User Create API (custCreate) overwrites existing users with the same email address not under my account

Description
A user we work with reached out to us letting us know we had overwritten their Zoom Pro Plan with a Basic plan under our account. I didn’t even know this was possible and no where in the documentation is this mentioned that it could be a possibility.

We created a new user account (action=custCreate) with their name, surname and email address under what we thought was our Account. We actually ended up somehow taking over their existing account and converting it to a Basic plan and under our User Management we could see the user as an “API User”. We were not able to unlink this new user from our account, and thankfully we did not delete the user as it would have actually deleted the original Pro Plan account. Note that this was done at the end of October 2020.

We have over a thousand users under our account all with individual emails. They attend virtual events we host and we use Zoom as a fallback provider with Zoom meetings generated on the fly when necessary. Your normal tech support said there is no way for us to check if this has happened to anyone else.

The API call we are using is the basic:

{
  "action": "custCreate",
  "user_info": {
  "email": "blah@blah.com",
  "type": 1,
  "first_name": "NameBlah",
  "last_name": "SurnameBlah"
  }
}

Error
The user create API call with the custCreate action seems to have overwritten/taken over an existing user that is not under our account.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
Zoom API

Which Endpoint/s?
https://api.zoom.us/v2/users POST

How To Reproduce (If applicable)
I am not sure whether the API has been updated since November 2020 and this may have been resolved, but I worked with a colleague that had an existing Zoom account (not under our Pro account) and I created a new user with the above custCreate action with his exact same email address. The account was created normally as an API user under our Pro Account, but the Zoom User IDs were totally different. I wasn’t able to “Unlink” the new account as the API doesn’t let you disassociate API users, but I was able to delete the new user account without affecting his original account.

Additional context
Your escalated tech department was able to unlink the above mentioned user that had their account taken over from our account, effectively returning the user to the original Pro plan they were on without losing any of their historic data. This was done on your end. I need to remove/unlink all the API created users under our account safe in the knowledge that I will not be deleting anyone’s existing user accounts and all their data. Is this possible and how?

Thank you,
Simone

Hi @SimoneLabianca,

Thanks for reaching out about this.

In order to take a closer look, is it possible to email us the full details of the API request and the user email/ids in question? You can send this to developersupport@zoom.us. We’ll be happy to help out however we can!

Best,
Will

Hi @will.zoom

The API request is the one above. In regards to the emails/ids, there are over 1000 of them. Are you able to determine my account from user logged into the dev forum? If so, you should be able to see them all under our account. Otherwise let me know what I can send you so you can determine my account on your end.

Cheers,
Simone

Hi @SimoneLabianca,

Please send us an email with the account owner’s email address or account ID, and at least one example API request with valid user info.

Thanks!
Will

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.