I’m programming to download a recording file on Zoom triggered by “recording.completed” event of WebHook.
There was news that Zoom’s recording files were open to the public.
Some people speculate that the download destination for the recording file is an open link (a URL that anyone can guess to access), which was obtained and published.
Using the download_url and download_token in the parameters of the “recording.completed” event, I get the recording file.
Are these download_url and download_token character strings that can be inferred from the meeting ID, account number, etc.? Will these be leaked to the outside?
Thank you for reaching out to the Zoom Developer Forum. Great question! I’m happy to report that there is nothing to worry about when it comes to the security of our recordings. We employ a variety of methods to make sure that your data stays safe. As you mentioned, the download_token is an example of such a method. It cannot be obtained by anyone outside of your account and cannot be generated using any public information.