# Meeting API Security Enhancements
On December 20th, 2020, the **Require that all meetings are secured with one security option** security setting was added to all Zoom customers' [**Account Settings**](https://zoom.us/account/setting) tab in the **Security** section. This setting is **automatically enabled and locked** for **single license users**, **Pro accounts with 2 or more licenses**, and **Business accounts with 10 to 100 licenses**. All meetings scheduled by these types of accounts **must** be secured with one of the following security options:
- A [passcode](https://support.zoom.us/hc/en-us/articles/360033559832-Zoom-Meeting-and-Webinar-passcodes).
- The [**Waiting Room**](https://support.zoom.us/hc/en-us/articles/115000332726-Waiting-Room) feature.
- The [**Only authenticated users can join meetings**](https://support.zoom.us/hc/en-us/articles/4406604615693-Requiring-authentication-to-join-a-meeting-webinar) setting.
If you disable all three settings (for example, `password = null`, `waiting_room = false`, `meeting_authentication = false`) in the Request Body of the [**Create a meeting**](/docs/api/meetings/#tag/meetings/POST/users/{userId}/meetings) or [**Update a meeting**](/docs/api/meetings/#tag/meetings/PUT/meetings/{meetingId}/status) API requests, Zoom will **overwrite** the provided values to enable at least one of these settings. In such cases, note the values returned in the [**Create a meeting**](/docs/api/meetings/#tag/meetings/POST/users/{userId}/meetings)
API Response Body or use the [**Get a meeting**](/docs/api/meetings/#tag/meetings/GET/meetings/{meetingId}) API to fetch and store accurate information regarding the meeting's applied security settings.
> Note the following when creating and updating meetings scheduled via the [Zoom web portal](https://zoom.us/account) versus the Zoom API:
>
> - Creating meetings via the Zoom web portal synchronizes your scheduler settings.
> - Meetings created via the Zoom API do **not** synchronize your Zoom web portal scheduler settings. Instead, the API **requires** that the user set the meeting's options in the API's Request Body.
The [**Require that all meetings are secured with one security option**](https://support.zoom.us/hc/en-us/articles/360059665892-Requiring-meetings-to-have-one-security-option) setting can only be disabled by **Enterprise**, **API**, **Business (with more than 100 licenses)**, and **Education** users.
## About this document
This document outlines how this requirement impacts the response of your Zoom [**Create a meeting**](#create-a-meeting-api) and [**Update a meeting**](#update-a-meeting-api) API requests in different scenarios. For each of the scenarios outlined below, the following request parameters apply:
- **Waiting Room** — The value for the `waiting_room` field is either not provided (`null`) or set as `true` or `false`.
- **Passcode** — The value for the `password` field is either not provided (`null`), set as an empty string (`""`), or a valid value.
- **Only authenticated users can join meetings** — The value for the `authentication_option` field is either not provided (`null`), set as an empty string (`""`), or a valid value.
## Create a meeting API
| | Settings | Result |
| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Scenario 1** | The Waiting Room, passcode, and authentication setting are enabled and locked for users in the account. | The Waiting Room, passcode, and authentication setting are enabled for the meeting. In the response, the `waiting_room` and `meeting_authentication` field values are `true`. The `password` and `authentication_option` field values are set to the values provided in the request. If you do **not** provide a value for the `password` field in the request, a valid password is automatically generated by Zoom and is included in the request's response. If a value for the `authentication_option` field is **not** provided in the request, Zoom automatically generates a default value and includes it in the request's response. |
| **Scenario 2** | The Waiting Room is disabled and locked. The passcode and authentication setting are either enabled or disabled without being locked. | The Waiting Room remains disabled. If valid values are provided for the `password`, `meeting_authentication`, and `authentication_option` fields, the same values are applied to the meeting. If a value is **not** provided for the `password` field and the value of the `meeting_authentication` field is `false`, Zoom automatically generates a valid password and includes it in the request's response. |
| **Scenario 3** | The authentication setting is disabled and locked. The Waiting Room and passcode settings are either enabled or disabled without being locked. | The meeting authentication setting remains disabled. The Waiting Room is automatically enabled if you do **not** provide a value for the `password` field in the request. |
| **Scenario 4** | The Waiting Room and authentication setting are either enabled or disabled without being locked. The passcode is disabled and locked. | The passcode remains disabled. If the values the `waiting_room` and `meeting_authentication` fields are set to `false`, Zoom automatically enables the Waiting Room. |
