Using this template helps us debug your issues more effectively
Description
I am writing an application that needs to access my own meeting data including participants and transcripts. In other words, no more than I am already able to access through the web portal.
My organization has an enterprise wide account which is tied into our SSO. According to my IT, I am required to use OAuth. I am not admin at my organization but then I am not looking to access any information other than I am normally able and allowed to access.
I admit that we are struggling here. It seems that for retrieving transcripts we need to access āadmin scopesā and our IT rightfully is not willing/able to furnish that to us (nor would we want it.)
I am unclear about the flow of things. It seems that my application has to be āregisteredā which is separate from when it is executed? And when it is executed, will it not still be limited by the logged in userās permissions? In other words, could my application be āinstalledā by the admins but run by me?
I am sure I am not explaining this exactly right. I am willing to look at any documentation that is on point because Iāve not been able to locate it myself. Any help provided would be greatly appreciated!
Thanks for reaching out about this, and good question.
To clarify, youāre correct that accessing meeting transcripts requires you to have account owner or admin privileges. When accessing resources via API, this means you will need to authorize your requests with credentials associate with an account-level app.
The first allows you to authorize API requests with a token. The second requires end user authorization to retrieve a code, which you can then swap for an access_token to authorize API requests with.
In your situation, the JWT token would be the recommended method for simplicity, however, you will need to be an admin on your account in order to leverage either of these app types.
Let me know if this information helps to clarify,
Will
Thanks for the info. A few follow ups. I believe Zoom discourages us from authenticating with JWT because it is not as secure. Can you explain a little more?
I just want to nail this down. Even though I am able to get my own transcripts as downloadable VTTs and my own meetings and participants in downloaded CSV through the x.zoom.us web interface, I cannot get them through the API without being an admin on my account?
And what does being an admin on my account really mean? From the term it sounds like itās not something that I as a regular user would ever get because it would give me far more access than would make any sense from a privacy and security perspective. Is that right?
JWT Credentials provide unfettered, account-level, access and there isnāt a way to change the scope of access that is available or for an end-user to authorize the scope of data access. For this reason, JWT credentials donāt follow security/privacy best practices as closely but are excellent when making API calls that donāt involve user interaction.
If you just want to obtain recording files for your own recordings, you should be able to use a User Level OAuth app along with the recording:read scope to call the Get Meeting Recordings API. If that doesnāt help, try using the me route with the API.
Being an Admin on your account means that your user has the role āAdminā. However, you can use Admin scopes with different roles if you provide the Marketplace and Developer permissions to that user along with the relevant permissions to access the data behind those scopes (permission to manage users for the Create a User API).
You can create a āDeveloperā role that would allow you to create/install Account-Level (and therefore admin) apps but this might also be a blocker for your IT team.
