API Endpoint(s) and/or Zoom API Event(s)
-
/v2/users/me/recordings -
https://eu01web.zoom.us/rec/download
Description
In our SaaS we call /v2/users/me/recordings to fetch recordings and then import files using the returned download_url. For the download, we attach the user’s OAuth token via a access_token query parameter.
Today, this suddenly stopped working, but as it seems only for non-admin users in our account, without any changes on our side. I’m not sure yet whether this already affects any of our customers. The last successful import from a non-admin user in our account was at November 26.
When we try to download a recording of a non-admin user using his Oauth token and the download_url, Zoom returns an HTML file containing the message “No Permission. (200)”.
I’ve already tested passing the token via the Authorization: Bearer header instead of the query parameter, but the result is the same. I also checked the setting “Prevent hosts from accessing their cloud recordings”, but it’s not enabled in our account.
I’m not sure why this fails all of a sudden. I’m not aware of any changes on our side, and this approach has worked without issues for a long time.
Error?
No Permission. (200)
How To Reproduce
*Steps to reproduce the behavior:
- Get OAuth token for non-admin user via
/oauth/token - Fetch recordings via
/v2/users/me/recordingsusing this token - Try download a file via returned
download_urland the same token e.g.https://eu01web.zoom.us/rec/download/abc?access_token=TOKEN.