# Zoom Scheduler Explainer
Managing Scheduler one-off meetings within the Zoom Workplace app.
### Zoom Scheduler Overview This document provides a technical overview of Zoom Scheduler, covering its architecture, data handling practices, and integration capabilities. This Explainer is designed for IT administrators, security teams, and technical decision-makers evaluating or implementing Scheduler within their organizations. #### **Zoom Scheduler is an appointment scheduling product designed for professionals who need to offer bookable time slots** Zoom Scheduler is an appointment scheduling product that streamlines the booking experience by letting users share their availability with people outside their organization. It's designed for professionals who need to offer bookable time slots, whether they're sales teams, recruiters, consultants, or customer success managers. Zoom Scheduler prevents the back-and-forth of finding a mutually available time. Scheduler works with your compatible calendar service to display your availability and create events when appointments are booked. It supports several meeting modalities including one to one meetings, team schedules, and availability polling so external participants select a time that works for them. The following diagram shows an overview of how Zoom Scheduler works:
An overview of the Zoom Scheduler service.
#### Zoom Scheduler and Zoom Calendaring Integration serve different purposes despite using interchangeable terms Scheduler and calendar integration serve different purposes and are sometimes confused by customers who use the terms interchangeably. **Zoom Calendaring Integration** syncs calendar data across Zoom endpoints. Integrating calendar services with Zoom can be as simple or involved as your organization needs. In the case of [integrating enterprise calendaring services with Zoom Workplace](https://library.zoom.com/admin-corner/third-party-integrations/zoom-calendaring-integration-explainer), that requires special access and permissions. But with Zoom Scheduler, the level of access is limited. **Zoom Scheduler** allows you to create publicly viewable and bookable schedules with others within and outside your organization. It can integrate with your calendar to sync booked appointments and check your calendar for conflicts. It reads your calendar's free and busy statuses on demand and writes new events when appointments are booked. It's another layer on top of your existing calendar rather than a replacement. You don't need Zoom Calendaring Integration enabled for Scheduler to work. Scheduler connects directly to your calendar provider through its own OAuth authorization. #### Zoom Scheduler is licensed for Zoom Workplace Business, but can also be purchased as an add-on Zoom Scheduler is a licensed product. It's included with Zoom Workplace at the Business tier and higher, or available as a standalone add-on for other plans. #### What are the benefits of enabling Zoom Scheduler? * **Share availability externally** without exposing calendar details: invitees see available time slots, not your event titles or descriptions * **Reduce scheduling friction** by eliminating email back-and-forth to find meeting times * **Automatic conflict detection** helps prevent double-booking * **Calendar events created automatically** when someone books a time, with meeting details included across platforms and locations, including Zoom, Microsoft Teams, Google Meet, and on-site or in-person * **Supports multiple booking types** such as All Host Available and Any Host Available for coordinated scheduling across teams * **Helps reduce no-shows and engage your customers** with email and SMS automations such as reminders and follow-up emails #### Which calendar providers are supported? Zoom Scheduler is compatible with these calendar services: * **Microsoft 365**: Cloud-hosted Exchange Online calendars * **Google Workspace**: Google Calendar * **Zoom Mail & Calendar** {% hint style="warning" %} Zoom Scheduler support for iCloud Calendar is currently in beta and out of scope for this article. {% endhint %} #### Zoom Scheduler can be accessed via the web, Zoom Workplace, and the Zoom mobile app
A user booking an appointment with Zoom Scheduler.