| **Scenario 5** | The Waiting Room and passcode settings are disabled and locked. The authentication setting is either enabled, enabled and locked, or disabled without being locked. | The Waiting Room and passcode remain disabled. The authentication setting is enabled. If a value for the `authentication_option` field is **not** provided in the request, Zoom automatically generates a default value and includes it in the request's response. |
| **Scenario 6** | Both the Waiting Room and authentication setting are disabled and locked. The passcode is either enabled, enabled and locked, or disabled without being locked. | The Waiting Room and authentication setting remain disabled. If you do **not** provide a value for the `password` field in the request, Zoom automatically generates a valid password and includes it in the request's response. |
| **Scenario 7** | Both the passcode and authentication setting are disabled and locked. The Waiting Room is either enabled, enabled and locked, or disabled without being locked. | The Waiting Room is enabled for the meeting. The authentication setting and passcode remain disabled. |
| **Scenario 8** | The Waiting Room is enabled and locked. The passcode and authentication setting are either enabled or disabled without being locked. | The Waiting Room is enabled for the meeting. If valid values are provided for the `password`, `meeting_authentication`, and `authentication_option` fields, the same values are applied to the meeting. If a value is **not** provided for these fields, the meeting will **not** be password protected and will **not** have meeting authentication requirements. |
| **Scenario 9** | The passcode is enabled and locked. The Waiting Room and authentication setting are either enabled or disabled without being locked. | The passcode is enabled for the meeting. If you do **not** provide a value for the `password` field in the request, Zoom automatically generates a valid password and includes it in the request's response. If valid values are provided for the `password`, `meeting_authentication`, and `authentication_option` fields, the same values are applied to the meeting. If values for these settings are **not** provided, they will remain disabled. |
| **Scenario 10** | The authentication setting is enabled and locked. The Waiting Room and passcode settings are either enabled or disabled without being locked. | The authentication setting is enabled. If a value for the `authentication_option` field is not provided in the request, Zoom automatically generates a default value and includes it in the request's response. The Waiting Room and passcode may be enabled or disabled depending on the values provided in the Request Body. |
| **Scenario 11** | Both the Waiting Room and passcode settings are enabled and locked. The authentication setting is either enabled or disabled without a lock. | The Waiting Room and passcode are enabled for the meeting. If you do **not** provide a value for the `password` field in the request, Zoom automatically generates a valid password and includes it in the request's response. If valid values are provided for the `meeting_authentication` and `authentication_option` fields, the same values are applied to the meeting. |
| **Scenario 12** | Both the Waiting Room and authentication setting are enabled and locked. The passcode is either enabled or disabled without a lock. | The Waiting Room and authentication setting are enabled and applied to the meeting. If a value for the `authentication_option` field is not provided in the request, Zoom automatically generates a default value and includes it in the request's response. If you do **not** provide a value for the `password` field in the request, the meeting will **not** have a passcode. |
| **Scenario 13** | The passcode and authentication setting are both enabled and locked. The Waiting Room is either enabled or disabled without being locked. | The passcode and authentication remain enabled. If you do **not** provide a value for the `password` field in the request, Zoom automatically generates a valid password and includes it in the request's response. If you do **not** provide a value for the `authentication_option` field in the request, Zoom automatically generates a default value and includes it in the request's response. The Waiting Room is enabled only if the `waiting_room` field's value is set to `true` in the Request Body. |
| **Scenario 14** | The passcode is enabled and locked. The Waiting Room is either enabled or disabled. The authentication setting is disabled and locked. | The passcode is enabled for the meeting. If you do **not** provide a value for the `password` field in the request, Zoom automatically generates a valid password and includes it in the request's response. The Waiting Room is enabled only if the `waiting_room` field's value is set to `true` in the Request Body. The authentication setting remains disabled and will **not** be applied to the meeting. |
| **Scenario 15** | The authentication setting is enabled and locked. The Waiting Room is either enabled or disabled without being locked. The passcode is disabled and locked. | The authentication setting is enabled. If you do **not** provide a value for the `authentication_option` field in the request, Zoom automatically generates a default value and includes it in the request's response. The Waiting Room is enabled only if the `waiting_room` field's value is set to `true` in the Request Body. The passcode remains disabled. |
