file subdomain working correctly?I am not able to upload any file using the steps mentioned in the docs.
curl -X POST -H "Authorization: Bearer TOKEN" -F "file=@file.txt" -F "to_channel=CHANNEL_ID" https://file.zoom.us/v2/users/me/messages/files
The response is something like this: curl: (52) Empty reply from server
Please help, What shall I do in this situation?
HI @Ns19
Thanks for reaching out to us and welcome to our community.
Could you please add “chat” to your path, it should look like this:
https://file.zoom.us/v2/chat/users/me/messages/files
Thank you @elisa.zoom for the help. But this isn’t working too.
curl -X POST -H "Authorization: Bearer TOKEN" -F "file=@file.txt" -F "to_channel=CHANNEL_ID" https://file.zoom.us/v2/chat/users/me/messages/files
The response is empty. After monitoring properly. I found that the Curl Command hits a 307 Temporary Redirect
HTTP/1.1 307 Temporary Redirect
Date: Tue, 18 Jul 2023 09:58:34 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 0
[...SNIP...]
Location: https://us04file.zoom.us/v2/chat/users/me/messages/files
Content-Disposition: attachment
And when I follow the redirect, it says Invalid Token. Looking at the host I found the primary endpoint is this us04file.zoom.us. Is it some issue? Or has the host for file upload API been changed?
Thanks for the update @Ns19
Let me go ahead and test this on my end.
Were you able to post the file using this endpoint us04file.zoom.us.?
@Ns19 I think I have a pretty good idea what the problem is because I have experienced it myself some time ago. I wasn’t using curl, but the underlying problem was the same: the bearer token is omitted when a HTTP request is redirected. Let me try to explain:
Most modern HTTP clients have a built-in security feature that prevents authentication information such as username+password or a bearer token to be be included when following a HTTP 307 Temporary redirect. This is done to avoid leaking authentication information to a web site that may be different than the site where you sent your original request.
In the case of uploading a file to the Zoom API using curl, the sequence of events is something like this:
HTTP 307 Location https://us04file.zoom.us/v2/blablablacurl follows the redirect but, for security reasons, omits the bearer tokenTo be clear: this situation is intentional on the part of curl in order to avoid leaking sensitive information and also this situation is not specific to curl. For instance, I personally experienced this problem with Microsoft’s HTTP client for .NET as I described here. I don’t know for a fact but I’m pretty sure the HTTP client in most modern languages such as Java, Python, etc. behave the same way.
I am no expert on how to use curl but I believe there is a way for you to indicate that you allow curl to forward the bearer token. This article may be helpful: How can I instruct curl to reuse credentials after it followed a redirect?
Let me know if this helps.