AI Call Summary 400 Error Despite Correct Scope (phone:read:ai_call_summary:master)

API and Webhooks
1

Hi Zoom Devs,

I’m implementing the new AI Call Summary APIs from the April 14, 2025 Phone Changelog and I’m encountering a recurring issue when trying to retrieve AI call summaries.

Despite including the required scope (phone:read:ai_call_summary:master) in my Server-to-Server OAuth app, the following response is returned when I make a request to:

GET /v2/accounts/{accountId}/phone/user/{userId}/ai_call_summary/{aiCallSummaryId}

Response:

{
  "code": 104,
  "message": "Invalid access token, does not contain scopes: [phone:read:ai_call_summary:master]."
}

:white_check_mark: Confirmations:

  • The scope is listed under the app’s scopes in the Zoom Marketplace dashboard.
  • A fresh access token is generated after scope changes.
  • I’ve re-authorized the app and double-checked that the new token is being used.
  • I’ve confirmed I’m not mixing dev vs prod environments.

Thanks in advance — looking forward to resolving this so I can use the new AI Call Summary features as documented.

3 Likes
2

Encountering the same issue:

Invalid access token, does not contain scopes:[phone:read:ai_call_summary:master]

Although for me, the phone:read:ai_call_summary:master doesn’t exist in Zoom’s App Marketplace.

Instead, it is listed as phone:read:ai_call_summary:admin (i.e. admin instead of master).

EDIT 12th May 2025: Master scope does exist, but produces the same result.

finding-admin-instead-of-master
finding-admin-instead-of-master705×315 26.6 KB

all-scopes
all-scopes775×523 49.7 KB

3

Hi @tamn and @JakeJ
Thanks for reaching out!
Can you please try using the Get User AI call summary detail endpoint found here:

It looks like you are using the master account endpoint and if you do not have a master account license, then this is expected.

So your request URL should look something like this:

GET
/phone/user/{userId}/ai_call_summary/{aiCallSummaryId}
1 Like
4

Hi @elisa.zoom , I’ve tried using the request URL as suggested, however on the S2SOAuth it still gives me an Error 403 Forbidden, when I should have account level access to all.

{
    "code": 403,
    "message": "You do not have permission"
}
5

Hi @elisa.zoom ,

I also am getting the same Error 403 Forbidden that @kslowpes mentioned.

1 Like
6

Can you elaborate on what you mean by a “master account license”, and how it can be obtained?

I currently hold access to the admin account where our employee accounts fall under:

Screenshot 2025-05-02 at 8.39.46 am
Screenshot 2025-05-02 at 8.39.46 am2846×1638 411 KB

i.e. I can manage everything in the organisation. I had thought this would be considered the “master” account.

Our goal ultimately is the ability to pull meeting summaries for a given Call ID for everyone in the organisation through S2S Oauth through the organisation’s admin account.

Anyhow, using the user API endpoint

GET
/phone/user/{userId}/ai_call_summary/{aiCallSummaryId}

instead of account endpoint results in this error when passing /me for the {userId}:

 {
  "code": 124,
  "message": "You do not have permission.",
  "status": 401,
  "statusText": "Unauthorized"
}

and the following when passing a valid user id:

{
  "code": 403,
  "message": "You do not have permission.",
  "status": 403,
  "statusText": "Forbidden"
}

Ideally, we would prefer a way to not require the userId to be obtained - I believe the aiCallSummaryId would be sufficient given that my admin account should have access to all user accounts managed by it.

1 Like
7

We have the 1:1 same setup and goal as you do. Will be interesting how and if this can be solved.

We want to scrape the AI Summary ID with WebHook, then a GetRequest for the Summary itself and reveal the Call ID to get the phone number, which should be searched in our CRM to transmit the summary there.

Yet the issue we face is the authentication with OAuth at the start …

8

@tamn this is the master-subaccount guidance: Master Account APIs

Nonethless, since you’re able to access the call summary with the correct scopes with general OAuth app as you showed here, I believe there may be a granular scopes issue specific to S2S.

@elisa.zoom , did you open a ticket for this already or should I?

2 Likes
10

@kslowpes @JakeJ can you confirm if you have a master account set up? If not, can you please query again with the admin scope like @tamn shared with their example?

Want to confirm if I need to also ping engineering about there being an issue with the master scope as well.

Additionally, can you all please share your zm-tracking-id from the response header of the requests where you’ve received the error?

11

Hi @gianni.zoom I am trying with the admin scope from the beginning. I do not have a master account set up as our company has no need for subaccounts.

Here is the zm-tracking-id from an attempt a minute ago “WEB_36d691f6aa445eeebad5af74eaf74643”

12

@gianni.zoom @elisa.zoom Hey, were you guys able to find something out about this?

13

Hello,

Wanted to update on the scopes (doesn’t affect/solve existing issue) - I got confused between :admin and :master because I couldn’t see the :master scope in marketplace.

Turns out what happened was we had another user set as “owner”, and our shared team account was only an admin. However, being an admin with the :admin scope was sufficient for all other API endpoints when querying information regarding sub-accounts.

That said, even with the :master scope assigned and generating a fresh new token

zoom-marketplace-scopes
zoom-marketplace-scopes789×537 53.5 KB

the issue persists:

zoom-api-error-master-scopes
zoom-api-error-master-scopes2228×403 43.6 KB

14

Hi @tamn @kslowpes @krautpotato I am checking to see why it woulds with General OAuth but not S2S. If this is expected, awaiting justification (ZSEE-167355).

Additionally @tamn @krautpotato can you please respond with the latest:

15

Hey @gianni.zoom,

Here is the latest tracking ID from my response headers:

    'x-zm-trackingid' => {
      name: 'x-zm-trackingid',
      value: 'WEB_f071c1fe6c3b52a50c3bdeba0e966ccc'
    },

I am checking to see why it woulds with General OAuth but not S2S

Just re-reading one of your previous messages - sorry, I haven’t confirmed that it worked with general Oauth .
My response in the other thread was only pointing out what the intended usage is based on Zoom’s documentation, as I’ve spoken to people who are unsure of how to retrieve the ai_call_summary_id (not yet documented in the /phone/call_history_detail endpoint), whilst also noting a caveat of S2S not working. I haven’t confirmed that general Oauth works.

1 Like
16

I am experiencing the same issue:

{“code”:403,“message”:“You do not have permission.”}

I’ve followed steps to get the S2S OAuth and scopes for admin/master and still get this for every call to /phone/user/{userId}/ai_call_summary/{aiCallSummaryId}

One example of this is

x-zm-trackingid: WEB_9c510d4589cd5b68ae86e2f120529898

2 Likes
17

For what it’s worth, I’m able to access the AI call summary for my own account, but I’m still unable to access for any other users. @gianni.zoom is this issue being worked on by the devs? Thank you.

1 Like
18

Hey all, I just followed up with the service engineering team. Confirmed we can reproduce.

1 Like
19

@gianni.zoom - I implemented General OAuth and still no difference - it does not work with General OAuth or S2S for me. I don’t think anyone has stated that it works with General OAuth. I just went back through this, and the referenced, forum topics again. Hopefully this helps prioritize a fix?

1 Like
20

Hi @joeyharrington , can you please share the zm-trackind-id and response you got with general app?

21

zm-tracking-id: WEB_73c83c045cdab07181eece1b53e4ddaf

same response:
{“code”:403,“message”:“You do not have permission.”}

@gianni.zoom