Description
On my account (I am an admin) these API endpoints do not include the “prevent_host_access_recording" field in their response.
Additionally, this setting does not exist in my accounts Zoom Admin UI (according to zoom docs this should exist).
These endpoints used to return this field, we had (OAUTH based) automation in place for awhile that was working fine and now that this field is missing in the response our workflows are broken (we do checks on this field to make sure the user should be able to access their recordings before we move on to further calls to do things with said recordings).
I looked through the API change notes and could not find anything about this behavior changing.
Error? No error message, the field simply no longer exists in the response.
How To Reproduce Do a GET on those endpoints and inspect the response to see that this field is missing.
I am now debugging this further on my own outside of our existing tool and am finding that I can no longer even successfully hit these endpoints with my access tokens. Again, I am an account admin with a valid oauth token that has every single “account” scope granted to it, but all of my attempts to query these endpoints now results in Error code 4711 ‘Invalid access token, does not contain scopes:[account:read:settings:master].’ I am NOT hitting the Master API endpoint and I do NOT have multiple accounts/Master API setup. This is a single zoom account that I am the admin of. When I go to the config for my server to server oauth app and browse scopes, account:read:settings:master does not exist. I’m confused because the non-Master Accounts API spec says that this is a required Granular scope (within the accounts:read:admin scope, which i have) yet this scope does not exist in my account?
I just discovered this while debugging with my colleague who’s account is the “owner” of our Zoom org.
This API scope ( account:read:settings:master ) shows up as available for his account but none of the other admins like myself. Is this working as intended? If so, this should definitely be in the API documentation if a required scope for a call can only be done by the account owner’s oauth account.
ok, final update for now. The documentation is pretty unclear as to what to put in the {account-id} field it seems. Even if my colleague who is the account owner hits this API endpoint, even THEY can not get the account-wide settings by supplying the Account ID that the app tells us to use. The only thing I’m able to get returned is if i set the account-id param to “me” which is…..OK?
Regardless, none of the responses to these endpoints, with ANY of the optional params (i’ve tried all of them) returns a payload that has the “prevent_host_access_recording” field in it. Has this field been silently deprecated and removed?
I am able to successfully do a PATCH call on the account settings to set the prevent_host_access_recording field, and I get a 204 (success, with no body) response.
But then when i GET it again the field is STILL not there
In case anyone else runs into this, I had to open a ticket with Zoom Support on this, they then escalated it to tier 2, and then finally they confirmed that this is a hidden backend setting that only Zoom Support can enable for you.
So if you need this field present on your API endpoints, you need to open a ticket with Zoom and request that they enable it for you on the backend.
