Upcoming Security Changes Required Password for Meetings

Regarding the impending security changes as described here – https://medium.com/zoom-developer-blog/required-passwords-and-your-zoom-integration-1c02828c5e68

Regarding the API, if a password isn’t specified in a create meeting request and the account/group/user settings are not such that a password will be autogenerated, will the create still succeed, but then attendees will will not be able to join the meeting?

Regarding the “Require a passsword when scheduling new meetings”, I read that when that is set and locked, Zoom will automatically create a password. Under those conditions, if a meeting is created via the API, will the password be generated and returned in the response? And if the “Embed password in invite link for one-click join” is turned on will an encrypted version of the auto-generated password be included in the link?

Also regarding the same setting, It says “The Personal Meeting ID (PMI) meetings are not included.” Is there a way to get Zoom to autogenerate passwords for PMI meetings when the PMI option is turned on for the user, perhaps when the “Require a password for Personal Meeting ID (PMI)” is set?

Our product integrates with Zoom and schedules meetings via the create meeting API. My general goal is to enhance our create request to always get a password. What I want find it is if via the proper Zoom settings, Zoom always creates a password and always returns in in the join URL. If that’s the case, we do not have to write any code to generate passwords via the password rules for the Account.

The safest situation to plan for is May 31, 2020 (our current target release date) when meeting/webinar passwords will be enforced on ALL Zoom Accounts for ALL Zoom Users within the account and the settings will be immutable by admins/owners.

On, or after, that date, Zoom will:

  1. Auto-generate a password if not provided when creating/scheduling/updating meetings
  2. PMI passwords also will be enforced, if not set it will be auto-generated, but Personal Meetings are unique because they are a perpetual meeting, and any changes to the PM-password, will instantly apply to all meetings (even if they were scheduled in the future), so you’ll need to be mindful of this with regards to notifying your participants (since invitations are typically sent via email which may contain old passwords).

Quoting the blog post you referenced (to correct any misunderstandings)…

To align with Zoom’s recent announcement pertaining to our 90 day security initiative, we will be requiring all previously scheduled, upcoming, and PMI meetings to require passwords to join meetings & webinars for Basic accounts on May 9th and Paid Accounts by May 30th.

The situation we need to critically avoid is having meetings scheduled over the next three weeks that don’t have passwords as we do not have any easy way of updating the URLs we have storied for all scheduled meetings.

After May 31 passwords will always be auto-generated. I believe if the proper settings are set, we can get passwords auto-generated for non-PMI meetings.

I was not aware that PMI meetings also had a permanent password. It sounds like what we’ll want to do for PMI meetings is avoid the auto-generated feature that Zoom generates and have the user store the PMI password in our application. But follow-up questions on that…

If create meeting is called to schedule a PMI and a password is passed, does that then permanently change the password for all scheduled PMI meetings for the user?

If create meeting is called to schedule a PMI and a password is not passed, does is use the last PMI password that was on a meeting for that user or always generate a new PMI password and thus change the password for all scheduled meetings?

Hey @kkoellner,

No, the password will not be permanently changed.

The password is generated on a per meeting basis randomly if you do now set one yourself in the API.

Does that answer your question?