Not able to retrieve Host Key using /users API

I am calling the List users (/users) API with include_fields=host_key param and the API is not returning the host_key. It was working until y’day and stopped all of a sudden.

Tried the Get User API, but it also doesn’t give me host_key either. The documentation says that it should provide the host_key in the response.

Anything am missing. I am wondering what changes for it to stop working all of a sudden. And any idea when it will be resolved?



Using the{userId} it used to work for us for months up until today.
Since today, this API no longer returns the host_key field.
Was that a planned change, or is it a bug in the Zoom API that will be resolved soon?
It breaks our current workflow.

Thank you.

Edit: Is it linked to the API update done 9 hours ago? Changelog


After an initial email with support, the response is “For security reasons, the host_key is no longer returned”.

Ok but, as an ISV, I am creating zoom users on behalf of my users, and I forward them their host key, so that they can identify as host when using their phone.
Right now I can no longer do that, and I had to switch to my fallback videoconference provider.

I am wondering what is the alternative to “host_key” now?


Edit: I am continuing discussion with support privately, just sharing here infos for the initial poster and others.


@multunus and @nand , thanks for bringing this up, I’m sorry for the impact the change has caused. I can confirm this is in fact the current intended behavior after a change. We’re working to ensure feedback and use cases is taken into account and will share more information very soon.

@nand , I totally hear you on the ISV use case and the need to set the host key for your non-login users. We’re working on it, and will follow up shortly

I am having this same issue, and require the host_key for our workflow.
Is there any update to this yet?

Hi !

Same here, as ISV partner our zoom integration relies on that host_key property. Is there any alternative to retrieve users host keys please ? Any other endpoint ?

Wouldn’t it have been better to address this earlier ? From previous posts, it looks like nobody knew the host key was about to be deleted/deprecated after this last API update. We are using it in most of our workflows and a few transactional emails.

I can understand it was done on purpose for security reasons. However, how should we address this with our customers / end-users now ?


We also require the host key for our workflow.
Please let us know a workaround as soon as possible.
Thank you.

Hi everyone! We are working on a fix for this issue!
As soon as I have more information I will come back to you all!

Thanks for keeping us updated.
Do we have any information about this “fix”?
Is the fix to have the API call return the host_key field again, or will there be a different workaround?
Do we have any kind of a timeline?

I’ve been yelling at my zoom account rep, customer success manager and support about this issue.

This is an interesting response I got from support

“I’ve received confirmation from the engineering team that on June 21st they intentionally introduced a “breaking change” to the Zoom API. Service engineering has explained there will no longer be an option to us “GET” requests to access the host key. The engineering team has introduced this change as a security enhancement”

So in a nutshell, they intentionally introduced a breaking change without notifying customers, or announcing it or adding it to the developer changelog.

Fabulous coordination, bravo.

Hi @sotelemed and @cdahms
I really understand how you are feeling and we have addressed this issue.
I can confirm with you that we have rolled back this change and you should be able to have access to the “host_key” as you used to.

I will keep you posted on any changes and I will make sure to pass along your feedback to the appropriate team.
Let me know if there is anything else I can do to support you


Confirmed fixed! Thank You!

1 Like

I can confirm that all related issues from yesterday are gone aswell. Thanks for following-up and thank you for the rollback!

1 Like