| **Scenario 16** | The Waiting Room is enabled and locked. The passcode is either enabled or disabled. The authentication setting is disabled and locked. | The Waiting Room is enabled for the meeting. A `passcode` is applied only if a valid value is provided for the `password` field in the Request Body. The authentication setting remains disabled. |
| **Scenario 17** | The authentication setting is enabled and locked. The passcode is either enabled or disabled. The Waiting Room is disabled and locked. | The authentication setting is enabled. If you do **not** provide a value for the `authentication_option` field in the request, Zoom automatically generates a default value and includes it in the request's response. A passcode is applied only if a valid value is provided for the `password` field in the Request Body. The Waiting Room remains disabled. |
| **Scenario 18** | The Waiting Room is enabled and locked. The passcode is disabled and locked. The authentication setting is either enabled or disabled. | The Waiting Room is enabled for the meeting. The passcode remains disabled. If valid values are provided for the `meeting_authentication` and `authentication_option` fields, the same values are applied to the meeting. |
| **Scenario 19** | The passcode is enabled and locked. The Waiting Room is disabled and locked. The authentication setting is either enabled or disabled. | The passcode is enabled for the meeting. If you do **not** provide a value for the `password` field in the request, Zoom automatically generates a valid password and includes it in the request's response. The Waiting Room remains disabled. If valid values are provided for the `meeting_authentication` and `authentication_option` fields, the same values are applied to the meeting. |
| **Scenario 20** | The passcode and authentication setting are enabled and locked. The Waiting Room is disabled and locked. | The passcode and authentication are enabled. If you do **not** provide a value for the `password` field in the request, Zoom automatically generates a valid password and includes it in the request's response. If you do **not** provide a value for the `authentication_option` field in the request, Zoom automatically generates a default value and includes it in the request's response. The Waiting Room remains disabled. |
| **Scenario 21** | The Waiting Room and authentication setting are enabled and locked. The passcode is disabled and locked. | The Waiting Room and authentication setting are enabled. If you do **not** provide a value for the `authentication_option` field in the request, Zoom automatically generates a default value and includes it in the request's response. The passcode will remain disabled. |
| **Scenario 22** | The Waiting Room and passcode settings are enabled and locked. The authentication setting is disabled and locked. | The Waiting Room and passcode are enabled for the meeting. If you do **not** provide a value for the `password` field in the request, Zoom automatically generates a valid password and includes it in the request's response. The authentication setting remains disabled. |
| **Scenario 23** | All three settings are either enabled or disabled without a lock. | The settings are applied based on the values provided in the Request Body. If none of the security options are enabled in the request, Zoom automatically enables the Waiting Room for the meeting. |
## Update a meeting API
| | Settings | Result |
| --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Scenario 1** | The Waiting Room, passcode, and authentication setting are enabled and locked. | The Waiting Room remains enabled. The value of the `waiting_room` field in the API response is `true`. If the meeting did not previously have a passcode and you do **not** provide a value for the `password` field in the request, Zoom automatically generates a valid password and includes it in the request's response. If the meeting did not previously have a passcode and you you do **not** provide a value for the `password` field in the request, the passcode previously set for the meeting remains active. The authentication setting is enabled. If you do **not** provide a value for the `authentication_option` field in the request and the meeting did not previously have an authentication option, Zoom automatically generates a default value and includes it in the request's response. If you do **not** provide a value for the `authentication_option` field in the request and the meeting previously had an `authentication_option` field value, the previous value remains active. |
| **Scenario 2** | The Waiting Room is disabled and locked. The passcode and authentication setting are either enabled or disabled without a lock. | The Waiting Room remains disabled. If you do **not** provide a value for the `password` field in the request and the value of `meeting_authentication` field is `false`, one of these settingsare automatically enabled: - If the meeting did not previously have either of these fields, Zoom automatically generates a new password and includes it in the request's response.
- If the meeting previously had valid values for one or both of these fields, the same values remain active after the request.
