When a room is created, the room's
privacy setting defaults to
"public". Anyone who knows the room's URL can join a public room.
For many video call workflows, using
"public" rooms is the right approach. If you are creating rooms on the fly for one-time use, just let the room creation API endpoint automatically generate a room name for you. The room URL will be impossible to guess, so only the people you send the URL to will be able to join the room. You can also set an
exp time for the room, so that it is automatically deleted, and even people who have seen the URL to won't be able to reuse it, later.
But for other workflows, you will want to restrict access to your rooms. For example, if you are creating human-readable room names, someone could guess a room name and join a meeting uninvited. Or, if you are reusing meeting rooms, you might want to control access so that even people who have the room URL can't always join the room.
To restrict access to a room, change the room's
privacy setting to
A private room can be joined with a meeting token, by knocking, or by a logged-in user.
If you change a room from
private while there are people in the room, those people will stay in the room. Anyone else who tries to join after the room is set to
private will need to use one of those methods to get in.
A meeting token is the most flexible way to grant access to a private room. Meeting tokens can be different for each meeting participant, can be time-limited, and can include additional information about each user.
Any valid meeting token grants access to a private room. Simply create a meeting token, append it to the room URL as a
t= query parameter, and use that new URL in your workflow.
Always set the
room_nameproperty when you are using meeting tokens to control room access. A meeting token without a
room_nameproperty allows access to any room in your domain.
When a user joins a meeting, we strip token from the URL, so that users don't accidentally share or forward room URLs that include meeting tokens.
To allow users to "knock" to request access to a private room, set the room's
enable_knocking property to
When a user knocks to request access to a meeting, a room owner must be in the room to approve that join request. Pro tip: You can use our Zapier App to notify meeting owners when something is knocking.
A room owner is usually someone who joined the meeting using a meeting token with the
is_owner property set to
Updated about a month ago