Description
In our SaaS we call /v2/users/me/recordings to fetch recordings and then import files using the returned download_url. For the download, we attach the user’s OAuth token via a access_token query parameter.
Today, this suddenly stopped working, but as it seems only for non-admin users in our account, without any changes on our side. I’m not sure yet whether this already affects any of our customers. The last successful import from a non-admin user in our account was at November 26.
When we try to download a recording of a non-admin user using his Oauth token and the download_url, Zoom returns an HTML file containing the message “No Permission. (200)”.
I’ve already tested passing the token via the Authorization: Bearer header instead of the query parameter, but the result is the same. I also checked the setting “Prevent hosts from accessing their cloud recordings”, but it’s not enabled in our account.
I’m not sure why this fails all of a sudden. I’m not aware of any changes on our side, and this approach has worked without issues for a long time.
Error?
No Permission. (200)
How To Reproduce
*Steps to reproduce the behavior:
Get OAuth token for non-admin user via /oauth/token
Fetch recordings via/v2/users/me/recordings using this token
Try download a file via returned download_url and the same token e.g. https://eu01web.zoom.us/rec/download/abc?access_token=TOKEN.
Looking into this. Could you please provide a few zm-tracking-idfrom the response headers of the failed requests? I’ll let you know if there’s anything else needed.