Authenticated user in desktop client or overrides registrant unique url

We have virtual classrooms, so it’s important to restrict the entry to the meetings and enforce the username.

Following previous posts in this forum and the documentation we use the “add registrant to meeting” endpoint to generate a whitelist of “users” (the email addresses are produced by student data, but non-existent), automatically approve them and setting the registration to manual after.

But when the link is used by the student (redirected by our platform) while also authenticated in the desktop client or in (with their own personal account or any external to us), the external authenticated user can enter the meeting after zoom asks for a username (username change in meeting is globally disabled).

Because of this we can’t take attendance by matching the user ID and we can’t enforce the username of the students.

Everything is done through the API by our platform, only the teachers are zoom users (custCreate) under our business account.

Which App Type (OAuth / Chatbot / JWT / Webhook)?

Which Endpoint/s?
POST /meetings/{meetingId}/registrants

Hey @pablo.gonzalez,

Thanks for reaching out about this and for explaining your situation so clearly. There are a few suggestions I’d like to make, if you haven’t already taken these steps.

First, have you considered/already set up an Authentication Profile?

This is configured on the account level, and should ensure that only verified users can join your meetings.

Another measure to help with attendance could be to utilize the GET Meeting Participant Report API:

This endpoint returns the user details as they were when they joined.

Let me know if this information helps!


Hey @will.zoom thanks for answering.

First, have you considered/already set up an Authentication Profile?

Sadly, we can’t consider it, because the students aren’t zoom users under our account. We can’t add them all under our account because we overshoot the limit of 9.999 users per account by a great margin (around 4.500 teachers and over 100.000 students).

Another measure to help with attendance could be to utilize the GET Meeting Participant Report API

In our tests we realized that when a registrant is added to the meeting with an email not used by a zoom user, a “dummy” temporal user is created. And when the unique url is used without an authenticated user in the desktop client, this “dummy” temporal user is reflected in the participant list of the meeting in both endpoints (/past_meetings/{meetingUUID}/participants and /report/meetings/{meetingId}/participants).

We tried to use the email of the “dummy” temporal user to register the attendance, but the email is overwritten when an authenticated user in the desktop client uses the unique url.

Hi @pablo.gonzalez,

Thanks for taking a look at those recommendations, and I can understand how these may not be ideal for your use case.

Another option I wanted to suggest—have you considered using our Participant Joined webhook to capture how the student originally joined the meeting?

The id field provided in the response has a few conditions, depending on registration requirements, that could help you to potentially determine who might have joined in logged in to their own Zoom account vs. who joined with the account denoted in their registration:

If they joined with the expected email/account, this ID would be the same as their registrant ID. Otherwise, you could conclude that they were one of the students who may have used their personal account and account for that accordingly.

While I realize this isn’t exactly a solution, perhaps this could be helpful to you?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.