Users can access Zoom Scheduler through: * **Web browser** via the Zoom web portal * **Zoom Workplace application** on desktop * **Zoom mobile app** on iOS and Android (currently supports a limited set of read functionality) **Mobile security:** The mobile version uses the same data flow as the desktop application. The mobile app loads the Scheduler page into an authenticated webview. The webview makes all requests to Zoom servers through HTTPS. When the webview needs to call native device functions, it uses postMessage, and the native layer verifies the message origin before executing any action. **External participant access:** External participants access Scheduler through booking page links shared by the host. These links open in a web browser and don't require the participant to have a Zoom account or the Zoom Workplace application installed. ### Data Handling and Security #### Zoom Scheduler uses OAuth 2.0 and backend APIs to access calendar data Zoom Scheduler accesses calendar data through OAuth 2.0 authorization: 1. The user accesses Zoom Scheduler through the web portal or Zoom application. 2. Zoom's internal services retrieve an access token from the host's calendar provider. 3. With permission granted, Scheduler can view the host's calendar availability and create or modify events. 4. When a scheduling action occurs, Scheduler makes an API request to refresh live availability from the calendar provider. The Zoom Scheduler application doesn't connect directly to calendar services. All calendar requests flow through Zoom's backend services via APIs. #### OAuth tokens are encrypted during storage, expire after an hour, and can be revoked by users Scheduler uses standard OAuth 2.0 for calendar integration with Microsoft and Google. **Token storage:** * Access tokens are stored in Redis cache * Refresh tokens are encrypted and stored in MongoDB * Tokens are stored using 256-bit AES-GCM encryption **Token refresh:** Access tokens expire after approximately one hour. When a token expires and the user takes an action that requires calendar access, Zoom automatically refreshes the access token using the stored refresh token. This process is automatic and doesn't require user intervention. **Token revocation:** Users can disconnect their calendar from Scheduler at any time through the Zoom web portal, which revokes Scheduler's access. Calendar provider administrators can also revoke access through their respective admin consoles (Entra ID for Microsoft, Google Workspace Admin for Google). #### What calendar information does Zoom Scheduler access? Zoom Scheduler accesses your calendar's **free/busy status** to determine availability. It uses this information to display bookable time slots to participants. For calendar events Scheduler has not created, Scheduler does not access or read: * Event titles * Event descriptions or body content * Attendee lists * Attachments When a participant books a time, Scheduler creates a new calendar event. When a participant modifies a booking, Scheduler updates the event it created. Scheduler only manages events it has created. It doesn't modify your other calendar events. #### What data does Zoom Scheduler store? Scheduler's data storage is limited and specific. * Booking page name, link, description, location, reminders, calendar invites, cancellation policy, attendees, and attendee questions. * Booking responses from attendees. * Availability polls and descriptions. * Scheduler routing form names, descriptions, and form questions. * Scheduler user profile picture, uploaded branding logo, and notification content. * Scheduler delegate management information. * Scheduler payment integration information. #### Zoom Scheduler doesn't support Customer Managed Key (CMK) Scheduler doesn't currently support Zoom Customer Managed Key for encrypting stored data. Organizations with CMK requirements should factor this into their deployment decisions. #### How does Zoom Scheduler protect user privacy? Scheduler can only function if a host grants Scheduler access to a connected calendar through OAuth authorization. For example, if a CEO hasn't connected their calendar to Scheduler, their availability won't appear in team scheduling scenarios. Each user must individually authorize Scheduler to access their calendar. This means: * Users control whether their availability is visible through Scheduler * Existing calendar permission controls remain unchanged * No calendar data is accessible until the user explicitly connects their calendar **Booking page visibility:** Booking pages are publicly accessible via their unique URL. Users may change the visibility of booking pages for increased privacy. For example, marking them Active or Inactive. Additionally, each individual booking page has an Additional Option to "Hide from public booking page" to offer granular control of what pages appear externally or not. **Calendar availability (free/busy status) is only retrieved in real time when**: * A user creates a one-off meeting or availability poll * A participant opens a booking link to view available times * A participant books or modifies a time #### How is data protected in transit? All communications between Zoom services and calendar providers are encrypted using TLS 1.2. Zoom Scheduler users the standard Zoom port 443 connection and has no other special network requirements Scheduler has no special firewall or network requirements beyond standard Zoom access. All connections use HTTPS on port 443. Refer to Zoom's general [network and firewall documentation](https://support.zoom.us/hc/en-us/articles/201362683-Network-firewall-or-proxy-server-settings-for-Zoom) for baseline requirements. ### Provider-Specific Details Zoom Scheduler is compatible with the following calendar services and integrations. #### Zoom Scheduler works with various, common calendar service providers
Zoom Scheduler connects to several calendar applications, including Zoom Mail & Calendar.
