Required Passwords and your Zoom Integration
UPDATE: September 27, 2020
We’ve made some changes due to developer feedback. Please refer to our new Passcode & Waiting Room doc in our Announcements page. The below article is no longer valid at this time.
To align with Zoom’s recent announcement pertaining to our 90 day security initiative, we will be requiring all previously scheduled, upcoming, and PMI meetings to require passwords to join meetings & webinars for Basic accounts on May 9th and Paid Accounts tentatively by September 27th.
How this change impacts your integration…
- Within your account settings you will no longer be able to disable passwords for meetings or webinars.
- Meetings that were scheduled previously and did not have a password will now require a password to join. A host can launch a meeting using the start_url but attendees cannot join a meeting using the join_url without a password.
- Users who save join urls without the password will not be able to join meetings unless they know the password.
- Saved join_urls without passwords from the CREATE meeting API response will not be able to join meetings without a password.
- Users will no longer be able to join meetings if you do not have a password input field set within your Web SDK integration.
- Chatbots typically create either instant meetings, or meetings scheduled to start now. One recent change on April 19 impacts chatbots that create new meetings: the addition of the embed_password_in_join_link option for user accounts. Chatbots should follow guidelines to handle automatically-generated passwords when creating meetings. In some cases, the chatbot may need to display the password, in addition to displaying the Join URL.
- Marketplace apps with event subscriptions enabled or Webhook only apps that have subscribed to meeting create or meeting update events will now receive join_urls with passwords.
- Certain integration apps such as the Zendesk, Salesforce, and LTI Pro provide only Join URL links and do not print the password as it assumes the encrypted password is in the Join URL. If the user of that integration is a basic user, then the join urls will no longer work without the password.
What actions you need to take…
Require passwords for all meetings & webinars
For account admins, to ensure that all previously scheduled meetings include passwords for all users within your account, go to your Account settings page, select and lock Require a password when scheduled new meetings feature. After locking the setting, you will see a new option to select Require a password for meetings which have already been scheduled.
Select the option then click Save, after selecting the option, you will see a new prompt for You are adding password to meetings which have already been scheduled. Click Continue, to add passwords to all previously scheduled meetings. You will also be sent an email template about this change, which you can use to communicate to your customers that all meetings will now require a password.
One click Join Url with password
To be able to have your users click the join_url to join meetings with a password, you will need to go to your Account settings page, enable Embed password in meeting link for one-click join, click Turn on, then select Lock to apply this to all users within your account. Afterwards, all meetings within your account will have a password embedded within the join link.
- Ensure your API calls for CREATE meetings include a password if you do not want one automatically generated for you.
- Verify all previous meetings that were saved include a password, if not, call the List Meetings or GET meetings API to obtain the updated password and store it within your records if needed.
- To be able to click to join meetings, you first have to enable “embed_password_in_join_link” in the Update user settings API. Then within the Create meeting and GET meetings response, you will see the password embedded within the join_url and now you are able to click to join meetings.
- Ensure that your web application accepts both username & passwords when joining meetings.
- Communicate to your customers that all meetings require a password to join meetings.
Chatbots often provide a slash command to create a scheduled Zoom meeting that starts “now”, or an instant Zoom meeting. The meeting is created on behalf of a specific user. If the meeting is a scheduled meeting, then the meeting will appear in the Meetings tab on the Zoom client of that user.
Chatbots that create meetings on behalf of a user must handle two possible user settings for passwords:
1. Users can set their Zoom account meeting settings to require a password for meetings. In addition, basic/free users are required to always have a password set for meetings. If your chatbot does not specify a password when creating the meeting, and if a password is required, then the API will automatically assign a random password, and return it in the API response.
2. For meetings that require a password, users can set their Zoom account meeting settings to omit the encrypted password as part of the Join URL meeting link. This option is part of a new embed_password_in_join_link setting for users. In this case, users must manually enter the password to join a meeting.
When a chatbot calls the API to create a meeting, and does not specify a password, the API response may contain a non-null password. If the password is present in the response, then the Join URL in the response may or may not have an encrypted password. The chatbot should handle these 3 cases:
1. If the API response does not have the password field set, then the integration can show a meeting ID to users, and optionally, a hyperlink for the Join URL. Users will be able to join the meeting either by entering the meeting ID, or using the Join URL, without entering a password.
2. If the API response contains a password, and the Join URL contains an encrypted password, then the integration should show the meeting ID to users, with the join URL hyperlink, and also optionally display the meeting password, to allow users to join the meeting by entering a meeting ID and password manually, rather than using the Join URL.
3. If the API response contains a password, and the Join URL does not have the encrypted password, then the integration should show the meeting ID to users, with the join URL hyperlink, and must also display the meeting password. Users must manually enter the password to join the meeting, even when clicking on the Join URL.
- For marketplace apps that subscribe to the meeting create & meeting update events, make sure to make adjustments on your end to accept join_urls with passwords.
- Zoom users can look in the Meetings tab of their client, and look up the password that has been retroactively assigned to meetings in the past, then inform their Zendesk / Salesforce contacts of the new password manually. Also, to add passwords to previously scheduled meetings, make sure to enable the option Require a password for meetings which have already been scheduled within your Account settings page.
We appreciate your patience and understanding as we grow.
Zoom Developer Advocate Team