Zoom Add Recording Registrant API

API Endpoint(s)

Create a recording registrant

POST /meetings/{meetingId}/recordings/registrants

Description
I am using Create a recording registrant.I noticed that the share URL provided in the response is accessible to other accounts. Even if I log in with a different account, I can still access the recording using this URL. This behavior is problematic as the registrant should be restricted to a single account.

Error?
Request JSON:

{
    "email": "example@gmail.com",
    "first_name": "ABC",
    "last_name": "A",
    "status": "approved"
}

Response:

{
    "registrant_id": "w8GQ7pB5SlB0m8rhg",
    "id": 99261738162,
    "topic": "Zoom Meeting",
    "share_url": "https://zoom.us/rec/share/rQrC8iy0tNcWQfkd_rA9S7_SorjVjkhnwbNaeYacPEVRPFupJ6U9fLgIgRdH_L5c.fKz6cQ40k5qMOw4A?tk=mCVEF-4_m-uGXz6geBW4Q8gWxreJfX0HKzpYw8sjrk0.AG.6ofU32N7MGvnapxMZvvK89sO7MRwqS5iUuFOa0OEevd-4TjTgIfl2JAD7b0rWcL1paFV4VGs7rXld7R9WGGaDdmZZ65t59ZtvWlBg5McuQU6WbbaLwyvkM0FVIuzvjyVHdIduUSiPvZPd_afxpObFgP79XteWc0b3j06.__dXuA1t1XJFXohdex4XuQ.S3EeVkuvWB-O32Cs"
}

Meeting Creation JSON:

{
  "duration": 45,
  "start_time": "2024-08-02T19:30:00",
  "timezone": "Asia/Kolkata",
  "auto_recording": "cloud",
  "join_before_host": true,
  "settings": {
    "approval_type": 0
  },
  "type": 2,
  "meeting_authentication": true
}

The API response status code is 200, but it is not working as expected. Please guide me on how to restrict access to the recording URL to a single account.

Thankyou

Hi @zoom.license1
Thanks for reaching out to us
Allow me to do some testing on my end and will get back to you with an update
Cheers,
Elisa

Hi @zoom.license1
Thanks for your patience here, I am trying to replicate this behavior but have been unable to.
Can you confirm that you are creating the meeting via API using this request body

{
  "duration": 45,
  "start_time": "2024-08-02T19:30:00",
  "timezone": "Asia/Kolkata",
  "auto_recording": "cloud",
  "join_before_host": true,
  "settings": {
    "approval_type": 0
  },
  "type": 2,
  "meeting_authentication": true
}

And are you starting the meeting and recording it? and once it is a past meeting, you are making a POST request to create a registrant.

Hi @elisa.zoom ,
Yes,I am creating the meeting throught API using same Request body and starting the meeting recording it and once its in past meeting and even the recording got completely saved in account I am creating registrant for it.
Meeting creation request body:

{
      "agenda": "Title",
    "default_password": false,
    "duration": 45,
    "start_time": "2024-08-13T16:30:00",
    "password": 123456,
    "timezone": "Asia/Kolkata",
    "auto_recording": "cloud",
    "join_before_host": true,
    "jbh_time": 10,
  "settings": {
    "approval_type": 0
  },
  "type": 2
}

Add recording registrant request body

    {
        "email": "abc@gmail.com",
        "first_name": "abc",
        "last_name": "d",
        "status":"approved"
    }

Thankyou

@zoom.license1
Are you getting a response back when creating the recording registration? or are you just getting a 200 ok with no response body?

Hi @elisa.zoom,
Yes able to get the response like below but I noticed that the share URL provided in the response is accessible to other accounts. Even if I log in with a different account, I can still access the recording using this URL. This behavior is problematic as the registrant should be restricted to a single account.

{
    "registrant_id": "w8GQ7pW9rBlB0m8rhg",
    "id": 1234567867,
    "topic": "Zoom Meeting",
    "share_url": "https://zoom.us/rec/share/rQrC8iy0tNcWQfkd_rA9S7_SorjVjkhnwbNaeYacPEVRPFupJ6U9fLgIgRdH_L5c.fKz6cQ40k5qMOw4A?tk=mCVEF-4_m-uGXz6geBW4Q8gWxreJfX0HKzpYw8sjrk0.AG.6ofU32N7MGvnapxMZvvK89sO7MRwqS5iUuFOa0OEevd-4TjTgIfl2JAD7b0rWcL1paFV4VGs7rXld7R9WGGaDdmZZ65t59ZtvWlBg5McuQU6WbbaLwyvkM0FVIuzvjyVHdIduUSiPvZPd_afxpObFgP79XteWc0b3j06.__dXuA1t1XJFXohdex4XuQ.S3EeVkuvWB-O32Cs"
}

Thankyou

@zoom.license1 Thank you
I will send you a DM to get more information about this, please follow up there