Hello… We are using the Zoom Phone API to enable our web application to access voicemails from a Zoom Phone customer service voicemail box in our Zoom tenant. It works as intended, but the API has access to all user voicemail boxes and we would prefer to limit its access via permissions to only the mailbox it needs to access.
In the Zoom Portal under Users and Roles, we have our API Role defined with as few permissions as possible. Those that seemingly would control individual voicemail access cannot be edited and the message is, “You cannot define a custom scope for this permission”.
Is there a way for us to configure our API account to only have permission to selected voicemail boxes? Thanks in advance for any insight.
Hi @mandrews1885
Thanks for reaching out to the Zoom Developer Forum and welcome to our community! I am happy to help here!
I do not think that there is a way to limit access to certain mailboxes, if you are using a account level app such as our Server to Server or an OAuth app, the scopes you select will have access to all mailboxes (all users under the account)
May I ask what type of app are you working with?
Best
Elisa
Apologies for my delay in responding. We have an internally developed customer service platform, and the customer service agents can see that there are voice mails in their Zoom Phone voicemail box and move them into existing or new cases they are working. Our application is coded to only access the customer service mailbox, but we see that the API grant permissions to all mailboxes. It would be much more secure if the Role using the API was granted permissions to the specific account voicemail boxes that it needed to access and no others. Is that something Zoom can look at as an enhancement?