. We will join on behalf of the Zoom meeting owner, who in
this case will also be the owner of the calendar event.

## When Cronofy has not created the conference
When using our Meeting Agent API to join a meeting that Cronofy has not provisioned,
we will automatically request authorization from the user.

If we have no prior authorization – i.e. for the first meeting for a given user –
then we will email the user to request their permission. This is done ahead of
the meeting starting, so that we will be ready to join the meeting on time.

For the user, this will be a simple Zoom authorization flow where they consent
to Cronofy accessing the meeting on their behalf. For subsequent meetings, we can
reuse this authorization, so this is a one-time flow for each Zoom meeting owner.



---
[Read in HTML](/developers/meeting-agents/zoom-authorization/)