Unable to download past_meeting files

willem · June 2, 2020, 3:03pm

When trying to download past_meeting files using the API from PHP and a CURL GET request the first 301 redirect is somehow added to the download file making it unreadable.

Steps to reproduce:

After a meeting has ended in which files were uploaded in the chat a request is made to endpoint /past_meetings/:meetingUUId/files
This produces the in_meeting_files like this:
“in_meeting_files”: [
{
“file_name”: “Advanced Life Support.pdf”,
“download_url”: “https://us02web.zoom.us/file/download/GsNt5y0dRo-gD8lPDL7keQ?jwt=[A-COMPLETE-JWT-HERE]&mode=download”,
“file_size”: 611223
},
When trying to dowload these files using a CURL GET request the file is downloaded but somehow the first redirect is stored in the file as well otherwise the file seems fine

I am using curl’s CURLOPT_FOLLOWLOCATION option by the way

Why is it using a separate JWT parameter anyway instead of the token authentication used in the downloads of the recordings for instance?

tommy · June 4, 2020, 7:08pm

Hey @willem,

Please try downloading the file by adding the following query param:

download_url?access_token=[JWT_TOKEN or OAUTH_ACCESS_TOKEN]

Thanks,
Tommy

willem · June 5, 2020, 7:19am

Thanks Tommy. I did try that earlier but that doesn’t work for me either. What would you use as JWT_TOKEN? The jwt param that comes as query param in the download_url or the Bearer token from the JWT app for instance?

So, should the full url be something like:
https://us02web.zoom.us/file/download/HASH?access_token=[JWT]&mode=download

Or:

https://us02web.zoom.us/file/download/HASH?jwt=[JWT]&access_token=[JWT]&mode=download

With the first I end up with response code 490 any other combination gives me 404 errors.

Willem

tommy · June 11, 2020, 6:22pm

Hey @willem,

There are 3 tokens you can use:

Also make sure this setting is enabled:

Let me know if that helps!

Thanks,
Tommy

willem · June 12, 2020, 7:07am

Thanks Tommy, but this is about downloading the files uploaded in chat. Getting the recordings works like a charm, but the in_meeting_files won’t download whatever combination of jwt- or access- token is being used.

Willem

willem · June 13, 2020, 12:55pm

Hi Tommy,

Below the exact output from the commandline invoked CURL request apart from the [TOKEN] which I removed from the output. I am using the token that was returned by Zoom API from the past_meetings/:meetingId/files request as jwt parameter.

As you can see the authorization works, but then the request is redirected (301) and consequently denied (490).
The syntax is per the documentation https://marketplace.zoom.us/docs/api-reference/webhook-reference/recording-events/recording-completed but fails.

Thanks!

curl -v -L --request GET --header 'authorization: Bearer [TOKEN]' --header 'content-type: application/json' --url 'https://zoom.us/file/download/SQysZck8RuOX9RXNra3W4A'
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 3.235.71.132:443...
* Connected to zoom.us (3.235.71.132) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP2 (h2)
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Next protocol (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*  subject: C=US; ST=California; L=San Jose; O=Zoom Video Communications, Inc.; CN=*.zoom.us
*  start date: May 24 00:00:00 2020 GMT
*  expire date: Jun  1 12:00:00 2022 GMT
*  subjectAltName: host "zoom.us" matched cert's "zoom.us"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x1a359a0)
> GET /file/download/SQysZck8RuOX9RXNra3W4A HTTP/2
> Host: zoom.us
> user-agent: curl/7.70.0
> accept: */*
> authorization: Bearer [TOKEN]
> content-type: application/json
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 301
< server: zoom
< date: Sat, 13 Jun 2020 12:48:47 GMT
< content-type: text/html
< content-length: 161
< location: https://file.zoom.us/file/SQysZck8RuOX9RXNra3W4A
<
* Ignoring the response-body
* Connection #0 to host zoom.us left intact
* Issue another request to this URL: 'https://file.zoom.us/file/SQysZck8RuOX9RXNra3W4A'
*   Trying 3.235.72.245:443...
* Connected to file.zoom.us (3.235.72.245) port 443 (#1)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Next protocol (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*  subject: C=US; ST=California; L=San Jose; O=Zoom Video Communications, Inc.; CN=*.zoom.us
*  start date: May 24 00:00:00 2020 GMT
*  expire date: Jun  1 12:00:00 2022 GMT
*  subjectAltName: host "file.zoom.us" matched cert's "*.zoom.us"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
> GET /file/SQysZck8RuOX9RXNra3W4A HTTP/1.1
> Host: file.zoom.us
> User-Agent: curl/7.70.0
> Accept: */*
> content-type: application/json
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 490
< Date: Sat, 13 Jun 2020 12:48:48 GMT
< Content-Type: application/json
< Connection: keep-alive
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< Access-Control-Expose-Headers: Zoom-File-ID, x-zm-part-number, x-zm-etag, x-zm-trackingid
< Access-Control-Allow-Headers: Zoom-File-Path, Zoom-Client-ID, Content-Type, Authorization, Zoom-File-Size, x-zm-trackingid, x-requested-with, zak, Zoom-File-Meta
< Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS
< X-Content-Type-Options: nosniff
< X-Frame-Options: sameorigin
< Content-Length: 39
< x-zm-trackingid: file-150885241.1-4a78effbe681e8980c30899fd9047238
<
* Connection #1 to host file.zoom.us left intact

