cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2032
Views
2
Helpful
10
Replies

Listed/Unlisted meetings visibility

Greetings, 

In site admin, there's an option "All meetings must be unlisted", which will make all meetings for an organization unlisted by default. https://developer.cisco.com/docs/webex-meetings/#!site-admin-changes-on-api/side-effects-site-admin-changes-on-the-api

This would make it impossible to retrieve such meetings details through the API, unless meeting password is provided in headers. 

However, I have noticed, that this isn't an issue if the meeting was created by the same account the integration app is created.

Is this by design? Also, if it is - will it work the same way, if the integration app was created by the organization admin (thus giving an application to access all unlisted meetings within the organization)?

Thank you

  

1 Accepted Solution

Tested with those exact scopes and was successful as well. However, if the hostEmail wasn't included in the get participants request then it would return the error you're seeing.
Can you try a request like this:
GET https://webexapis.com/v1/meetingParticipants?meetingId=<meetingInstanceId>&hostEmail=<hostEmail> 

Note the meetingInstanceId is the one formatted as XXXX_I_XXXX and is the value of "id" when you query GET /meeting with meetingType=meeting. Setting meetingType=meeting should be done when you want to pull inProgress or ended meeting instances as it's possible for a meeting to have multiple instances, if someone stopped and restarted the same meeting, so you'll want to make sure you're querying for the correct instance of a meeting.

View solution in original post

10 Replies 10

Janos Benyovszki
Cisco Employee
Cisco Employee

@MaksymRossiitsev I'm not sure I'm following you here. So how are you able to get the meeting details without password? Which integration are you talking about? Is that an integration that was used to create the meeting? It might have something to do with host accounts, can that be the case? If you want you can open a ticket - email to devsupport@webex.com - with us with all the details (emails and full API requests) and we can look into it.

Any help with this would be appreciated, 

Thank you  

I will explain the scenario that I have, so maybe this would be more clear  

So I have this use case where an Integration application should track meetings within the organization, based on the fact of specific users being invited to the meeting. 

The structure would be like: 1 integration application, 5 users that are being invited to WebEx meetings. The integration application must track such meetings, read its participants, etc. 

I have noticed that it works just fine if the integration application is accessing meetings of the user, on behalf of which the integration app was created. But for all other users - it is able to list the meetings through meetings API, but it is unable to read such meetings details and meeting participants, regardless of whether the meeting is set to "publicly listed" or not. 

So I was wondering, if this is only meeting host<>integration app that this scenario would work for, or is there other way to elevate integration app permissions, so it has access to all meetings and participants (at least ones that are publicly listed, but not have app creator as a meeting host)

 

(For instance, trying to read listed meeting works fine, but trying to access its participants ends up with an error - "The server understood the request, but refused to fulfill it because the access token is missing required scopes or the user is missing required roles or licenses.", even though the application has the meeting:admin_participants_read scope added and authorized by the admin. Is there other scope(s) that should be used for other scenario?)

 Thank you

We would need trackingIds from the failed request to look into this further. An org full admin should be able to pull all meeting and participant details for any meetings hosted by members of their org, they would just need to define the hostEmail with the host of the meeting. Can you send the details of your requests and the trackingds for failed requests to devsupport@webex.com?

Hi @Jeff Marshall 

Sorry, I think I might've been a bit unclear on this one, let me explain: 

Currently, my work account isn't full organization admin. I have used it to create an integration application with meeting:admin_participants_read scope, authorized by the organization admin. 

What I would expect by doing so, is for my integration application to being able to access all meetings in the organization. However, I am unable to retrieve such meetings details and participants, with the following error: 

{"message":"The server understood the request, but refused to fulfill it because the access token is missing required scopes or the user is missing required roles or licenses.","trackingId":"ROUTER_64393B69-3F2C-01BB-013C-AC12DD94013C"}

So the question is - is it because my user, on behalf of which the integration app was created, isn't full organization admin (currently it's elevated to Advanced Troubleshooting), or for some other reasons? 

And would it potentially work if the integration app is created by full organization admin instead? 

The scopes that are granted atm are "spark:kms meeting:schedules_read meeting:participants_read meeting:admin_participants_read meeting:admin_schedule_read" (as per https://webexapis.com/v1/access_token response, which means that :admin ones were authorized by the full org admin)

Thank you   

It doesn't matter who creates an integration. When a user authorizes with an integration, regardless of who created it, their roles within their own org are checked before scopes are applied to the token. If they're missing a required role for specific scopes that were requested then those scopes simply won't be applied to the token. I can confirm from the trackingId that the user that made the request is a full admin of their org. What I can't see is if the token used actually has the correct scopes applied to it, would need the token to validate it and verify what scopes were actually assigned. I did test listing meeting participants for a listed meeting that was inProgress and after it had ended that was owned by another host and it did return the participants correctly for the admin that made the API requests. I tested using the token generated by the dev portal. What are the exact scopes that you have selected on your integration? We can try to reproduce using a token generated by an integration once we know all of the scopes that you have selected on your integration so we can mimic it.

Sure, this would be very helpful. 

What information do you need then? (that is safe to share here) 

I can confirm that the applied scopes are "spark:kms meeting:schedules_read meeting:participants_read meeting:admin_participants_read meeting:admin_schedule_read", as these are the scopes that were provided in a token generation response (based on refresh token, the access/refresh tokens are obscured for security reasons):

{
   "access_token":"******",
   "expires_in":1209599,
   "refresh_token":"******",
   "refresh_token_expires_in":7770591,
   "token_type":"Bearer",
   "scope":"spark:kms meeting:schedules_read meeting:participants_read meeting:admin_participants_read meeting:admin_schedule_read"
}

 The endpoint I'm using for participants retrieval is 

/v1/meetingParticipants?meetingId={meetingId}

Thank you

Tested with those exact scopes and was successful as well. However, if the hostEmail wasn't included in the get participants request then it would return the error you're seeing.
Can you try a request like this:
GET https://webexapis.com/v1/meetingParticipants?meetingId=<meetingInstanceId>&hostEmail=<hostEmail> 

Note the meetingInstanceId is the one formatted as XXXX_I_XXXX and is the value of "id" when you query GET /meeting with meetingType=meeting. Setting meetingType=meeting should be done when you want to pull inProgress or ended meeting instances as it's possible for a meeting to have multiple instances, if someone stopped and restarted the same meeting, so you'll want to make sure you're querying for the correct instance of a meeting.

Oh, yes, this was it! My problem was that I haven't included hostEmail qs parameter. Interestingly, that it worked for the meetings that my user is a host of. 

Yes, this is how I use it in terms of ids and meetingTypes so far. Everything seems to work fine on that front, so my real issue was missing hostEmail qs parameter, I have probably missed it in the documentation...

But the issue seems to be resolved now, thank you so much for the help!  

Happy to help!