Zoom Add Recording Registrant API

API Endpoint(s)

Create a recording registrant

POST /meetings/{meetingId}/recordings/registrants

Description
I am using Create a recording registrant.I noticed that the share URL provided in the response is accessible to other accounts. Even if I log in with a different account, I can still access the recording using this URL. This behavior is problematic as the registrant should be restricted to a single account.

Error?
Request JSON:

{
    "email": "example@gmail.com",
    "first_name": "ABC",
    "last_name": "A",
    "status": "approved"
}

Response:

{
    "registrant_id": "w8GQ7pB5SlB0m8rhg",
    "id": 99261738162,
    "topic": "Zoom Meeting",
    "share_url": "https://zoom.us/rec/share/rQrC8iy0tNcWQfkd_rA9S7_SorjVjkhnwbNaeYacPEVRPFupJ6U9fLgIgRdH_L5c.fKz6cQ40k5qMOw4A?tk=mCVEF-4_m-uGXz6geBW4Q8gWxreJfX0HKzpYw8sjrk0.AG.6ofU32N7MGvnapxMZvvK89sO7MRwqS5iUuFOa0OEevd-4TjTgIfl2JAD7b0rWcL1paFV4VGs7rXld7R9WGGaDdmZZ65t59ZtvWlBg5McuQU6WbbaLwyvkM0FVIuzvjyVHdIduUSiPvZPd_afxpObFgP79XteWc0b3j06.__dXuA1t1XJFXohdex4XuQ.S3EeVkuvWB-O32Cs"
}

Meeting Creation JSON:

{
  "duration": 45,
  "start_time": "2024-08-02T19:30:00",
  "timezone": "Asia/Kolkata",
  "auto_recording": "cloud",
  "join_before_host": true,
  "settings": {
    "approval_type": 0
  },
  "type": 2,
  "meeting_authentication": true
}

The API response status code is 200, but it is not working as expected. Please guide me on how to restrict access to the recording URL to a single account.

Thankyou

Hi @zoom.license1
Thanks for reaching out to us
Allow me to do some testing on my end and will get back to you with an update
Cheers,
Elisa

Hi @zoom.license1
Thanks for your patience here, I am trying to replicate this behavior but have been unable to.
Can you confirm that you are creating the meeting via API using this request body

{
  "duration": 45,
  "start_time": "2024-08-02T19:30:00",
  "timezone": "Asia/Kolkata",
  "auto_recording": "cloud",
  "join_before_host": true,
  "settings": {
    "approval_type": 0
  },
  "type": 2,
  "meeting_authentication": true
}

And are you starting the meeting and recording it? and once it is a past meeting, you are making a POST request to create a registrant.

Hi @elisa.zoom ,
Yes,I am creating the meeting throught API using same Request body and starting the meeting recording it and once its in past meeting and even the recording got completely saved in account I am creating registrant for it.
Meeting creation request body:

{
      "agenda": "Title",
    "default_password": false,
    "duration": 45,
    "start_time": "2024-08-13T16:30:00",
    "password": 123456,
    "timezone": "Asia/Kolkata",
    "auto_recording": "cloud",
    "join_before_host": true,
    "jbh_time": 10,
  "settings": {
    "approval_type": 0
  },
  "type": 2
}

Add recording registrant request body

    {
        "email": "abc@gmail.com",
        "first_name": "abc",
        "last_name": "d",
        "status":"approved"
    }

Thankyou

@zoom.license1
Are you getting a response back when creating the recording registration? or are you just getting a 200 ok with no response body?

Hi @elisa.zoom,
Yes able to get the response like below but I noticed that the share URL provided in the response is accessible to other accounts. Even if I log in with a different account, I can still access the recording using this URL. This behavior is problematic as the registrant should be restricted to a single account.

{
    "registrant_id": "w8GQ7pW9rBlB0m8rhg",
    "id": 1234567867,
    "topic": "Zoom Meeting",
    "share_url": "https://zoom.us/rec/share/rQrC8iy0tNcWQfkd_rA9S7_SorjVjkhnwbNaeYacPEVRPFupJ6U9fLgIgRdH_L5c.fKz6cQ40k5qMOw4A?tk=mCVEF-4_m-uGXz6geBW4Q8gWxreJfX0HKzpYw8sjrk0.AG.6ofU32N7MGvnapxMZvvK89sO7MRwqS5iUuFOa0OEevd-4TjTgIfl2JAD7b0rWcL1paFV4VGs7rXld7R9WGGaDdmZZ65t59ZtvWlBg5McuQU6WbbaLwyvkM0FVIuzvjyVHdIduUSiPvZPd_afxpObFgP79XteWc0b3j06.__dXuA1t1XJFXohdex4XuQ.S3EeVkuvWB-O32Cs"
}

Thankyou

@zoom.license1 Thank you
I will send you a DM to get more information about this, please follow up there

@elisa.zoom Are you able to share any updates about this issue? I’m also having this issue. The share_url for a registrant can be shared with anyone to gain access to the recording without registering. They could just forward the registration approval email to others and the url in the email will work for anyone that tries.

Hi @elz.zhu
Thanks for reaching out.
When sharing the share_url for a registrant with someone else, this other person should not be able to watch the recording, they should be getting a “You cannot view this recording. No permission” prompt

I just tested this on my end