I am building a Salesforce Agentforce integration, which lists a user’s recently recorded meetings with generated text transcripts. However the subdomain is frequently different for the recording transcript download endpoint.
I plan to distribute this Salesforce app to multiple end-customers. Their recordings will be served from different subdomains (e.g. somecompany DOT zoom DOT us or similar). Even in our internal Zoom account, I have seen recordings served from both mycomanyssubdomain DOT zoom DOT us and ssrweb DOT zoom DOT us, but there may be others I don’t know about?
Salesforce requires a list of authorised endpoints before it will allow the APEX code I am using to make the Zoom REST API calls to work. I can provide setup/installation guidance to customers so they can manually set these authorised endpoints up, but I don’t know what endpoints will actually be required. I can’t use wildcards in Salesforce, e.g. * DOT zoom DOT us. they have to be explicit unfortunately.
My question is: will the recording URLs ALWAYS be served from either ssrweb DOT zoom DOT us, or [companyname] DOT zoom DOT us? If so, then great because its a known quantity, but if not, it will lead to a bad experience for our customers if things fail due to unauthorised URL being called from the APEX code.
I don’t want to create an external proxy app outside of Salesforce to workaround this and provide a single endpoint to authorise - many of our customers would simply not but our product if this was the case due to the additional security concerns associated with the proxy app (even if it was incredibly secure).