Account ID doesn't exist in decoded Chatbot access token

Hello! I’m creating a Chatbot and trying to get the account_id so that I have the info that I need to send messages, but am having a hard time with finding where I can get it – and I specifically need the information when the app is installed, and not via the payload found in webhooks when the bot is interacted with.

I have the auth process set up and am receiving an access token for the chatbot and am able to post messages with it successfully when I hardcode my own account ID, so I know that it’s set up properly. I saw this forum post which suggests decoding the access token and getting the aid value. I tried that, but the data for my token looks like this (with all values other than ver, aud, and type` redacted):

{
'aud': 'https://oauth.zoom.us',
'uid': 'abc', 
'ver': 7, 
'auid': 'abc',
'nbf': 123,
'iss': 'abc',
'gno': 0, 
'exp': 123, 
'type': 2,
'iat': 123, 
'jti': 'abc'
}

There’s no aid key in there, and none of the actual values correspond to my account ID. I did notice that when I switched the OAuth process for the chatbot to use the authorization_code grant type instead of client_credentials, the account ID key was present – but then that access token doesn’t work with the chatbot API and I can’t post any messages. I also can’t use the access token to get the current user’s info, where that account ID would also be.

It feels like I must be missing something, the account ID is really important information so I can’t imagine that there would be no way of getting it. How can I access this info?

Hi Aleksandra,

At the moment, we do not have a direct way of providing app developers with the accountID of the user who installs their app.

The easiest way right now to get the account ID is:
1] Select the user read scope for your app
2] When the user installs the app, zoom will redirect them to your redirect URL, you need to capture their userID (as you are currently doing)
3] Call the get user API to get the account ID.

Again, I wish there was an easier way to do this, but there isnt at the moment. That said, I will be creating a feature request to add a “app_authorized” event just like the deauthorized one. Follow our changelog to stay updated with the latest updates.

Hi Ojus,

Thanks for the reply, but unfortunately that solution isn’t working either. Here’s a screenshot of requests that I’m making to post a chat message successfully, and then one to get my user information which fails with a 400, and shows that I have both the user:read:admin and imchat:bot scopes.

The call to the users endpoint only works when I request the access token using authorization_code as the grant type, but that token then doesn’t work with the chatbot endpoint (only the ones generated using client_credentials as the grant type work with that).

So it sounds like I would need to have both this chatbot app and a separate app where the same user needs to authorize both, and then match the user ID value from the decoded access token in the chatbot app against the result from the call to users/me, just to get the account ID.

It still feels like there must be something missing here because I see apps in the marketplace that are written by Zoom and request both the im:chatbot and user:read:admin scopes, so there must be a way of authorizing for both of those with the same app and same grant type?

To update for anyone else who might run into this same issue, I figured out what was going wrong.

TLDR once the admin has authorized the app, you need to do two requests: one to get the OAuth token (using the authorization_code grant type) and another to get the Chatbot token (using the client_credentials grant type) and store those separately, and use the appropriate one for each type of API call.

More info here: https://marketplace.zoom.us/docs/guides/auth/oauth/#oauth-with-chatbots