Unable to download past_meeting files

When trying to download past_meeting files using the API from PHP and a CURL GET request the first 301 redirect is somehow added to the download file making it unreadable.

Steps to reproduce:

  • After a meeting has ended in which files were uploaded in the chat a request is made to endpoint /past_meetings/:meetingUUId/files
  • This produces the in_meeting_files like this:
    “in_meeting_files”: [
    {
    “file_name”: “Advanced Life Support.pdf”,
    “download_url”: “https://us02web.zoom.us/file/download/GsNt5y0dRo-gD8lPDL7keQ?jwt=[A-COMPLETE-JWT-HERE]&mode=download”,
    “file_size”: 611223
    },
  • When trying to dowload these files using a CURL GET request the file is downloaded but somehow the first redirect is stored in the file as well otherwise the file seems fine
    image

I am using curl’s CURLOPT_FOLLOWLOCATION option by the way

Why is it using a separate JWT parameter anyway instead of the token authentication used in the downloads of the recordings for instance?

Hey @willem,

Please try downloading the file by adding the following query param:

download_url?access_token=[JWT_TOKEN or OAUTH_ACCESS_TOKEN]

Thanks,
Tommy

Thanks Tommy. I did try that earlier but that doesn’t work for me either. What would you use as JWT_TOKEN? The jwt param that comes as query param in the download_url or the Bearer token from the JWT app for instance?

So, should the full url be something like:
https://us02web.zoom.us/file/download/HASH?access_token=[JWT]&mode=download

Or:

https://us02web.zoom.us/file/download/HASH?jwt=[JWT]&access_token=[JWT]&mode=download

With the first I end up with response code 490 any other combination gives me 404 errors.

Willem

Hey @willem,

There are 3 tokens you can use:

  1. JWT Token.

  2. Access Token.

  3. Download token.

Also make sure this setting is enabled:

Let me know if that helps! :slight_smile:

Thanks,
Tommy

Thanks Tommy, but this is about downloading the files uploaded in chat. Getting the recordings works like a charm, but the in_meeting_files won’t download whatever combination of jwt- or access- token is being used.

Willem

Hi Tommy,

Below the exact output from the commandline invoked CURL request apart from the [TOKEN] which I removed from the output. I am using the token that was returned by Zoom API from the past_meetings/:meetingId/files request as jwt parameter.

As you can see the authorization works, but then the request is redirected (301) and consequently denied (490).
The syntax is per the documentation https://marketplace.zoom.us/docs/api-reference/webhook-reference/recording-events/recording-completed but fails.

Thanks!

curl -v -L --request GET --header 'authorization: Bearer [TOKEN]' --header 'content-type: application/json' --url 'https://zoom.us/file/download/SQysZck8RuOX9RXNra3W4A'
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 3.235.71.132:443...
* Connected to zoom.us (3.235.71.132) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP2 (h2)
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Next protocol (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*  subject: C=US; ST=California; L=San Jose; O=Zoom Video Communications, Inc.; CN=*.zoom.us
*  start date: May 24 00:00:00 2020 GMT
*  expire date: Jun  1 12:00:00 2022 GMT
*  subjectAltName: host "zoom.us" matched cert's "zoom.us"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x1a359a0)
> GET /file/download/SQysZck8RuOX9RXNra3W4A HTTP/2
> Host: zoom.us
> user-agent: curl/7.70.0
> accept: */*
> authorization: Bearer [TOKEN]
> content-type: application/json
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 301
< server: zoom
< date: Sat, 13 Jun 2020 12:48:47 GMT
< content-type: text/html
< content-length: 161
< location: https://file.zoom.us/file/SQysZck8RuOX9RXNra3W4A
<
* Ignoring the response-body
* Connection #0 to host zoom.us left intact
* Issue another request to this URL: 'https://file.zoom.us/file/SQysZck8RuOX9RXNra3W4A'
*   Trying 3.235.72.245:443...
* Connected to file.zoom.us (3.235.72.245) port 443 (#1)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Next protocol (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*  subject: C=US; ST=California; L=San Jose; O=Zoom Video Communications, Inc.; CN=*.zoom.us
*  start date: May 24 00:00:00 2020 GMT
*  expire date: Jun  1 12:00:00 2022 GMT
*  subjectAltName: host "file.zoom.us" matched cert's "*.zoom.us"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
> GET /file/SQysZck8RuOX9RXNra3W4A HTTP/1.1
> Host: file.zoom.us
> User-Agent: curl/7.70.0
> Accept: */*
> content-type: application/json
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 490
< Date: Sat, 13 Jun 2020 12:48:48 GMT
< Content-Type: application/json
< Connection: keep-alive
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< Access-Control-Expose-Headers: Zoom-File-ID, x-zm-part-number, x-zm-etag, x-zm-trackingid
< Access-Control-Allow-Headers: Zoom-File-Path, Zoom-Client-ID, Content-Type, Authorization, Zoom-File-Size, x-zm-trackingid, x-requested-with, zak, Zoom-File-Meta
< Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS
< X-Content-Type-Options: nosniff
< X-Frame-Options: sameorigin
< Content-Length: 39
< x-zm-trackingid: file-150885241.1-4a78effbe681e8980c30899fd9047238
<
* Connection #1 to host file.zoom.us left intact

Hey @willem,

I have just private messaged you.

Thanks,
Tommy

I’m experiencing what appears to be the same issue.

I send a request to https://api.zoom.us/v2/past_meetings/NEX0lX89RUeM1RW7dQgdmQ%253d%253d/files and I get a download url for a file shared in the meetings.

When I put this url in the browser (or download via code) I get a garbled file. I’ve tried with txt and .docx files.

In fiddler:

Is this a known issue?

Hey @yoavc,

Thanks for sharing, we are looking into this and I will provide you with updates.

It is a known issue and we are working to fix it. (ZOOM-171620)

-Tommy

Hey @yoavc, @willem,

Our engineering team abruptly deprecated this endpoint.

" Note: This API has been deprecated and is no longer supported due to GCM encryption updates for security purposes."

Some updates need to be made to this endpoint to make it work again. Can you please provide your use case for needing this API, the List Past Meeting Files API so I can encourage this to be a priority?

Thanks,
Tommy

Hi Tommy,

That is disappointing to find out!

Our use case is as follows:

We have created an integration between our Learning Management System and Zoom. As part of our blended learning solution we provide the opportunity through Zoom to host online sessions where course participants can come together. The meetings allow presentations and the sharing of documents as background material. The only way to share documents in or upload to the meeting is through chat as far as we know. After the meeting is completed we need to store all the shared resources and the meeting notes and screen sharing in the Learning Management System as resources to revisit later on. Creating and starting the meeting, adding the participants, checking their attendance and storing the screen sharing and videos is all automatic and works perfectly. Except this.

If there is a way to upload, share and use files in the meeting and then download and store them afterwards that would be great. If that won’t be possible in the near future I need to come up with a different integration I guess.

Thanks for looking after us, Tommy!