As mentioned above, Zoom Scheduler can connect to the following services for reading availability and creating events: * **Microsoft 365**: Cloud-hosted Exchange Online calendars, like Outlook Calendar * **Google Workspace**: Google Calendar * **Zoom Mail & Calendar** {% hint style="warning" %} Zoom Scheduler Support for iCloud Calendar is currently in beta and out of scope for this article. {% endhint %} {% hint style="info" %} Exchange Server on-premises is not supported. {% endhint %} #### Zoom Scheduler integrates with Microsoft 365 using a Microsoft Graph application Scheduler uses a Microsoft Graph application called `ZOOM-GRAPH` to connect to user calendars. This is a user-level integration using OAuth 2.0 with delegated permissions, meaning each user authorizes access to their own calendar individually. Scheduler does not use Application Permissions or a service account model. There's no admin-level deployment that grants calendar access on behalf of users. **What permissions does Scheduler require?** The `ZOOM-GRAPH` application requests the following Microsoft Graph API permissions: | Scope | Microsoft Description | Zoom Usage | | --------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ | | `offline_access` | Maintain access to data you have given it access to, even when users are not currently using the app | Enables access to refresh tokens when user is not actively using Scheduler | | `openid` | Sign users in | Authenticate the user and issue an access token (sign-in only, not real-time access) | | `Calendars.ReadWrite` | Full access to user calendars | Create, read, update, and delete calendar events | | `Calendars.Read` | Read events in all calendars the user has access to, including delegate and shared calendars | Sync shared calendar availability | **How can I identify the ZOOM-GRAPH application?** The `ZOOM-GRAPH` application appears in your Entra ID Enterprise Applications directory after a user authorizes Scheduler. You can locate it by searching for "ZOOM-GRAPH" in the Enterprise Applications list. #### Zoom Scheduler integrates with Google Calendar using OAuth 2.0 Scheduler connects to Google Calendar using OAuth 2.0 with user-level authorization. For Google Workspace calendar users, the following permissions are required: | Scope | Google Description | Zoom Usage | | --------------------- | ------------------------------------------------------- | ------------------------------------------------------------------------ | | `Calendars.Read` | Returns free/busy information for a set of calendars. | | | `Calendars.Read` | Returns events on the specified calendar. | Check whether current scheduled event has overlapped calendar event | | `Calendars.Read` | Returns metadata for a calendar. | | | `Calendars.Read` | Returns the calendars on the user's calendar list. | Integration setting | | `Calendars.Read` | Watch for changes to Events resources. | Start sync event cancellation on the calendar to Scheduler | | `Calendars.Read` | Stop watching resources through this channel. | Stop sync event cancellation on the calendar to Scheduler | | `Calendars.ReadWrite` | Creates an event. | Add events to specific calendar | | `Calendars.ReadWrite` | Updates an event. This method supports patch semantics. | Change events on specific calendar | | `Calendars.ReadWrite` | Deletes an event. | Remove reserved event on specific calendar | #### Zoom Scheduler can create the meetings for various meeting platforms When an appointment is booked, Scheduler can create meetings on these platforms: * **Zoom Meetings** * **Google Meet** * **Microsoft Teams** #### Third-party integrations offer additional scheduling functionality Scheduler can connect with the following services for extended functionality: * **Stripe**: Payment collection for bookings (see the Stripe section below for more details) * **Zapier**: Workflow automation * **Salesforce**: Syncs scheduled events to Salesforce ### Stripe Payments and Zoom Scheduler #### Zoom Scheduler integrates with Stripe Connect to let hosts charge for bookings Zoom Scheduler integrates with Stripe Connect to enable hosts to charge a fee for appointments booked through Scheduler. This follows a non-Merchant-of-Record (non-MoR) marketplace model: Hosts\* maintain a direct relationship with Stripe, use their own Stripe accounts to process transactions, and are financially liable for any fees or disputes. {% hint style="success" %} \*Hosts