Server-to-Server OAuth app unable to retrieve download links for recordings from other users in my org

I have created a Server-to-Server OAuth 2 app, with the goal of being able to download the recordings of all users in my organization.

When I request a list of recordings for a given user, using the user endpoint https://api.zoom.us/v2/users/{user_email}/recordings, as expected I get a list of all of that user’s meeting recordings, including all of the files associated with that recording. When the user_email is the email associated with my developer account, I also get back the download urls for each file. However, if the user_email is for any other user in my org, I do not get back any download links.

why is this, and how can I get download links for other user’s recordings?

hi @ryan.h
welcome to the community.

I would first ask, can you check who you are as user/me/
and then check you can see those recordings when log into Zoom.us with that user.
A simple way to check you have access rights from zoom.
Your Zoom Domain Owner will have the ultimate control on who can access what and what they have passed down to you. Obviously, not everyone can see everyone’s content by default.

Then we can move onto limitations from your app?

all the best

John

Sorry for the delay.
when I query /users/me, I get my user/developer account.

I see my account’s recordings under
Personal > Recordings & Transcripts.

I can also see other users’ recordings under
Admin > Account Management > Recording and Transcript Management.

do you know what permissions need to be able to download other users’ recordings? I figured that if I could see the recordings through the API, that I would also be able to download them, but that doesn’t seem to be the case.

Hi @ryan.h
Would you like to start here?

I am a developer who learns by what they use. And I have seen no reason why API calls do not follow the rules for those ‘IRL’ using the main site.

John

sorry, maybe I’m not understanding. According to that page, if I am an account admin I should be able to "view all recordings on your account in Recording and Transcript Management." and I can. What I’m struggling with is which permission in the app scopes list corresponds to that same capability. I’ve added basically every relevant permission available. If it was a permission that my account lacked (and therefore not able to be added to the app scope), I would think I wouldn’t be able to see others’ recordings in the Recording and Transcript section.

OAuth scopes has a mapping of internal names and which APIs are affected. It doesn’t mention the roles user interface, unfortunately.

There is a dynamic page showing the corresponding roles user interface that you can access by starting with https://marketplace.zoom.us/apphelp/ and appending your application ID from its URL in Created apps. But this requires an application that already declares the correct scope, which is a catch-22 situation.

Our Server-to-Server OAuth application retrieves recordings across multiple users, and in the roles user interface’s Account Management section, we granted View permissions to the following:

  • Recording and transcript management
  • View the recording and transcript content

In the application’s scopes, we granted View all user recordings
(recording:read:admin).