API Verification – Zendesk

If your app uses APIs to access users’ data, you might have to complete a verification process before you publish your app.

The applicability of this requirement to your app depends mostly on two factors: the type of user data you access—public profile information, calendar entries, files in Drive, certain health and fitness data, and so on—and the degree of access you need—read-only, read and write, and so on. When you use OAuth 2.0 to get permission from your users to access this data, you use strings called scopes to specify the type of data you want to access and how much access you need. If your app requests scopes categorized as sensitive or restricted, you will probably need to complete the verification process (see, however, the exceptions).

A few examples of sensitive scopes are some of the scopes used by the various API, but there are others.