are the merchant of record for the services they sell through Zoom Scheduler and are responsible for delivering those services, providing receipts and customer support to their attendees, as well as handling refunds, chargebacks, and any consumer-protection obligations that apply. {% endhint %} Zoom doesn't charge a platform fee or commission on payments. Where applicable, Zoom calculates and collects VAT/GST on the transaction and remits it to the relevant tax authority. For more information, see the Zoom Support article [Frequently asked questions about Zoom Scheduler GST and VAT](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0082295\&DeviceId=70283b61-c13a-475f-ab4d-4a89b1632c1b\&SessionId=1778771930780). {% hint style="info" %} Stripe is the independent provider of payment services to the host under the Stripe Services Agreement and Stripe Connected Account Agreement. Stripe is not a Zoom subprocessor; Zoom and Stripe each act as independent controllers of the personal data they process for the integration, and they share data with each other only as needed to operate the Stripe Connect integration the host has authorized. {% endhint %} #### Hosts connect Stripe and Zoom through a standard OAuth flow and accept Stripe's Connected Account Agreement Hosts connect their Stripe account to Zoom Scheduler via Stripe Connect using a standard OAuth authorization flow hosted by Stripe. During onboarding, Stripe presents its own Connected Account Agreement and Privacy Policy. During this OAuth flow, hosts agree to Stripe’s Connected Account Agreement, which governs use of Stripe Connect alongside the host’s underlying Stripe Services Agreement. The host’s relationship with Zoom continues to be governed by their existing Zoom Workplace and Zoom Scheduler terms. Once authorized, Zoom Scheduler can initiate payment transactions on the host’s behalf, as described in the Stripe Connected Account Agreement. #### Payment card data is handled entirely by Stripe and never passes through Zoom's systems The payment form presented to payers is a Stripe-hosted Payment Element embedded on the Zoom Scheduler booking page. Although the form visually appears on a Zoom-hosted page, payment card data is entered in, and transmitted directly to, Stripe's servers. Zoom doesn't store payment card data or handle payment data. This is standard practice for Stripe Element integrations. What information Zoom does store: To meet its marketplace tax obligations, Zoom collects and retains the following: * Each payer's billing address (also called the 'Sold To' address) * Name * Email * VAT (where applicable) * Tax ID (where applicable) This information is used to determine tax jurisdiction and calculate applicable taxes. Zoom acts as the responsible party for determining, calculating, and remitting VAT/GST in applicable jurisdictions.This billing information is also shared with Stripe to support payment processing and tax calculation. In return, Stripe shares booking-related data back to Zoom under the host’s authorization in the Stripe Connected Account Agreement. Zoom uses this data to operate the booking experience (for example, to confirm or cancel an appointment) and for the marketplace, tax, and reporting purposes described in this document. For full details on tax collection and jurisdiction-specific rules, see the Zoom Support article [Frequently asked questions about Zoom Scheduler GST and VAT](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0082295\&DeviceId=70283b61-c13a-475f-ab4d-4a89b1632c1b\&SessionId=1778771930780). #### Zoom creates a Payment Intent in the host's Stripe account and maps the payment ID to the booking When a payer initiates a booking payment, Zoom Scheduler creates a Payment Intent via the Stripe API, directed to the host's connected Stripe account. Stripe generates a transaction ID for the Payment Intent and returns it to Zoom, which uses it to track and confirm payment status. Funds are deposited directly into the host's Stripe account. Zoom maps the payment ID and status to its internal booking ID for confirmation and record-keeping. #### Hosts can cancel and refund paid bookings from the Scheduler UI or from their Stripe dashboard
The Cancel and refund button option in the Zoom Scheduler UI.

The Cancel and refund button option in the Zoom Scheduler UI

The Manage transaction drop-down option in the Zoom Scheduler UI. This option will send you to your Stripe dashboard.

