I’m programming to download a recording file on Zoom triggered by “recording.completed” event of WebHook.
There was news that Zoom’s recording files were open to the public.
Some people speculate that the download destination for the recording file is an open link (a URL that anyone can guess to access), which was obtained and published.
Using the download_url and download_token in the parameters of the “recording.completed” event, I get the recording file.
Are these download_url and download_token character strings that can be inferred from the meeting ID, account number, etc.? Will these be leaked to the outside?