We are attempting to generate an access token for a Zoom Server-to-Server OAuth app to use with an automated user provisioning flow (via Make). Despite following the documentation and trying multiple tools, all requests return either:
-
"error": "invalid_client", "reason": "Invalid client_id or client_secret"
or -
"error": "invalid_request", "reason": "Bad Request"
App type: Server-to-Server OAuth
-
App status: Activated
-
Account type: Workplace Business
-
Logged in as the Account Owner when creating the app
-
Scopes added:
-
user:read:admin -
user:write:admin
-
Credentials
-
Account ID, Client ID, and Client Secret are copied directly from the App Credentials tab.
-
Base64 encoding verified manually and decoded cleanly to
ClientID:ClientSecret(no whitespace or newlines). -
No trailing spaces or newlines in headers.
Reqbin Testing
-
Method:
POST -
URL:
https://zoom.us/oauth/token?grant_type=account_credentials&account_id=[Account ID] -
Auth: Basic (Client ID / Client Secret)
-
Header:
Content-Type: application/x-www-form-urlencoded -
Body: (empty)
Result: Same 400 error, either invalid_request or invalid_client.
Changing the Auth to bearer and adding a header with the Client ID and Secret base64 encoded causes the same issue.
Any ideas where i might be going wrong?
Thanks
Hiten