For users who send Zoom bots (also referred to as a “bot”) into Zoom meetings, ensuring the bot records is the number one priority. There are many reasons why the bot might not record. For many of those situations, a Zoom join token for local recording (also known as a “Zoom join token”) can circumvent these obstacles because a join token gives a bot the required permissions to enter the meeting room and start recording.
In this guide, I’ll walk through:
- What a Zoom join token is
- When you might want to use it
- Some tradeoffs that you'll have to account for
- How to create and use a Zoom join token
Though Zoom join tokens can be used for any participant, I'll be covering Zoom join tokens in relation to bots invited by participants to record Zoom meetings.
What is a Zoom join token for local recording
To understand the usefulness of Zoom join tokens, it is first important to understand the flow of a bot. Usually, when a bot attempts to join a Zoom meeting, it is admitted into a waiting room, and then let into the meeting room upon host approval.
Once a bot joins the meeting room, the bot is able to request recording permissions from the host. The host can choose to deny the request or accept the request, where if the request is accepted, then the bot is granted permission to record.
Bot requests admission from the waiting room and recording access upon joining. The host approves both requests.
If the host doesn’t admit the bot from the waiting room and grant the bot permission to record, the bot won’t record the meeting.
When it comes to recording, the host of the meeting needs to grant local recording (also known as Zoom computer recording) to the bot. Once granted, the bot is allowed to use the local recording feature to record the meeting. A Zoom join token pre-authorizes a bot to start local recording without the host needing to give explicit permission every single time.
This means a Zoom join token allows a bot to:
-
Skip the waiting room which is the lobby where participants wait for the host to admit participants into the meeting room.
-
Automatically start recording the meeting after entering the meeting room.
You may think the join token relates to joining the meeting directly, but it doesn’t. The Zoom join token works together with the Zoom meeting URL, where:
-
Meeting URL - Contains the meeting ID and the meeting password. It tells the Zoom app or Zoom web client which meeting room the participant should join and verifies it is allowed to join the meeting.
-
Zoom Join token - Provides proof that the host pre-authorized the bot to skip the waiting room and start recording.
Why you should use a Zoom join token for local recording
The flow of admitting a bot from the waiting room and granting recording permissions is error-prone because it relies on the host to manually approve the bot’s request each time. I’ve outlined common mistakes that could prevent the bot from being granted recording permissions, all of which can be avoided by using a Zoom join token.
Common reasons the bot cannot automatically record Zoom meetings
| Root Cause | Why the bot fails to record |
|---|---|
| The host is not present in the meeting room. | A bot joins a meeting room but cannot record because the host is not present. This means the host isn’t able to respond to the bot’s request to record. |
| The host is signed into the wrong Zoom user account. | The participant acting as “host” is signed into a different account (e.g., personal vs work) so they won’t receive the request to record. This means the participant acting as “host” will not see and respond to the bot’s request to record. |
| The host misses the bot’s request to record. | The host doesn’t see the bot’s recording request popup. The user can be distracted or the popup may be out of view, making it easy to miss. This means the bot’s request to record is never acknowledged and the host never grants recording permissions to the bot. |
| The host accidentally denies the bot’s request to record. | A host may accidentally reject the bot’s request to record. This means the bot will not be able to record the call when the host wants the call to be recorded. |
The same issues apply to bots trying to go from waiting rooms to the meeting: only the host (e.g. the Zoom user account that scheduled the meeting) can see and admit the bot. If the host doesn’t let the bot in or grant recording permissions, the meeting will go unrecorded.
All of the recording consent and the waiting room failure modes outlined above can be avoided by using Zoom join tokens.
Now that you know about common failure modes that can be solved by Zoom join tokens, we can talk about real-world situations where Zoom join tokens help.
Use cases for a Zoom join token for local recording
There are several real-world applications aside from reducing missed recordings where you’d use a Zoom join token- listed below are some common use cases.
Hiring Interviews
Hiring interviews are frequently scheduled by a third party (e.g. the recruiter, executive assistants), so the third party ends up being the host, but never actually joins the meeting.
Zoom join tokens pre-authorizes notetakers to join and record meetings when the host isn’t present, guaranteeing that all interviews are recorded.
Incident war rooms
During triage, participants (including the host) often don’t have Zoom in the foreground, so admit and recording prompts get missed. The host may also step away or jump in and out, leaving no one to catch Zoom waiting room admits and recording request prompts.
Zoom join token lets a notetaker join and start recording without pulling the host out of triage, or even if the host isn’t present. This preserves a complete, reliable incident record.
Tradeoffs of using a Zoom join token for local recording
When deciding whether or not Zoom join tokens are right for your situation, consider the following tradeoffs:
-
Implementation overhead- Zoom join tokens require you to build and maintain a Zoom OAuth flow in addition to the Zoom join token flow. This adds complexity and surface area to your app.
-
Onboarding friction - The host or host’s Zoom organization admin will need to authorize your Zoom OAuth app before a Zoom join token can be created on their behalf.
-
Local recording settings must be enabled - The host must ensure their user settings permit local recording, user settings permit participants to record locally, and in-meeting settings permit participants to record locally.
-
Zoom app submission process - you must complete the Zoom app submission process for your Zoom OAuth app before being able to make this feature generally available, a process which typically takes at least a month.
If these tradeoffs make sense for your use case, the next step is to create a Zoom join token.
How to create a Zoom join token for your meeting bot to use?
In implementation, a bot is actually an instance of the Zoom Meeting SDK client. In order to create and use a Zoom join token, you will need to:
- Create a Zoom OAuth app
- Have the host of the meeting authorize Zoom OAuth permissions to your Zoom app, granting you an access token on behalf of the host
- Fetch a Zoom join token for a specific meeting using the host’s access token
- Pass the Zoom join token to the Meeting SDK client when joining the call
Step-by-step process on the development flow to create a Zoom join token.
