Restricting a Single, Permanent Zoom Link to Only Backend-Registered (Paid) Users

Hello Zoom Community,

I’m trying to create a secure course platform where only paid students can join my Zoom meetings. I’ve got most of my requirements working but facing one critical issue:

My Current Setup:

{
  topic: `System(workshop) - ${workshop.workshop_title}`,
  type: 2, // Scheduled meeting
  start_time: "2027-12-31T23:59:59Z", // Far future date for permanent link
  duration: 60,
  settings: {
    approval_type: 0, // Auto-approval
    registration_type: 1, // Register once for all occurrences
    registrants_email_notification: true,
    join_before_host: false,
    waiting_room: false,
    mute_upon_entry: true
  }
}

What Works:

• I’ve created a permanent meeting link by setting a far future date
• I can programmatically register my paying customers using Zoom’s API
• I can update start times as needed while keeping the same link

The Problem:

• Anyone with a Zoom account can join my meeting without paying. When they open the link in the Zoom app (where they’re already logged in), they can join directly.
• In incognito mode, they can register by simply entering a name and email.

What I Need:

1. Complete block for non-registered users - No registration form should appear to public users
2. Only backend API registrations allowed - Only my system should be able to add registrants (after payment)
3. Maintain permanent meeting link - Keep using the same meeting ID/URL

I’ve tried:

• Using approval_type: 0 (auto) and approval_type: 1 (manual)
• Password protection (but then I need to distribute passwords which can be shared)

I considered using registration_close_time set to a past date with approval_type: 1, but I’m not sure if my system can still register users via API after registration is closed.

Has anyone successfully implemented this specific access control pattern? Is there a combination of settings that will block public registration entirely while allowing API registrations?

Thank you for any guidance!

Potential Solution (Is this possible?)

Could this combination work?

{
  settings: {
    approval_type: 1, // Manual approval
    registration_type: 1, // Register once
    registration_close_time: "2020-01-01T00:00:00Z", // Past date to disable public registration
    allow_registration_after_meeting_starts: false,
    meeting_authentication: true,
    only_signed_in_users: true
  }
}

Would this block the public registration form completely? And would my backend API still be able to add and approve registrants despite the closed registration?

hi @trimukyoga ,

This is a great question.
My answer without code would be to register them all myself.
I would then email them each their join link.

I use this method from my CRM package (vbout), we do register a call to Zoom and it returns the customer-specific join link, which we then email out to the person.

It is the same thing as Calendly, tidycal, and other tools that are used to book people for meetings.
So, it works for meetings and webinars.

If you don’t show the join link anywhere, then nobody else will be able to join.
If somebody shares their link, then everyone will inherit the name of the person who shared the link, and if you limit it to one device, only the first will join.

All the best

John

Similarly, for my purposes we send our guests their own unique links from our own domain (and have mechanisms to invalidate those links if they fall into the wrong hands), which has a page in which the Zoom meeting launcher link is rendered as a “join now” button, not exposing the direct meeting link.

@expertswho can you clarify your meaning on “limit it to one device”? Is there something where we can make a meeting link restricted to only be usable on the first device to open it??

Thanks. Not quite what I envisioned!

@alexm ,

I always try to use the features of standard zoom and then sprinkle in zoom API magic.

I could write an app to control people when they join, but I don’t see a way to control the waiting room yet, so a more elegant solution may have to wait.

John