Hi,
We conduct medical courses and educations during which some sensitive information is being shared.
So, the below issue (and an urgent solution) is of utmost importance for us.
To strictly control the attendance, we created an internal (not-published) JWT app to manage the registrations as well as attendee tracking.
The reasons for attendee tracking are as follows:
• Authorization: only those who have passed certain qualifications can attend the meeting.
• Certification: attendee should spend at least a certain amount of time to be entitled to get a certificate.
The problem is that there is no way to cross-match the registration records with the attendees who actually joined the meeting (or I am missing something, hopefully).
Here is a sample transaction to/from Zoom API registration service:
{
"request": {
"email": "john.doe@hotmail.com",
"first_name": "John",
"last_name": "Doe"
},
"response": {
"registrant_id": "twyX0LRq4*1$#bGFv9aN4n",
"id": "***********",
"topic": "THERAPY of ... ",
"start_time": "2020-05-05T07:00:00Z",
"join_url": "https://us02web.zoom.us/w/26269669188?tk=TnsX28p62Sv*^Amwb#hKvvxz5t!9@l9Cvgk&bfI0LVO4Q^MGRhBnHzDVmRMF3yGQFPq6y6V5mCHn9&fzqBUt5rKyoO6lvTd!$yw5f@UHzeS^IzV#SWra&pwd=o5nzrcy^zV@NMO%o3nQxnP79vBtpvMa6"
}
}
And here is a participant-joined event from API:
{
"payload": {
"account_id": "v9oaX967VIey3NGUVeMjA!",
"object": {
"uuid": "ut!yPw06zwQ0*wW9y1t2Y0Iv",
"participant": {
"user_id": "5432123786",
"user_name": "john dawson",
"id": "ngmSksBDNwHNZnThidaOkR",
"join_time": "2020-05-08T10:48:04Z"
},
"id": "***********",
"type": 8,
"topic": "THERAPY of ... ",
"host_id": "dSuGdK7hIYKKODXbfzj92R",
"duration": 360,
"start_time": "2020-05-05T05:36:16Z",
"timezone": "Europe/Istanbul"
}
},
"event": "meeting.participant_joined"
}
You’ll notice that there isn’t any definitive / identifying value shared between those two payloads.
No e-mail, no participant id, no registration id, no username, no nothing…
Even the name of participant is not the same.
She (it was a she in the original record that I’ve taken this example from) was either already logged-in to her Zoom account and her name is different than the registration list and Zoom prioritized the former or even worse Zoom somehow asked her to enter a name when joining the event. Needless to say that we do not allow participants rename themselves.
Including, simply, the registrant_id in the participant object of the subscribed event would have solved this issue and I suspect that there’s no downside of it, security or performance-wise…
And if the registration is not required for that meeting/webinar, an empty string for that key would do.
So, here is our current solution(!?) to this issue:
Whenever someone joins the meeting, we give her/him via Zoom Chat a random 6-digit code and ask her/him to send it to us through WhatsApp from her/his registered phone number.
Unfortunately, it’s not manageable, it’s hardly a solution to begin with
They might not look at the chat window, they drop connection and re-connect again and again.
About the attendee time-tracking for certification purposes, there’s nothing I can do since manually tracking the join/leave times is virtually impossible.
And this is the situation for our current events of appr. 100-150 participants.
I absolutely have no idea how to verify attendees when we hold a large meeting with hundreds of doctors and specialists.
Ok, well…
Firstly, I cannot hold myself no more and say it:
Who designed this, for the heaven’s sake, and what were you thinking?
Secondly, is there something I can do to match a record from the registration reply to an attendee who actually joined the meeting?
Maybe, a setting in our marketplace JWT app or decoding the token in the join_url or something else, fingers crossed?
Thank you…
~ Fatih
*This post has been edited to remove any meeting / webinar IDs