API Endpoints
GET /phone/call_logs/*{id}*/recordings
Description
The problem is with how backend systems work with webhooks and how Zoom Phone API is implemented, I get a call from a webhook, in my case, from phone.recording_transcript_completed, it provides me with a call ID.
I then go a head and use the call ID to hit the GET /phone/call_logs/*{id}*/recordings endpoint, this endpoint needs a valid access token for either the caller or the callee, this have two scenarios:-
1-If the app is admin-managed, I can use the admin access token and access any recoding that was made by any member under the admin organization.
2-If the app is user-managed, I will need individual access tokens for either the caller or the callee to make the API request.
And because this is a webhook call that can happen at any time, I cannot prompt the user to authorize the app as the user is not directly connected to my endpoints through a client app, the bot is running 24/7 and receives webhook calls from every person that authorized before.
So I have to save the refresh token of each user when he authorizes the app so I can use it later to get both an access token and a renewed refresh token to be able to make API calls later for this user resources for every webhook call.
Error?
The problem is that if the user got signed out from any of his devices (Zoom web client signs me out frequently multiple time per day by itself), and then he signed in again, my stored refresh token for that user will be invalidated, and I will not be able to do any actions to that user anymore until he authorizes the app again.
This is very impractical in a production environment, and the only solution for it currently is to notify the user through Email or SMS to reauthorize for the bot to work with him again which is both very frustrating and not user friendly, specially that users have to be sign out a lot automatically.
Also using server-to-server app will not work too as it’s hooked to a single account and my backend needs to work with webhooks for different users that will authorize it with their accounts.
Isn’t there’s a way to generate a long-term access token for the account for the bot to use?