Account Locking - company 'offline'?

Hello again.

As written here, websdk ‘accounts’ will get locked if a user enters multiple wrong passwords (or room ids) withing 5 minutes.

It looks to me that this ‘account locking’ happens on websdk-key level, i.e. one user gets the account locked, and all other users within this company (using the same websdk api key/secret pair) will get locked too for 30minutes.
I verified this several times by using different room ids, belonging to the same company (i.e., using the same websdk api key / secret).

Could you please give an explicit statement if this is true (as requested in the linked ticket).

  • if no, i would be happy if you could assist in debugging this issue, i can PM you the room ids (+websdk key pair)
  • if yes, … well this would render your websdk practically useless. in a company or university with some hundred users the websdk keypair would be locked most of the time. i totally understand your need to protect against various forms of ‘zoom bombing’, but this cannot be the way you want to go here.

Plz keep me updated

Hi @harald.glanzer, yes as @michael_p.zoom spoke to in the other thread, an account’s API Key will be locked for 30 minutes if the Web SDK attempts to join an incorrect meeting ID / password too frequently within a 5 minute period. We understand that this can cause issues on large accounts if password validation is handled through the join process, not client side. We’re working on improved protections on this to support valid uses; however, this is the current restriction given that the account-level API Key is what is used to authenticate the Web SDK.