Custom Integration

Technical reference for engineering teams building MCP-compatible AI tools that connect to ZoomInfo.

May 6, 2026·

Rowan BaileySenior Director, Product

Overview

ZoomInfo MCP is an open MCP server. Any client that can complete an OAuth 2.0 Authorization Code flow and speak the MCP protocol can connect to it. This guide walks through what an engineering team needs to build a custom MCP client (or agent) that points at ZoomInfo.

Server Details

Property	Value
MCP Server URL	`https://mcp.zoominfo.com/mcp`
Protocol	Model Context Protocol (MCP)
Architecture	Stateless
Auth	OAuth 2.0 Authorization Code with PKCE
Rate limit	25 requests per second

Create an MCP App in the DevPortal

Custom clients authenticate against an MCP App registered in the ZoomInfo Developer Portal. Each tenant manages its own apps; client credentials are issued per app, not per user.

Open the DevPortal

Go to developer.zoominfo.com↗ and sign in. If you don't see the DevPortal in your launcher, your ZoomInfo admin needs to assign the DevPortal subscription to your user (Admin Portal → User Management → Users).

Create a new app

Click Create App in the top-right corner. A modal appears with two options. Select MCP App, not API App. MCP Apps come pre-configured for the Authorization Code flow that MCP clients require.

Configure the app

Provide:

App name: something descriptive. Users will see this on the consent screen during sign-in.
Authentication type: Authorization Code. This is the only supported flow for MCP clients.
Sign-in redirect URIs: the callback URL your client will use to receive the authorization code. For local development this is typically http://localhost:8080/callback. Production clients should register their public callback URL. You can register multiple URIs on a single app.

Select scopes

Choose the data scopes your tool needs. There is no dedicated MCP scope; pick the underlying datasets the tools you intend to expose will read from (for example, api:data:company, api:data:contact, api:data:intent). Fewer scopes means narrower tool availability at runtime. Full reference: OAuth 2.0 Scopes↗.

Save and grab credentials

Click Create. Internal-use apps are approved immediately and appear in the DevPortal table. Open the app. Copy your Client ID and Client Secret. Treat the secret like a password: store it in a secrets manager or the OS keychain. Never commit it to source control.

If your app is intended for users outside your tenant, see the Partner App submission process↗. Internal-use apps work for any user inside your ZoomInfo organization without further review.

Authentication Flow

ZoomInfo MCP uses Authorization Code with PKCE. Each end user authenticates with their own ZoomInfo credentials, and tokens are bound to that user. Avoid shared service accounts: tools like Account Research personalize results based on the calling user's CRM context, and a shared identity loses that.

The flow your client implements:

Generate a PKCE code verifier and challenge.
Open the ZoomInfo authorization URL in the user's browser, passing your client_id, redirect URI, requested scopes, and the PKCE challenge.
The user signs in and approves the requested scopes.
ZoomInfo redirects to your callback URL with an authorization code.
Your client exchanges the code (plus the PKCE verifier and client_secret) at the token endpoint for an access token and refresh token.
Use the access token in the Authorization: Bearer <token> header on requests to https://mcp.zoominfo.com/mcp.
When the access token expires, use the refresh token to get a new one without prompting the user again.

Detailed endpoint references and example requests live in the API auth docs: Authorization Code Flow with PKCE↗ and Refresh Token Flow↗.

📝

Quick testing without building the flow

Skip the OAuth handshake while you're prototyping. The DevPortal can mint a short-lived bearer token directly from the app detail page (look for Generate Bearer Token). It expires fast. Tokens minted this way consume real credits and count against rate limits.

Connecting Your Client

Most MCP clients accept a server URL plus an OAuth configuration. The exact shape varies by client; the example below is the minimum config form, and your client library will wrap the OAuth handshake described above.

{
  "mcpServers": {
    "zoominfo": {
      "url": "https://mcp.zoominfo.com/mcp",
      "auth": {
        "type": "oauth2",
        "clientId": "<your-client-id>",
        "clientSecret": "<your-client-secret>",
        "redirectUri": "http://localhost:8080/callback"
      }
    }
  }
}

On first connection, the client calls tools/list to fetch the active set of tools and their schemas. This happens at the start of every session. Your client always sees the latest definitions without versioning overhead.

Tool Discovery

tools/list returns every tool the authenticated user has access to. Each definition includes:

Name: the identifier passed to tools/call.
Description: written for LLM routing. It states when to use the tool and what inputs it expects.
Input schema: JSON Schema describing required and optional parameters.

// Example: tools/list response (abbreviated)
{
  "tools": [
    {
      "name": "lookup",
      "description": "Reference data for valid search filter values...",
      "inputSchema": {
        "type": "object",
        "properties": {
          "fieldName": {
            "type": "string",
            "description": "Field to lookup (e.g., management-levels, industries)"
          }
        },
        "required": ["fieldName"]
      }
    }
  ]
}

Calling a Tool

Use tools/call with the tool name and arguments:

{
  "method": "tools/call",
  "params": {
    "name": "search_companies",
    "arguments": {
      "industryId": "6374",
      "employeeCount": { "min": 100, "max": 1000 },
      "location": "United States"
    }
  }
}

Batch Sizes and Rate Limits

Tool	Max records per call
Enrich Companies	25
Enrich Contacts	25
Find Similar Companies	25
Find Similar Contacts	25
Find Recommended Contacts	25
Account Research	1
Contact Research	1

The rate limit is 25 requests per second per authenticated user. Build retry logic with exponential backoff for production workloads. Bulk extraction and scraping are prohibited under ZoomInfo's Acceptable Use Policy.

Error Handling

ZoomInfo returns standard HTTP status codes. Common ones:

Code	Cause	Resolution
`401`	Invalid or expired access token	Refresh the token, or restart the OAuth flow if the refresh token is also expired
`403`	Insufficient entitlements or missing scope	Check the user's package, bulk credit availability, and that the app was granted the right scopes at creation
`429`	Rate limit exceeded	Back off and retry

Full error reference: ZoomInfo API documentation↗.

Context Management

Direct tools (Search, Enrich, Lookup) return data straight into the calling LLM's context window. Cap batch sizes to fit your model's window.

Research tools (Account Research, Contact Research) run a sub-agent layer that synthesizes large payloads before returning a focused summary. This keeps the calling context manageable even for deep account work.

API Reference

For the full ZoomInfo API and data schema reference, see docs.zoominfo.com/docs↗.

PreviousPerplexity Next Tools