The Manage transaction drop-down option in the Zoom Scheduler UI

For paid bookings, hosts have two options for managing refunds. From within the Zoom Scheduler UI, hosts can select **Cancel and refund** on a booking to either cancel the event and issue a full refund, or refund the attendee while keeping the event active. In both cases, Zoom triggers the refund via the Stripe API and the payment is returned to the attendee's original payment method. Alternatively, hosts can select **Manage transaction** to go directly to their connected Stripe dashboard, where they can view transaction details and process refunds through Stripe's own interface. {% hint style="danger" %} In the event of a refund, the host is **not** reimbursed for transaction fees or other fees charged by Stripe. Hosts should contact Stripe directly with questions about fee handling. {% endhint %}
The Cancel and refund confirmation options when cancelling a Stripe/Zoom appointment.

The Cancel and refund confirmation options when cancelling a Stripe/Zoom appointment.

### Appendix #### Zoom Scheduler sends SMS notifications through Twilio with built-in content safeguards Zoom Scheduler uses Twilio, a third-party cloud communications platform, to deliver SMS notifications to attendees. Messages are sent from a pool of phone numbers managed by Zoom. **Message processing and safeguards** Before delivery, Zoom processes all SMS notifications through internal safety, spam, and phishing filters. Additionally, Zoom uses AI-based detection to prevent users from adding sensitive information to SMS notification templates. Twilio may apply additional filtering and block messages it deems as spam. Zoom may disable SMS functionality for accounts with high rates of detected spam or policy violations. **Attendee consent and controls** Attendees must opt in to receiving SMS notifications at the time of booking. Attendees can manage their SMS preferences by replying to any Scheduler SMS message: * **STOP**: Opt out of text messages * **START**: Opt back in to text messages * **HELP**: Receive help information Replies must be sent to the same number the attendee received the message from. #### Zoom Scheduler notifications are offered through email or push via the Zoom mobile app
The Zoom Scheduler notification options available to administrators.
Scheduler delivers booking confirmations and reminders through: * **Email**: Confirmation and reminder emails to both hosts and participants * **Push notifications**: Mobile app notifications for hosts with the Zoom mobile app installed * **SMS** via Twilio. #### Zoom Scheduler is available through US and EU clusters Zoom Scheduler is currently generally available to Zoom customers hosted on Zoom’s United States-based cluster and regionally within Zoom’s European-based cluster. Organizations hosted on other clusters should confirm availability with their Zoom account team. #### Current limitations The following features are not currently supported: * **SSO or password protection for booking pages**: Booking pages are publicly accessible via their unique URL * **Attachments on booking invitations**: There is no way to add attachments to booking page invites * **Customer Managed Key (CMK)**: Scheduler does not support CMK for encrypting stored data * **Admin-level calendar deployment**: Each user must individually connect their calendar; admins cannot grant access on behalf of users * **Exchange Server on-premises support**: Only cloud-hosted calendar providers are supported * **SMS message length:** Text messages are limited to 180 characters * **No URLs in SMS:** Messages containing links are blocked and will not be delivered * **SMS disabled for large events:** SMS workflows are not sent for events with more than 100 registered attendees * **International SMS delivery:** Some phone carriers in certain countries have strict filters that may block messages #### Related resources * [Zoom Scheduler Product Page](https://www.zoom.com/en/products/appointment-scheduler/) * [Zoom Scheduler Support Documentation](https://support.zoom.com/hc/en/category?id=kb_category\&kb_category=9a27b21a8720391089a37408dabb35c5) * [Zoom Calendaring Integration Explainer](https://library.zoom.com/admin-corner/third-party-integrations/zoom-calendaring-integration-explainer) * [Network and Firewall Requirements for Zoom](https://support.zoom.us/hc/en-us/articles/201362683-Network-firewall-or-proxy-server-settings-for-Zoom) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://library.zoom.com/zoom-workplace/zoom-scheduler/zoom-scheduler-explainer.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.