Session Revocation — Zoom
Session Revocation — Zoom
Challenge can log out SSO users from active Zoom sessions using the Zoom User API.
Credentials
- Create a Zoom Server-to-Server OAuth or account-level OAuth app in the Zoom Marketplace.
- Grant scopes
user:read:adminanduser:write:admin(account-level admin app). - Generate an access token and paste it into Challenge under Integrations → Session Revocation → Zoom.
API calls Challenge makes
| Step | Method | Endpoint |
|---|---|---|
| Lookup | GET | https://api.zoom.us/v2/users/{userId} |
| Revoke | DELETE | https://api.zoom.us/v2/users/{userId}/token |
{userId} may be the user’s email address or Zoom user ID.
Username format
Use the user’s email address or Zoom user ID in Responder, MCP, and webhook payloads.
Expected outcomes
- 204 on revoke → session revoked
- 404 → user not found
Troubleshooting
| Symptom | Check |
|---|---|
http_401 / http_403 | Token expired or missing admin scopes |
user_not_found | User not in the Zoom account or wrong email |