tommy · June 17, 2020, 5:37pm

Hey @willem,

I have just private messaged you.

Thanks,
Tommy

yoavc · July 28, 2020, 12:23pm

I’m experiencing what appears to be the same issue.

I send a request to https://api.zoom.us/v2/past_meetings/NEX0lX89RUeM1RW7dQgdmQ%253d%253d/files and I get a download url for a file shared in the meetings.

When I put this url in the browser (or download via code) I get a garbled file. I’ve tried with txt and .docx files.

In fiddler:

Is this a known issue?

tommy · July 30, 2020, 7:43pm

Hey @yoavc,

Thanks for sharing, we are looking into this and I will provide you with updates.

It is a known issue and we are working to fix it. (ZOOM-171620)

-Tommy

tommy · August 12, 2020, 4:57pm

Hey @yoavc, @willem,

Our engineering team abruptly deprecated this endpoint.

" Note: This API has been deprecated and is no longer supported due to GCM encryption updates for security purposes."

Some updates need to be made to this endpoint to make it work again. Can you please provide your use case for needing this API, the List Past Meeting Files API so I can encourage this to be a priority?

Thanks,
Tommy

willem · August 12, 2020, 7:08pm

Hi Tommy,

That is disappointing to find out!

Our use case is as follows:

We have created an integration between our Learning Management System and Zoom. As part of our blended learning solution we provide the opportunity through Zoom to host online sessions where course participants can come together. The meetings allow presentations and the sharing of documents as background material. The only way to share documents in or upload to the meeting is through chat as far as we know. After the meeting is completed we need to store all the shared resources and the meeting notes and screen sharing in the Learning Management System as resources to revisit later on. Creating and starting the meeting, adding the participants, checking their attendance and storing the screen sharing and videos is all automatic and works perfectly. Except this.

If there is a way to upload, share and use files in the meeting and then download and store them afterwards that would be great. If that won’t be possible in the near future I need to come up with a different integration I guess.

Thanks for looking after us, Tommy!

tommy · August 13, 2020, 6:08am

Thanks @willem!

We will use your feedback to help make the right move here.

-Tommy

yoavc · August 16, 2020, 6:58am

Hi,

We’re planning on using this API to provide our CASB customers with compliance features.

Today we offer DLP scanning of meeting transcript and chat and would like to be able to scan shared files for DLP infringement too.

tommy · August 18, 2020, 6:21pm

Thanks for sharing your use case @yoavc!

This is valuable for our team to make a decision.

-Tommy

yoavc · September 21, 2020, 9:15am

@tommy Any progress here?

will.zoom · September 22, 2020, 7:15pm

Hey @yoavc,

We’ve relayed your feedback to our team, but don’t have any updates to share just yet.

Thanks,
Will

akhilahuja · October 6, 2020, 12:03pm

Tommy, I’d love to suggest Marsview Notes an automated meeting assistant that transcribes live or recorded meetings, provides highlights, meeting minutes, and a lot more. Added to the above all they provide you a cloud storage space also for the zoom meetings. I find it useful. I suggest you have a quick check on it. It is available in Zoom Marketplace. Here is the link https://bit.ly/MarsviewNotes

will.zoom · October 6, 2020, 6:24pm

Thanks for the suggestion, @akhilahuja!