Step 1: Create a Zoom OAuth app
The first step to creating a Zoom join token is to create a Zoom OAuth app. Zoom has a step-by-step guide that walks you through how to create a free Zoom OAuth app.
The Zoom OAuth app will require you to add basic information about your app (e.g. app name, app logo). Then when a user is prompted to grant OAuth permissions, they will see your app name, app logo, and the list of permissions requested from your account.
The user can then choose to grant OAuth permissions to your app, allowing you to proceed with creating Zoom join tokens for their account.
The Zoom OAuth consent screen that a user will be prompted with when granting Zoom OAuth permissions.
Step 2: Retrieve the access token for the user
Zoom’s OAuth 2.0 guide walks you through how to generate a refresh token and access token, where:
-
The refresh token is a long-lived token to generate short-lived access tokens as-needed.
-
The access token is a short-lived token used to interact with the Zoom API.
You will also need to add the following granular scopes to your Zoom app to be able to have the right permissions to generate a join token:
-
meeting:read:local_recording_token -
meeting:read:local_recording_token:admin
These permissions will then allow you to create the Zoom join token.
Step 3: Retrieve the Zoom join token for local recording
Once you have the access token, you can call the API to get the Zoom join token for local recording. In this request, you can configure whether you want the bot to skip the waiting room by setting the `bypass_waiting_room` query parameter.
curl -X GET \
"https://api.zoom.us/v2/meetings/$MEETING_ID/jointoken/local_recording?bypass_waiting_room=true" \
-H "Authorization: Bearer YOUR_ZOOM_OAUTH_ACCESS_TOKEN"
This cURL request will return to you a Zoom join token which you can use with the Zoom Meeting SDK.
Because the Zoom join token is short-lived (expiring after 120 seconds) and scoped to a single meeting occurrence (the meeting ID is a required path parameter in the request), you should fetch and use the Zoom join tokens just-in-time.
Step 4: Pass the Zoom join token for local recording to the bot
After you’ve obtained the Zoom join token, you can initialize the Meeting SDK client to make a bot join a meeting.
When joining a meeting, you will need to call the join() function on the Meeting SDK client and pass the Zoom join token to the join function’s config.
You must also supply a ZAK (Zoom Access Key) token alongside the Zoom join token when:
- The meeting requires users to be signed-in: Generate the ZAK using Zoom OAuth for the Zoom user the bot will authenticate as (signing-in the bot).
- The bot needs to start the meeting as host: Generate the ZAK using the host’s Zoom OAuth so the bot authenticates as the host and can start the meeting.
// First initialize the Zoom Meeting SDK as `ZoomMtg`
ZoomMtg.join({
sdkKey: "<SDK_KEY>",
signature: "<MEETING_SDK_SIGNATURE>",
meetingNumber: "<MEETING_ID>",
userName: "Your Bot",
password: "<PASSCODE_OR_EMPTY>",
recordingToken: "<LOCAL_RECORDING_JOIN_TOKEN>", // <-- pre-authorizes local recording + bypass waiting room behaviors
// zak: "<ZAK_IF_REQUIRED>" // only when meeting requires authenticated users or starting as host
});
After this, the bot should be pre-authorized with the necessary permissions to skip the waiting room and start recording the meeting upon entry.
Conclusion
In short, a Zoom join token pre-authorizes your bot to join a specific meeting and begin recording using Zoom’s local recording feature the moment it enters the meeting room. It eliminates host dependency for both admission from the waiting room and recording approval, resulting in meetings being recorded reliably every time.
If you're interested in reliably sending bots to join and record meetings with one API call, check out Recall.ai's Meeting Bot API for Zoom. You can start sending bots immediately by signing up for a self-serve account, or chat with our team to help figure out if Recall.ai is the right solution for you.
Appendix
Zoom OAuth vs Zoom join tokens
Zoom OAuth is equivalent to delegated sign-in permissions; it lets your app use Zoom’s APIs on behalf of a specific user or Zoom organization. However, Zoom OAuth access tokens only authorize Zoom API calls, while join tokens are meeting-scoped credentials that let a Meeting SDK client join a specific meeting and start recording.
Note that you will need an Zoom OAuth access token to generate a Zoom join token.
Zoom app review submission process
The Zoom app review submission is the approval process for both Meeting SDK and Zoom OAuth marketplace-published apps. This is required to create a Zoom join token because the Zoom join token api requires a Zoom OAuth access token.
The Zoom app review process is designed to ensure that any app in their marketplace is production-ready and complies with Zoom’s policies. As part of the app review submission, you will register your Zoom app, declare scopes (permissions requested from users), supply branding, security, and policy docs.
Then Zoom’s reviewers will verify functionality, permissions, user experience, branding, security, and compliance using test accounts and step-by-step instructions you provide to test your app’s feature functionality.
Timelines vary by scope and submission quality, but plan on roughly a few weeks with at least one feedback iteration from the Zoom reviewers.
What are the different ways to grant Zoom recording permissions?
Zoom join tokens and manually prompting the host for recording permissions are two ways to get recording permissions as mentioned in the definition of a Zoom join token for local recording.
How to make a Zoom bot skip the waiting room?
There are several ways to let a bot skip the waiting room:
- The host of the meeting can disable the waiting room, allowing all participants to enter the call.
- The bot can use a Zoom join token which allows a host to pre-authorize the bot to skip the waiting room and enter the meeting room. This is covered in greater detail where I explain what a Zoom join token for local recording is.
Are there other ways to allow a Zoom bot to automatically record?
The only way to let a bot automatically start recording is to provide it with a Zoom join token when it joins the call. You can read more about how to do this where I explain how to create a Zoom join token for local recording.
