[bug] webinars endpoint failing with webinar id containing plus sign (+)

API and Webhooks
1

I have a server-to-server application that fetches details for upcoming webinars on our account, using straightforward calls to the /webinars endpoint.

This is now malfunctioning, but only for one particular webinar. The only difference or possible cause I can see is that the webinar id that is failing contains a plus sign: 0LEkvqqIRn+CaF7paPIRgA==

I’ve tried encoding the request, either by encoding only the plus sign, or encoding the entire string including the equals signs (although those are working fine for other webinars with = in the id.

GET https://api.zoom.us/v2/webinars/0LEkvqqIRn+CaF7paPIRgA==
GET https://api.zoom.us/v2/webinars/0LEkvqqIRn%2BCaF7paPIRgA==
GET https://api.zoom.us/v2/webinars/0LEkvqqIRn%2BCaF7paPIRgA%3D%3D

All of those result in the same failure:

{"code": 3001,"message": "Meeting is not found or has expired."}

As far as I can tell, that must be an API bug, as the webinar is otherwise fine, and the id is coming straight out of the list of webinars from the base /webinars endpoint.

I’d appreciate that getting investigated / patched, as I haven’t been able to find any workaround. Thanks.

2

Experimenting with this more, by chance I happened to create a webinar that had a slash (/) in the id, and that also fails:

ID: LeJP0H/uT6+ns639is148A==

Request:

GET https://api.zoom.us/v2/webinars/LeJP0H%2FuT6%2Bns639is148A%3D%3D

Response:

{"code":2300,"message":"This API endpoint is not recognized."}

…that’s fairly clearly a result of the server decoding the url and then misinterpreting the forward slash as part of the endpoint routing.

3

Hi @MatthewC
Thanks for reaching out to us.
I have never experienced the issue with a webinar containing a + sign.
If the webinar ID starts with / or contains //, you must double-encode it before making the API call.

I was able to look into the webinar id you shared (0LEkvqqIRn+CaF7paPIRgA==) and it looks like the webinar exists but has not been started yet. What endpoint are you trying to call?
If you query the List webinars endpoint, do you see that webinar?

4

Hi @elisa.zoom. Ah, yes it’s a double encoding issue, even though the webinar ID’s do not contain a double slash.

Here are the full steps to reproduce. You will of course need a webinar with a plus sign to try it. The only edits here are removing the token and webinar details.

Fetch list of webinars:

curl --location 'https://api.zoom.us/v2/report/upcoming_events?from=2025-11-01&type=webinar&to=2025-11-30' \
--header 'Authorization: Bearer TOKEN_REMOVED'

Response:

{
    "from": "2025-11-03",
    "to": "2025-11-30",
    "page_size": 30,
    "next_page_token": "",
    "upcoming_events": [
        {
            "id": "0LEkvqqIRn+CaF7paPIRgA==",
            "topic": "TOPIC_REMOVED",
            "dept": "",
            "start_time": "2025-11-06T19:00:00Z",
            "host_id": "JonaHOmKQxqapDN41l7C2Q",
            "host_name": "HOST_REMOVED"
        },
        {
            "id": "uUQqs9o0RimzLY9Ls0HNCA==",
            "topic": "TOPIC_REMOVED",
            "dept": "",
            "start_time": "2025-11-13T00:45:00Z",
            "host_id": "LOnXqtAZSzy5eDNGtfqjwg",
            "host_name": "HOST_REMOVED"
        }
    ]
}

Then use the webinar ID’s from that list to fetch individual webinar details…

Fetching the second webinar’s details (which does not contain the plus sign):

curl --location 'https://api.zoom.us/v2/webinars/uUQqs9o0RimzLY9Ls0HNCA==' \
--header 'Authorization: Bearer TOKEN_REMOVED'

Response:

{
    "uuid": "uUQqs9o0RimzLY9Ls0HNCA==",
    "id": 88032493017,
    "host_id": "LOnXqtAZSzy5eDNGtfqjwg",
    "host_email": "EMAIL_REMOVED",
    "topic": "TOPIC_REMOVED",
    "type": 5,
    "start_time": "2025-11-13T00:45:00Z",
    "duration": 105,
    ...etc
}

Fetching the first webinar’s details (which does contain a plus sign) the exact same way:

curl --location 'https://api.zoom.us/v2/webinars/0LEkvqqIRn+CaF7paPIRgA==' \
--header 'Authorization: Bearer TOKEN_REMOVED'

{
    "code": 3001,
    "message": "Meeting is not found or has expired."
}

With single encoding:

curl --location 'https://api.zoom.us/v2/webinars/0LEkvqqIRn%2BCaF7paPIRgA==' \
--header 'Authorization: Bearer TOKEN_REMOVED'

{
    "code": 3001,
    "message": "Meeting is not found or has expired."
}

With double encoding:

curl --location 'https://api.zoom.us/v2/webinars/0LEkvqqIRn%252BCaF7paPIRgA==' \
--header 'Authorization: Bearer TOKEN_REMOVED'

{
    "uuid": "0LEkvqqIRn+CaF7paPIRgA==",
    "id": 87172505602,
    "host_id": "JonaHOmKQxqapDN41l7C2Q",
    "host_email": "EMAIL_REMOVED",
    "topic": "TOPIC_REMOVED",
    "type": 5,
    "start_time": "2025-11-06T19:00:00Z",
    "duration": 60,
    ...etc
}

So, I think the solution here is actually just documentation. The webinar details endpoint documentation doesn’t indicate anywhere that the ID returned might include characters that make it unsafe to simply take and reuse directly in future API calls, and imho it’s fairly reasonable to assume an ID would be safe to reuse. So we only encountered this as a bug once already in production. Double encoding before using that ID in any further API requests is easy enough, and I’ll implement that now, I just didn’t realise it would be necessary.

Thanks.

5

Hi @MatthewC
Thank you so much for such detailed explanaition and I agree, this is a documentation issue.
In some endpoints, we specify that if there is a ‘/’, you should double encode the UUID, but we do not mentione this for ‘+’ sign.
I will submit a docs improvement request for this issue.
Thanks you so much

6

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.