We have created a Zoom marketplace app called “Squire”.
At its core, Squire takes the recording of a video or phone call from Zoom and processes it in Squire to drive business results for the user.
The issue we’re running into is to do with permissions around recordings.
It is our understanding, based on the scope of the Squire App and from testing, that the Squire user needs to have the following permissions in Zoom for Squire to be able to access their video and phone recordings:
Phone Management - View
View the recording content - View
Recording management - View
The issue is that with these permissions turned on, the user can see every call that has been recorded through Zoom in that company and a lot of these calls are commercially sensitive. Allowing every user to see all call recordings is a security risk that the client is not comfortable taking.
It is my understanding that the Squire app should be able to retrieve an individual user’s video and phone call recordings without requiring that user to have permission to see all the recordings in the account.
Is that the case? Do we need to change how the app gets notified that the recording is complete (webhook) and accesses these recordings?