You can add ANY email if using 'Add Meeting Registrants' API even 'Only authenticated users can join' is selected?

In admin setting I selected ‘Only authenticated users can join: Sign in to Zoom’
But when I used ‘Add Meeting Registrants’ API. It’s allow any email to be registered.

I also try to register by using registration link like
https://us02web.zoom.us/meeting/register/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
and fill random email in the Email Address it said “The email address has not been used as a Zoom account.”

So, This mean if I’m using API to add registrant. I can added any email and user still able to join the meeting without problem despite wrong email address (aka. zoom account) ?

1 Like

I have the same problem!

Can any moderator answer my question please ?

Hey @pingchp, @lisa.accardi,

How are you creating the meeting? With the API? If so, can you share your request body JSON so I can try to reproduce the issue?

Thanks,
Tommy

  1. Created meeting via website control panel with theses option
  • Only authenticated users can join: Sign to zoom
  • Member registration set to Manually Approve
  1. Add member to room with this API
  • https://api.zoom.us/v2/meetings/".$roomid."/registrants
  • JSON => {“email”:"$put_email",“first_name”:"$firstname",“last_name”:"$lastname"}"
    After member added I will have those member list on waiting approval list. In step 2. I can added ANY email to the list whether it’s valid zoom account or not.
  1. Use this API to update member status to Approved.
  1. Setup webhook to grab a join_url to created join button on the website.

Done.

If you added members via API you can add any email to the list and join_url also not include email credential so user can use any zoom account to join the room via any join_url (friends can share their join_url and still can login without specific zoom account tie into that url as long as they have zoom account).

These should be fixed. Join Url should only be used with the email that created join url.

Hey @pingchp,

Once the registration is complete and the unique join_url is created, yes anyone can use it to join, but you should only share the join_url with the person who you intend to join.

As for the issue of being able to register add any email of a Zoom user for your meeting with Sign into Zoom required, the emails you are adding have Zoom accounts if it succeeds. If you want me to look into this further, share an email that is not a Zoom account that still was able to register to your meeting with the setting Sign into Zoom required.

Thanks,
Tommy

Hi @tommy, I read your answer but I think @pingchp’s issue is still there.

Can you please share the steps that if I schedule an event via a zoom website, and I want to allow only email addresses which pay on my WordPress site to be able to join the meeting. So how to add email addresses via API? and no one else can join the meeting without any link or email.

Please answer as soon as possible.

@tommy my question from above comment has been edited and updated, please answer as soon as possible.

Hi @faisal.alvi,

If you want to allow only certain users to join a meeting, you can add those users to an upcoming meeting using our Add Meeting Registrant API endpoint to do so, and ensure that the meeting is set to registration: required.

Best,
Will

Thanks @will.zoom , same applies for webinars, right?

Hey @faisal.alvi, that’s correct — you can use the equivalent endpoint for a Webinar:

Best,
Will

1 Like