diff --git a/extensions/zalo/src/accounts.test.ts b/extensions/zalo/src/accounts.test.ts
index 4615d79d6b2..bd068a55164 100644
--- a/extensions/zalo/src/accounts.test.ts
+++ b/extensions/zalo/src/accounts.test.ts
@@ -45,4 +45,26 @@ describe("resolveZaloAccount", () => {
     expect(resolved.enabled).toBe(true);
     expect(resolved.config.webhookUrl).toBe("https://top.example.com");
   });
+
+  it("uses configured defaultAccount when accountId is omitted", () => {
+    const resolved = resolveZaloAccount({
+      cfg: {
+        channels: {
+          zalo: {
+            defaultAccount: "work",
+            accounts: {
+              work: {
+                name: "Work",
+                botToken: "work-token",
+              },
+            },
+          },
+        },
+      },
+    });
+
+    expect(resolved.accountId).toBe("work");
+    expect(resolved.name).toBe("Work");
+    expect(resolved.token).toBe("work-token");
+  });
 });
diff --git a/extensions/zalo/src/accounts.ts b/extensions/zalo/src/accounts.ts
index 2a2b166b5b2..3911b3a0431 100644
--- a/extensions/zalo/src/accounts.ts
+++ b/extensions/zalo/src/accounts.ts
@@ -29,7 +29,9 @@ export function resolveZaloAccount(params: {
   accountId?: string | null;
   allowUnresolvedSecretRef?: boolean;
 }): ResolvedZaloAccount {
-  const accountId = normalizeAccountId(params.accountId);
+  const accountId = normalizeAccountId(
+    params.accountId ?? (params.cfg.channels?.zalo as ZaloConfig | undefined)?.defaultAccount,
+  );
   const baseEnabled = (params.cfg.channels?.zalo as ZaloConfig | undefined)?.enabled !== false;
   const merged = mergeZaloAccountConfig(params.cfg, accountId);
   const accountEnabled = merged.enabled !== false;
diff --git a/extensions/zalo/src/token.test.ts b/extensions/zalo/src/token.test.ts
index ff3e84ce293..d678c3f468e 100644
--- a/extensions/zalo/src/token.test.ts
+++ b/extensions/zalo/src/token.test.ts
@@ -32,6 +32,21 @@ describe("resolveZaloToken", () => {
     expect(res.source).toBe("config");
   });
 
+  it("uses configured defaultAccount token when accountId is omitted", () => {
+    const cfg = {
+      defaultAccount: "work",
+      botToken: "top-level-token",
+      accounts: {
+        work: {
+          botToken: "work-token",
+        },
+      },
+    } as ZaloConfig;
+    const res = resolveZaloToken(cfg);
+    expect(res.token).toBe("work-token");
+    expect(res.source).toBe("config");
+  });
+
   it("does not inherit top-level token when account token is explicitly blank", () => {
     const cfg = {
       botToken: "top-level-token",
diff --git a/extensions/zalo/src/token.ts b/extensions/zalo/src/token.ts
index ef0bdd91866..6a5a2386d13 100644
--- a/extensions/zalo/src/token.ts
+++ b/extensions/zalo/src/token.ts
@@ -18,7 +18,7 @@ export function resolveZaloToken(
   accountId?: string | null,
   options?: { allowUnresolvedSecretRef?: boolean },
 ): ZaloTokenResolution {
-  const resolvedAccountId = accountId ?? DEFAULT_ACCOUNT_ID;
+  const resolvedAccountId = normalizeAccountId(accountId ?? config?.defaultAccount);
   const isDefaultAccount = resolvedAccountId === DEFAULT_ACCOUNT_ID;
   const baseConfig = config;
   const accountConfig = resolveAccountEntry(