400 Bad Request After Authorization Code

Hi All,
Good Day!
Getting a bad request for request token after a Authorization Code issue.
General Overview for Proof of Concept
So basically, what the application does, is create a meeting on BEHALF of USER ZOOM account. So, I created an OAuth App and follow this link: OAuth for user authorized apps,

  1. it ask permission base on my scope request --working as expected

  2. Once I click Allow it will redirect to my callback url method with Authorization Code–working as

  3. When i try to request an access and refresh token base on the authorization code , I am getting
    a bad request.

Please see code below screenshot

I did try also on postman
Please see screenshot

Thanks in advance

I had a similar problem when first authenticating. Try adding
'headers.Add(“Host”, “zoom.us”); ’
in the headers dictionary. It’s not included in the chart in the documentation but is in the example.

Alternately, and I only say this because I made this mistake too, are you useing the code within an hour of receiving it?

I tried your suggestion, adding host in the header with the value “zoom.us”, I am still getting a bad request
What version of api are you using?

Hmm, dang I thought that might work. I think I’m using the same version as you. I followed the same documentation, created Oath app to interact with the rest API for meetings and chat. The only difference is that I’m a python developer and my C knowledge is a bit rusty. Any luck when adding the Host parameter in postman?

This may just be a python vs C difference but when sending the request through the request library the body is actually sent with the params argument not the the body. Maybe try switching from Body to Params on postman and see is that works?

Can you send me your code for python if you dont mind please thank you

Sure thing, Its wrapped in a class to handle some refresh token shenanigans’ so ignore the self’s.

params = {
“code”: self.access_code,
“grant_type”: “authorization_code”,
“redirect_uri”: self.redirect_uri,
response = requests.post(
url=url, headers=self.get_authorization_header(), params=params
) # sending the URL with the needed parameters
token = None # initializing a token object
if (
): # if the call was successful update the token object, if not raise an error as no other operations can continue
token = response.json()
print(“Received token info”)
self.token = token

def get_authorization_header(self):
return {
“Host”: “zoom.us”,
“Authorization”: “Basic {}”.format(self.encode_app_credentials()),
“Content-Type”: “application/x-www-form-urlencoded”,


def encode_app_credentials(self):

auth = self.client_id + “:” + self.client_secret
auth_encode = auth.encode(“ascii”)
auth_b64 = base64.b64encode(auth_encode)
auth_value = auth_b64.decode(“ascii”)
return auth_value

Hi @somasi2023
Can you take a look at this post and see if it helps:

@somasi2023 ,

You have declared the headers, but it isn’t used in the actual _httpClient.PostAysnc request?

You are my savior @chunsiong.zoom You are the man…thank much