Problem / AccessDenied on Downloading files from a WebHook event

API and Webhooks
1

Currently experiencing issues when trying to automatically download recordings after a webhook event (“event”: “recording.completed”)
We automatically used the
“download_url”: “https://XXXXXXXXXXXXXXXXXXXXXXXXXXX/”,
to pull back the recording.

now getting a

<?xml version="1.0" encoding="UTF-8"?>AccessDeniedAccess denied

This was working properly over the last week, but seems to have changed in the last 12 hours (guessing updates w/ LOAD on zoom).

From the DOCS, I see they now have a spec for
authorization: Bearer {download_token}

Do we now need to use a JWT token to download the files ? Client_ID / key or something to form an authenticated request?

Please advise, any suggestion / updates to DOCs would be appreciated, as currently not working and we have a university waiting to give green light on process.

I’ve tested this both on my PRO account as well as against an University instance.

To Reproduce(If applicable)
Steps to reproduce the behavior:
Try and download a file listed in the
“recording_files”: [{
“id”: “GUID”,
“meeting_id”: “SYSYSYSYYSYSYSY”,
“recording_start”: “2020-03-22T15:55:44Z”,
“recording_end”: “2020-03-22T15:56:42Z”,
“file_type”: “MP4”,
“file_size”: “1962489”,
“play_url”: "XXXXXXXXXXXX,
"download_url": “XXXXXXXXXXXXXXX”,
“status”: “completed”,
“recording_type”: “shared_screen_with_speaker_view”
} ]

  1. See error
    image
    image770×370 20.2 KB

    Screenshots

If I try and use the JWT Token but still getting
Authentication Bearer Token I get the following error in a Postman GET
{
“status”: false,
“errorCode”: 401,
“errorMessage”: “java.lang.NullPointerException”,
“result”: null
}

Any updates / suggestion to get success in automating downloads ? can this be done as a JWT app ?

2

We have the exact same issue since about 7 hours ago.
Anyone has a temporary workaround?
We’ve already opened a ticket on behalf of the Open University of Israel but no response yet.
This is a critical issue - can someoneat Zoom please investigate and escalate ASAP?
Thanks.

3

Hey Tom,
So I’m not sure if this is NEW doc or not (don’t remember seen that in the past) they have additional information at
(Can no longer find the documentation link)

but if you add
?access_token={YOUR_VALID_JWToken}
to your “download_url”
as a querystring parameter it will start working again.
My initial Bearer attempts where not working. but this works for now…

Hoping we get updates if the APIs see more changes.
Good luck

1 Like
4

Thanks Nicolai!
This solution is working for us…
Zoom definitely need to improve their API update notifications, this isn’t the first time…
Good night,
Tom.

1 Like
5

Glad it’s working for you as well.

Agreed on docs and any changes / updates to APIs and WebHooks, though I also appreciate these are pretty extenuating circumstances.

Let’s just all Pay it forward on the community forums, there is probably lots of people bashing their heads against the wall and I can only image how flooded support is at this point, so let’s all help each other out !

1 Like
6

Hi @Nicolai/@tomkl,

We’re glad that you were able to get it working! We do have the ?access_token={download_token} listed within our Recording.completed reference docs[1], was it hard to find or just overlooked? We’re asking because we want to make sure our developers are able to easily find what they need within our docs without having to spend more time answering questions.

1 - https://marketplace.zoom.us/docs/api-reference/webhook-reference/recording-events/recording-completed

Screen Shot 2020-03-22 at 6.27.59 PM
Screen Shot 2020-03-22 at 6.27.59 PM738×183 15.4 KB

Thanks

7

Hi Michael,
Our main concern is that it was not necessary to use the token this way prior to yesterday.
A change was made by Zoom yesterday which made our old method of downloading records obselete.
We were not aware of this change and apparently, other users were not aware as well, so I guess that the notification of API changes is something we hope will be executed better in the future.
Thanks,
Tom.

8

As @tomkl indicated, it was more that the API spec changed w/ no notification, since it was working with no tokens most of last week and then suddenly stopped.

I’m not sure if that was a new addition to doc or oversight on my part, however yesterday, I saw the token documentation once, and then went back to find it again and couldn’t …
so not sure if there are different versions of docs, or it being edited.
Exceptional circumstances.

All good for now.

10

Hey @tomkl, @Nicolai,

We are aware of the issue and looking into if anything on the Zoom side affected this change. (ZOOM-146185)

For now, the work around is to add your JWT Token to a query param to the download_url and not use the authorization bearer header:

$access_token=JWT_TOKEN_HERE

Thanks,
Tommy

11

Hey @tommy is there any status update on this or ETA when this will be fixed?
And what would be a workaround for users with OAuth access token?

12

Hey @tkrevh,

Unfortunately no ETA yet as the release was delayed.

For OAuth work around, use the download_token in the recording completed webhook.

Thanks,
Tommy

13

Hey @tommy, I totally missed that, this is really helpful, thank you so much!

1 Like
14

Hey @tkrevh,

You are welcome! :slight_smile:

Thanks,
Tommy

15

Any update on when we can expect Oauth token to work for downloading recordings.
I am able to make it work with JWT workaround but it is not good for production scenario as suggested in doc.
Does JWT reside at account level and cannot be generated at will ?

16

Hey @naveenkumarreddy.mal,

You can do so now! :slight_smile:

download_url?access_token=ACCESS_TOKEN_HERE

Thanks,
Tommy

17

I have tried but it did not work. Does it need any update to the app.

18

Hey @naveenkumarreddy.mal,

Make sure you have the following scopes in your OAuth app:

Added support for private recordings to be downloaded using OAuth access token.

  • Account-Level Apps will need " recording:read:admin , recording:write:admin , recording:master " scopes.
  • User-Level Apps will need " recording:read , recording:write " scopes.
  • A user with recording management permission can view private recordings recorded by another user in the same account.

Thanks,
Tommy

19

It seems that Zoom has made some changes to their API, and now requires an authentication token to download recordings. You can generate this token by following the steps mentioned in their documentation.

To generate a token, you need to make a request to their token API endpoint with your API key and secret. Here’s an example of how to do it using cURL:

javascriptCopy code

curl -X POST https://zoom.us/oauth/token \
  -H 'Authorization: Basic base64_encode(api_key:api_secret)' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials'

Replace api_key and api_secret with your actual API key and secret, respectively. The base64_encode() function should be replaced with the appropriate function in your programming language to encode the string as base64.

Once you have the access token, you can use it to download the recording by sending a GET request to the download URL with the authorization header set to “Bearer {access_token}”.

I hope this helps!