Description
I am using Create a recording registrant.I noticed that the share URL provided in the response is accessible to other accounts. Even if I log in with a different account, I can still access the recording using this URL. This behavior is problematic as the registrant should be restricted to a single account.
The API response status code is 200, but it is not working as expected. Please guide me on how to restrict access to the recording URL to a single account.
Hi @zoom.license1
Thanks for your patience here, I am trying to replicate this behavior but have been unable to.
Can you confirm that you are creating the meeting via API using this request body
Hi @elisa.zoom ,
Yes,I am creating the meeting throught API using same Request body and starting the meeting recording it and once its in past meeting and even the recording got completely saved in account I am creating registrant for it. Meeting creation request body:
Hi @elisa.zoom,
Yes able to get the response like below but I noticed that the share URL provided in the response is accessible to other accounts. Even if I log in with a different account, I can still access the recording using this URL. This behavior is problematic as the registrant should be restricted to a single account.
@elisa.zoom Are you able to share any updates about this issue? I’m also having this issue. The share_url for a registrant can be shared with anyone to gain access to the recording without registering. They could just forward the registration approval email to others and the url in the email will work for anyone that tries.
Hi @elz.zhu
Thanks for reaching out.
When sharing the share_url for a registrant with someone else, this other person should not be able to watch the recording, they should be getting a “You cannot view this recording. No permission” prompt