Zoom Rooms 'Join' API doesn't work with many meeting passwords

API and Webhooks
1

Description
We use the Zoom Rooms ‘Join’ API to make rooms join meetings on-demand.

This endpoint has the restriction that “Password may only contain the following characters: [a-z A-Z 0-9 @ – _ *]. Max of 10 characters.”.

However, recent Zoom security changes have increased the security of auto-generated passwords so they include characters outside of this allowed set of characters (?, #, etc.).

This means we can’t use this API endpoint for many Zoom meetings.

Error
On triggering the API with a password containing ‘invalid’ characters:

{'jsonrpc': '2.0', 'error': {'code': 32602, 'message': 'Validation Failed.', 'data': [{'field': 'params.password', 'message': 'Invalid field.'}]}}

Which Endpoint/s?

2

Hey @tom.usher,

Thanks for sharing this. Our engineering team is investigating. I will get back to you with updates. (ZOOM-162547)

Thanks,
Tommy

3

Hey @tom.usher,

We updated our docs to include the new password requirements:

Make sure the password you are setting aligns with your password strength requirements in your settings.

Screen Shot 2020-05-20 at 10.46.09 AM
Screen Shot 2020-05-20 at 10.46.09 AM1454×684 47.2 KB

Thanks,
Tommy

4

Thanks for looking in to this and updating the documentation so promptly.

However, this doesn’t seem to align with what we’re currently seeing:

  • Meetings that are created with ‘Free’ accounts do not have the option to set minimum password requirements
  • There are no minimum password requirements set on the account that owns the Zoom Rooms
  • Meetings that are generated using the ‘New Meeting’ button, or via the Slack integration get generated with passwords that aren’t compatible (e.g w46!(i{74n)

So in summary:

  • A user with a free account creates a meeting, a password like w46!(i{74n might be generated.
  • Attempting to make the room join the meeting using this password results in an error
  • There are no minimum password requirements set on either account
5

Hey @tom.usher,

Gotcha, thanks we will look into this further.

-Tommy

6

Hey @tom.usher,

I need some additional details.

What is the exact error message you are seeing, and what is your account #?

Thanks,
Tommy

7

No problem.

The account which ‘owns’ the Zoom Rooms is 442755. We created an unpublished app in the marketplace called ‘Zoom Room Joiner’ associated with this account, which is being used to join calls.

The host of a call can be any other Zoom account, we have tried with multiple.

The exact error is, when POSTing

{
  "jsonrpc": "2.0",
  "method": "join",
  "params": {
    "meeting_number": "{any given meeting number with spaces/dashes removed}",
    "password": "{password containing invalid characters}",
    "force_accept": false,
  }
}

to https://api.zoom.us/v2/rooms/{roomId}/meetings where roomId is the value of an ID returned from https://api.zoom.us/v2/rooms.

The error is:

{'jsonrpc': '2.0', 'error': {'code': 32602, 'message': 'Validation Failed.', 'data': [{'field': 'params.password', 'message': 'Invalid field.'}]}}

8

Thanks for the details @tom.usher,

We should be able to figure this out now.

Thanks for your patience,
Tommy

9

Hey @tom.usher,

We are still not able to reproduce this issue. Can you please try creating a meeting with the same password using the Create Meeting API or Zoom Web Portal. Let me know if you see the same error message.

Thanks,
Tommy

10

Here’s a python script which replicates the issue:

import requests

API_URL = "https://api.zoom.us/v2/"
USER_ID = "[redacted]"
PERSONAL_JWT_TOKEN = "[redacted]"
ZOOMROOM_JWT_TOKEN = "[redacted]"

MEETING_PASSWORD = "w46!(i{74n"
ZOOM_ROOM_ID = "[redacted]"

def create_meeting():
    body = {
        "topic": "Test Meeting",
        "type": 1,
        "password": MEETING_PASSWORD,
    }
    res = requests.post(
        f"{API_URL}users/{USER_ID}/meetings",
        json=body,
        headers={"Authorization": f"Bearer {PERSONAL_JWT_TOKEN}"},
    )
    return res.json()


def zoom_room_join_meeting(meeting_id):
    body = {
        "jsonrpc": "2.0",
        "method": "join",
        "params": {"meeting_number": meeting_id, "password": MEETING_PASSWORD},
    }

    res = requests.post(
        f"{API_URL}rooms/{ZOOM_ROOM_ID}/meetings",
        json=body,
        headers={"Authorization": f"Bearer {ZOOMROOM_JWT_TOKEN}"},
    )
    return res


meeting = create_meeting()
res = zoom_room_join_meeting(meeting["id"])
print(res.content)

where:

  • USER_ID is my user ID as returned from GET /users using a JWT token from my personal account.
  • PERSONAL_JWT_TOKEN is a JWT token generated from the app marketplace on a test app created on my personal account.
  • ZOOMROOM_JWT_TOKEN is a JWT token generated from the app marketpalce on the Zoom Room Joiner app owned by the account which also owns the Zoom Rooms.
  • MEETING_PASSWORD is an example of a password that has been generated automatically by the Zoom client when a user has created a meeting in the past.
  • ZOOM_ROOM_ID is the ID of the Zoom Room I’m attempting to make join, as returned by GET /rooms using the Zoom Room Joiner JWT token.

When MEETING_PASSWORD is w46!(i{74n, the output of the script is:

b'{"jsonrpc":"2.0","error":{"code":32602,"message":"Validation Failed.","data":[{"field":"params.password","message":"Invalid field."}]}}'

and the room fails to join.

When MEETING_PASSWORD is test123, the output of the script is:

b'{"jsonrpc":"2.0","result":{"room_id":"[redacted]","send_at":"2020-06-11T09:25:03Z"},"id":"a138c758-a43d-487a-bf5f-dfc6df7a0b75"}'

and the room joins successfully.

Hope that’s useful! Let me know if I can provide any more details.

11

Hey @tom.usher,

Thanks for the script and additional details, I will provide you with an update once we figure out the issue.

-Tommy

12

Hey @tom.usher,

Hi, we have found the root cause, this is a bug, we will fix it in the future.

Can you confirm this error happens when scheduling a Zoom Room meeting?

“{{b’{“jsonrpc”:“2.0”,“error”:{“code”:32602,“message”:“Validation Failed.”,“data”:[
{“field”:“params.password”,“message”:“Invalid field.”}
]}}’}}"

Thanks,
Tommy

13

Thanks Tommy!

Yes I get the same error when scheduling a Zoom Room meeting with the same password.

14

Hey @tom.usher,

We will be releasing the fix for this in mid July.

Thanks for your patience,
Tommy