|
| **Scenario 3** | The passcode is disabled and locked. The Waiting Room and authentication setting are either enabled or disabled. | The passcode remains disabled. If the values of the `waiting_room` and `meeting_authentication` fields are `false` in the request, Zoom automatically enables the Waiting Room for the meeting. |
| **Scenario 4** | The authentication setting is disabled and locked. The passcode and Waiting Room settings are either enabled or disabled without a lock. | The authentication setting remains disabled. If the values of the `waiting_room` and `passcode` fields are `false` in the request, Zoom automatically enables the Waiting Room for the meeting. |
| **Scenario 5** | The Waiting Room and passcode settings are disabled and locked. The authentication setting is either enabled without a lock, enabled and locked, or disabled without a lock. | The Waiting Room and passcode remain disabled. The authentication setting is enabled. If you provide a valid `authentication_option` field value, the same value is used for the meeting. If no value is provided for the `authentication_option` field in the request but the meeting previously had a value for this field, the previous value remains active. If a value for the `authentication_option` field is not provided in the request and the meeting previously did not have a value set for this field, Zoom will automatically set a default value for this field. |
| **Scenario 6** | The Waiting Room and authentication setting are disabled and locked. The passcode is either enabled without a lock, enabled and locked, or disabled without a lock. | The Waiting Room and authentication setting remain disabled and locked. The passcode is enabled for the meeting. If you do **not** provide a value for the `password` field in the request and the meeting previously had a password, the same value remains active. If you do not provide a value for the `password` field in the request and the meeting previously did **not** have a password, Zoom automatically generates a valid password and includes it in the request's response. |
| **Scenario 7** | The passcode and authentication setting are disabled and locked. The Waiting Room is either enabled without a lock, enabled and locked or disabled without a lock. | The passcode and authentication setting remain disabled. The Waiting Room is enabled for the meeting. |
| **Scenario 8** | The Waiting Room is enabled and locked. The passcode and authentication setting are either enabled or disabled without a lock. | The Waiting Room remains enabled. If you provide valid values for `password` and `meeting_authentication` fields in the request, these values are applied to the meeting. |
| **Scenario 9** | The passcode is enabled and locked. The Waiting Room and authentication setting are either enabled or disabled without a lock. | The passcode is enabled for the meeting. If you do **not** provide a value for the `password` field in the request and the meeting previously had a password, the same value remains active. If you do **not** provide a value for the `password` field in the request and the meeting did not previously have a password, Zoom automatically generates a valid password and includes it in the request's response. If valid values for the `waiting_room` and `meeting_authentication` fields are provided in the request, they are applied to the meeting. |
| **Scenario 10** | The authentication setting is enabled and locked. The Waiting Room and passcode settings are either enabled or disabled without a lock. | The authentication setting is enabled. If you provided a valid value for the `authentication_option` field, the same value is used for the meeting. If you do **not** provide a value for the `authentication_option` field in the request but the meeting previously had a value for this field, the previous value remains active. If a value for the `authentication_option` field is not provided in the request and the meeting did not previously have a value set for this field, Zoom automatically generates a default value and includes it in the request's response. If valid values for `password` and `waiting_room` fields are provided in the request, they are applied to the meeting. |
| **Scenario 11** | The Waiting Room and passcode settings are enabled and locked. The authentication setting is either enabled or disabled without being locked. | The Waiting Room and passcode remain enabled. If you do **not** provide a value for the `password` field in the request and the meeting previously had a password, the previous value remains active. If you do **not** provide a value for the `password` field in the request and the meeting did not previously have a password, Zoom automatically generates a valid password and includes it in the request's response. If valid values are provided for the authentication setting, the same values are applied to the meeting. |
| **Scenario 12** | The Waiting Room and authentication setting are enabled and locked. The passcode is either enabled or disabled without being locked. | The Waiting Room and authentication setting remain enabled. If you provide a valid `authentication_option` field value, the same value is used. If you do **not** provide a value for the `authentication_option` field in the request but the meeting previously had a value for this field, the previous value remains active. If a value for the `authentication_option` field is **not** provided in the request and the meeting did not previously have a value set for this field, Zoom automatically generates a default value and includes it in the request's response. The meeting will have a passcode if you provide a valid `password` field value in the request. |
| **Scenario 13** | The passcode and authentication setting are enabled and locked. The Waiting Room is either enabled or disabled without being locked. | The passcode and authentication setting remain enabled. If you provide a valid `authentication_option` field value, the same value is used. If you do **not** provide a value for the `authentication_option` field in the request but the meeting previously had a value for this field, the previous value remains active. If you do **not** provide a value for the `authentication_option` field in the request and the meeting did not previously have a value set for this field, Zoom automatically generates a default value and includes it in the request's response. If you do **not** provide a value for the `password` field in the request and the meeting previously had a password, the same value remains active. If you do **not** provide a value for the `password` field in the request and the meeting did not previously have a password, Zoom automatically generates a valid password and includes it in the request's response. |
