How to generate "join" URL given ID and password?

Adnan, I think you are right. If only the Zoom company would let us know what the hash function is… I guess they erroneously believe that keeping the hash function secret increases security. They should ask a security expert and learn that it doesn’t. That’s not how hashing is used to make passwords secure!

The Zoom company has funny ideas about security. They have convinced some hosts to disable private chat, and require that private messages be sent via the host, manually! They have convinced some hosts that participants should wait until the host lets them into the room, one by one! Both pieces of advice interfere with ease of use for questionable benefit.

Companies that are open and request feedback and suggestions, produce far more useful products. Zoom has great technical innards, but a clumsy, awkward user interface that can fail for some use cases. And they clearly simply don’t care. Unfortunately, their newfound popularity due to the pandemic has only reinforced their unwillingness to improve their Meeting product.

I’m not even intending on developing anything. I’m just a user where my fitness instructor sent me a meeting ID and password, and I just wanted to convert it to a URL so I could bookmark it. That’s how I found this question.

As it stands, the “click here to join meeting” URL structure is something like this:
https://us02web.zoom.us/w/<some number here, probably the user ID of the meeting creator>?tk=<something else, probably some hashed value of the meeting ID>&pwd=<definitely not the password as it appears in the email, so probably the hashed value of that or something>

If I use just the regular values in my bookmark and try to navigate to it, will Zoom correctly redirect me?

Tessa, I don’t know the specific answer to your question (you can experiment), but the main problem is that the “PWD=” argument in the meeting link URL is NOT the password, but a value computed from the password. In this thread I have been arguing with Zoom about this user-unfriendly design and their response above is that they will not change it.

So, currently, you cannot change a meeting ID and password into a URL to bookmark it or create a command from it. That was Zoom’s conscious and stupid decision and it will stand perhaps until another company captures the enormous Zoom market by offering more flexibility, more convenience, and less arrogance toward users.

Hi David3, You have explained your question perfectly. I ended up here because I was looking for the same solution. I received a Zoom invite with the Personal ID and the password. I play computer for a living and can figure out how to connect. Users who do NOT play computer would never be able to get to the meeting. Someone else setup the meeting. I need to forward that meeting invite (with their permission) to a group of people. Rather than send Personal ID and password, convert those to a URL. Because the PW part is a hash, completely secure. Actually much safer than sending Personal ID and PW in clear text. There should be a simple tool to take that info and covert it to a URL. So when I forward the meeting invite, I can send: Click this URL for our Zoom meeting. All the banter is this thread is BS. Your original question was to the point and a simple question. No deep thought required to parse the question.

Thank you all for investigating this before me. I personally have an ID and PW. I wanted to include the link on my calendar. Seems like it should be a straight forward task. I am sad that ZOOM doesn’t even seem open to considering it. The security breech that they are concerned about is puzzling because I already have the ID and PW! I’m hoping that some forward thinking innovated ZOOM employee will reconsider this and the company-customer methodology.

2 Likes

jodiann, I think your observation of this thread is intelligent and accurate. There appears to be something seriously wrong with Zoom, the company. Perhaps it is that it has grown way too quickly as a result of the pandemic. Perhaps their behavior is due to company politics, or to simple arrogance or even to ignorance of the incredible range of software design and implementation possibilities. It is hard to tell from the few words they have shared in this thread.

As I continue to attend and host Zoom meetings, I find one limitation after another in the product (and even, rarely, bugs). Zoom meetings could easily be several times better in terms of ease of use, flexibility, and features. Why is this company so dead-set against gathering ideas and suggestions? Why will it not improve the product? Why is it so attached to their status quo? Why must it act like so many other software companies?

Hey Everyone,

Due to security and privacy reasons we do not plan to expose how we are generating the encoded password for meetings.

That being said, you can securely get the join_url with the password via our API.

Thanks for your understanding,
Tommy