Scope for Recordings /v2/users/{userid}/recordings

When requesting recordings from a user account, I get an “Invalid access token, does not contain scopes: [recording:write:admin, recording:read:admin]” Error. Even though that request in the documentation says it can take the recording:read scope too. I just want access to the recordings the specific user has access to. I would rather not require account level admin scope if possible.

Documentation: https://marketplace.zoom.us/docs/api-reference/zoom-api/cloud-recording/recordingslist

Endpoint: /v2/users/{userid}/recordings

The actual response: {“code”:4700,“message”:“Invalid access token, does not contain scopes: [recording:write:admin, recording:read:admin]”}

I wanted to add on a couple more afterthoughts…

The user requesting the recordings is the account owner, but I would expect it to behave the same way for any user on the account. The auth token does have valid recording:read recording:write scope

Thanks.

Hi @eric,

What is the appID and userID that you’re requesting?

Thanks

Hey Michael,

The ClientID: 71U_nHMCSkqU1BWQuPAGOA
The UserID: D1AT2iX6R3m6To0cWTWkOA

Ok…so I was testing a theory about the /me variable you guys use sometimes. Apparently that allows this to work without the admin scope. Interesting that the userid doesn’t work, even though “me” and the userid were the same user. So my issue is resolved for this, since I can just use “me”, but you should update your documentation or fix the /users/{userid}/recordings API so it actually works when requesting recordings and using the userid that matches the authorization token.

1 Like

Thanks for the feedback @eric. We will continue looking into this. Glad you were able to resolve using the me context.

Thanks,
Tommy

1 Like

@eric, I see there are two issues here:

  1. Our documentation states you need the user:read:admin and user:read scopes, when you actually need the recording:read, and recording:read:admin scopes.
  2. The userID and email do not work for the userID when using a User-Level OAuth app to List All Recordings. Only the me context works.

Thanks for sharing this, we will work on a fix.
-Tommy

1 Like

Yes, you summarized perfectly @tommy, thanks for following up. I didn’t even realize how far off the scopes where in the docs, glad you are on top of it. Now if the other problem of the 403 error on recording downloads gets fixed, I can actually test all of this :smiley:

1 Like

Hey @eric,

The docs are updated now with the correct scopes.

Engineering is working on the 403 error related to downloading recordings, and then will take a look at the userID and email not working for the List All Recordings endpoint.

Ticket ZOOM-104779

Thanks,
Tommy

1 Like

Hey @eric,

Thanks for your patience, the issue is now fixed.

-Tommy

1 Like

Hey @eric,

Update, this is the intended functionality. We will update our docs to make this more clear.

User-level OAuth apps with the recording:read scope can only call the GET /users/{userId}/recordings by passing in me as the {userId}. Email or userId will not work.

Thanks,
Tommy

Thanks Tommy. Might want to put that up front in the docs, not just for this endpoint, that /me/ is not synonymous with your /{userid}/. I expected they would resolve to the same thing as they are the same user.

1 Like

Hey @eric,

Yes we are updating our documentation! I will post back here with the link.

I expected the same.

Thanks,
Tommy

Posting with updated docs.

“While using the recording:read scope for a user-level app, provide me as the value for userId in the path parameter.”

-Tommy