I am creating a meeting on server-side using the create meeting api and sending the meeting id, password and signature to client web sdk, i am able to join the meeting just fine but so is anyone with the meeting id and password by just typing the join meeting url in the browser. If the signature generated using api secret is not necessary then what is its purpose? Or is there some way to enforce this that i am missing?
Thank you for reaching out to the Zoom Developer Forum. If you create a meeting, users will still be able to join from the Zoom client by using the
join_url returned from the Create a Meeting API.
Further, if your application uses/generates the signature when a user joins the meeting, this would also allow them to join the meeting.
I hope that helps! Let me know if you have any questions.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.