I’m trying to deactivate user accounts in my org, and I’m receiving a 2300 error message when I try to do so.
Context:
- I’m using the
/users/{userId}/statusendpoint - I’m substituting
{userId}with the user’s email address - Using OAuth
- Scopes:
user:read:admin,user:write:admin,report:read:admin,report:master - Integration script is written in powershell.
- My minimal test script successfully deactivates a single user’s account on both my personal machine (powershell 7) and the server (powershell 5.1) running my org’s integration
- The full integration script is where deactivation fails with error 2300 (api endpoint not found/doesn’t exist).
- I realize this means the issue lies in the full integration script, but I’m hoping for some hints or insights that will help me find the issue. I did not write the thing originally–but somehow the responsibility of maintaining it and adding new features (like disabling zoom accounts) has fallen to me
- I’ve verified that both scripts are using the same client ID and client Secret
- in the main integration, I manage to read the user’s zoom account status. This seems to require the access token, so it seems reasonable to assume my client id/secret are working
Minimal test script:
# SETUP
$Zoom = Import-PowershellDataFile -Path $env:ZOOM
$clientID = $Zoom.clientID
$clientSecret = $Zoom.clientSecret
# REQUEST ACCESS TOKEN:
$headers = @{
Authorization = "Basic " + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("${clientID}:${clientSecret}"))
"Content-Type" = "application/x-www-form-urlencoded"
}
$body = @{
grant_type = "account_credentials"
account_id = $Zoom.accountID
}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12
$response = Invoke-WebRequest `
-Uri "https://zoom.us/oauth/token" `
-Method Post `
-Headers $headers `
-Body $body
$accessToken = ($response.Content | ConvertFrom-Json).access_token
Write-Host "Access Token: $accessToken"
# IN MAIN LOOP, UPDATE USER STATUS:
$headers = @{
Authorization = "Bearer $accessToken"
"Content-Type" = "application/json"
}
$userID = "test@org.org" #made-up email for this example only, obviously not in the main integration that uses different userID's per loop iteration
$apiURL = "https://api.zoom.us/v2/users/$userID/status"
$status = @{action = 'deactivate'} | ConvertTo-Json
Write-Output "Full endpoint URL: $apiURL"
try {
$response = Invoke-RestMethod `
-ErrorAction stop `
-Uri $apiURL `
-Method Put `
-Headers $headers `
-Body $status
}
catch {
$response = "No return from Invoke-RestMethod"
Write-Output "Error: $_"
}
Again, this test example seems to run on the same server just fine.
The integration script has the same setup phase before it enters its main program loop, which just iterates over every user in our org. During this setup phase, I fetch the access token. During the loop (which is everything below #UPDATE USER STATUS), I try to deactivate the user’s account, if the user has one, and other conditions for it to be deactivated are met.
What am I doing wrong?