Not Permission "Fail toJoin the metting"

Description
Failure to connect a meeting or webinar

Error
Error en el mapeo fuente: Error: request failed with status 403
Object { method: “join”, status: false, result: “Sin permiso”, errorMessage: “Fail to join the meeting.”, errorCode: 1 }

Which version?
1.8.0

To Reproduce(If applicable)
Steps to reproduce the behavior:

  1. I generate signature with function encode64 PHP …
  2. I modify meeting.js passing the signature that the function returns
  3. Enter name. Id Meeting or Webinar and email and click to join meeting
  4. See error Fail to join the metting

Screenshots

Device (please complete the following information):
Navegador Chrome y Mozilla

Additional context
I have done the steps shown on the page https://marketplace.zoom.us/docs/sdk/native-sdks/web/build/signature but I could not launch the meeting due to this error, and the function generates the signature passing the data that is said on the page: { api_key, api_secret, meeting_number, role …}
Please thank you for helping me since I am integrating the WEB SDK in my APP …

I attend to comments

Hey @eliana.castro,

Thank you for reaching out to the Zoom Developer Forum. I understand that you’ve had a chance to review our documentation but I also want to confirm that you are using the PHP example to generate a signature from that page:

function generate_signature ( $api_key, $api_secret, $meeting_number, $role){

	$time = time() * 1000 - 30000;//time in milliseconds (or close enough)
	
	$data = base64_encode($api_key . $meeting_number . $time . $role);
	
	$hash = hash_hmac('sha256', $data, $api_secret, true);
	
	$_sig = $api_key . "." . $meeting_number . "." . $time . "." . $role . "." . base64_encode($hash);
	
	//return signature, url safe base64 encoded
	return rtrim(strtr(base64_encode($_sig), '+/', '-_'), '=');
}

If that doesn’t help, are you able to paste the signature you’re using when this fails as well as share a public git repository of the code encountering the issue?

Thanks,
Max

Hi MaxM

Thank you for providing feedback on my Ticket. :fu: :fu:
Yes I do! i´m using the same example and the problem was that Reunion ID did not appear in the signature, and I was able to solve this … and I have these observations:

  1. The API_SECRET I can hide it through the signature and pass it to the Library and there is no problem.

  2. I still need the API_KEY in liberia to join the meeting and it can be viewed from the browser console.

Questions:

  1. Is it necessary to hide the API KEY in the library or only hiding the API_SECRET is it enough?

  2. If it is necessary to hide the API_KEY, could it be done with a function inside the library decoding the signature and extracting the API_KEY … is this way of doing it acceptable?

  3. Any suggestions to hide the API_KEY and not be visible from the console?

Note: I use the (
sample-app-web 1.8.0)

Attentive to comments

Hey @eliana.castro,

Thank you for the update. I’m glad to hear that answered your questions!

The API_SECRET I can hide it through the signature and pass it to the Library and there is no problem.

Any suggestions to hide the API_KEY and not be visible from the console?

Both the API Key and Secret should be contained in environment variables that are used by your application. This will prevent them from being easily obtained by bad actors.

Is it necessary to hide the API KEY in the library or only hiding the API_SECRET is it enough?

Any suggestions to hide the API_KEY and not be visible from the console?

It’s not necessary to keep the API Key secured, it is only used to identify your app. Conversely, you will want to keep the API Secret secure, but, it sounds like you’ve already done a great job of that by encrypting it and encoding it as outlined in our Generating a Signature documentation.

Let me know if you have any questions.

Thanks,
Max

thank you very much MaxMa

I will keep these suggestions in mind.

1 Like

Let us know if we can help with anything else! :slight_smile:

Thanks,
Tommy