| **Scenario 14** | The passcode is enabled and locked. The Waiting Room is either enabled or disabled without being locked. The authentication setting is disabled and locked. | The authentication setting remains disabled. A passcode is applied to the meeting. If you do **not** provide a value for the `password` field in the request and the meeting previously had a password, the same value remains active. If you do **not** provide a value for the `password` field in the request and the meeting did not previously have a password, Zoom automatically generates a valid password and includes it in the request's response. |
| **Scenario 15** | The authentication setting is enabled and locked. The passcode is disabled and locked. The Waiting Room is either enabled or disabled without being locked. | The passcode remains disabled. The authentication setting remains enabled. If you provide a valid `authentication_option` field value, the same value is used. If you do **not** provide a value for the `authentication_option` field in the request but the meeting previously had a value for this field, the previous value remains active. If you do **not** provide a value for the `authentication_option` field in the request and the meeting did not previously have a value set for this field, Zoom automatically generates a default value and includes it in the request's response. |
| **Scenario 16** | The Waiting Room is enabled and locked. The authentication setting is disabled and locked. The passcode is either enabled or disabled without being locked. | The Waiting Room remains enabled. The authentication setting is disabled. The meeting will have a new passcode only if a valid `password` field value is provided in the request. |
| **Scenario 17** | The authentication setting is enabled and locked. The Waiting Room is disabled and locked. The passcode is either enabled or disabled without being locked. | The Waiting Room remains disabled. The authentication setting remains enabled. If you provide a valid `authentication_option` field value, the same value is used. If you do **not** provide a value for the `authentication_option` field in the request but the meeting previously had a value for this field, the previous value remains active. If a value for the `authentication_option` field is **not** provided in the request and the meeting did not previously have a value set for this field, Zoom automatically generates a default value and includes it in the request's response. The passcode for the meeting is only updated if you provide a valid `password` field value in the request. |
| **Scenario 18** | The Waiting Room is enabled and locked. The passcode is disabled and locked. The aAuthentication setting is either enabled or disabled without being locked. | The Waiting Room remains enabled. The passcode remains disabled. The authentication setting is updated for the meeting only if valid values are provided for the `meeting_authentication` and `authentication_option` fields in the request. |
| **Scenario 19** | The passcode is enabled and locked. The Waiting Room is disabled and locked. The authentication setting is either enabled or disabled without being locked. | The Waiting Room remains disabled. The passcode is enabled. If you do **not** provide a value for the `password` field in the request and the meeting previously had a password, the same value remains active. If you do **not** provide a value for the `password` field in the request and the meeting did not previously have a password, Zoom automatically generates a valid password and includes it in the request's response. The authentication setting is updated for the meeting only if valid `meeting_authentication` and `authentication_option` field values are provided in the request. |
| **Scenario 20** | The Waiting Room is disabled and locked. The passcode and authentication setting are enabled and locked. | The Waiting Room remains disabled. The passcode and authentication setting are applied to the meeting. If you do **not** provide a value for the `password` field in the request and the meeting previously had a password, the same value remains active. If you do **not** provide a value for the `password` field in the request and the meeting previously did **not** have a password, Zoom automatically generates a valid password and includes it in the request's response. If you provide a valid `authentication_option` field value, the same value is used. If you do **not** provide a value for the `authentication_option` field in the request but the meeting previously had a value for this field, the previous value remains active. If a value for the `authentication_option` field is not provided in the request and the meeting did not previously have a value set for this field, Zoom automatically generates a default value and includes it in the request's response. |
| **Scenario 21** | The Waiting Room and authentication setting are enabled and locked. The passcode is disabled and locked. | A passcode will is not applied to the meeting. The Waiting Room and authentication setting remain enabled. If you provide a valid `authentication_option` field value, the same value is used. If you do **not** provide a value for the `authentication_option` field in the request but the meeting previously had a value for this field, the previous value remains active. If you do **not** provide a value for the `authentication_option` field in the request and the meeting did not previously have a value set for this field, Zoom automatically generates a default value and includes it in the request's response. |
| **Scenario 22** | The Waiting Room and passcode settings are enabled and locked. The authentication setting is disabled and locked. | The authentication setting remains disabled. The Waiting Room and passcode are enabled for the meeting. If you do **not** provide a `password` field value in the request and the meeting previously had a password, the same value remains active. If you do **not** provide a `password` field value in the request and the meeting previously did not have a password, Zoom automatically generates a valid password and includes it in the request's response. |
| **Scenario 23** | The Waiting Room, passcode, and authentication setting are either enabled or disabled without being locked. | If you attempt to disable all three settings using via request, Zoom enables at least one of the settings: - If the meeting did **not** have any of these settings enabled prior to the request, Zoom automatically enables the Waiting Room for the meeting.
- If the meeting had any or all of these settings enabled prior to the request, the same settings remain enabled after the request.
|