Hi,
I am questioning around the security when using the GET /api/v2/conversations/{conversationId}/recordings api as anybody that gets the "mediaUri" link can doanload the recording.
I am seeing that the signature is passed within the uri, but the downloaded recording is not protected by any password or anything else. How safe is it, and what is the best practice here to get recordings older than 558 days?
Also how long does a cached media stay available. do we have a way to delete it after downloaded?
That "signature" is effectively a single-factor auth password. The download link is only valid for a brief period of time, 1 hour IIRC. Anyone with the very long and impossible to guess download URL with the token can download the recording. This is the same methodology used for general OAuth applications that are authorized with a token, but this recording token is even more narrowly scoped and short lived. If you try to retrieve a recording without valid authorization, you will be denied.
Storage of recordings in Genesys Cloud is controlled by recording retention policies. You can read more about configuring them on the Resource Center: Create a policy - Genesys Cloud Resource Center.
Hi Tim,
thank you for your answer, the 1 hour makes me more comfortable using it.
My question regarding the lifespan of the cached media was about the link provided by the API, so all good.
Thanks again
There is no way to forcibly inactivate a recording download URL; it will only be removed automatically once its TTL has expired. If that is a feature you would like to see in the product, you can request new features and share your use case at https://genesyscloud.ideas.aha.io/.