Android InstantSDK-1.0.0 sample, toast appear with text: "Session Error:7" when try to create or join in a room

we downloaded the InstantSDK Android sample successfully. There, in JWTUtil we put our apikey and the secretkey that we copied from zoom developer web page. When we tried to create or join a session, we got a toast with message: Session error: 7 (see the attached image). What does this mean? Can you help us to make this sample work?

Which version? (the sample app inside)


Smartphone (please complete the following information):

  • All devices (Samsung tablet, Huawei Mate 20 Pro (with playstore), emulators…

Hi @blagojco

Thanks for you post.

The error code is define in Session error: 7 is param Errors_Invalid_Parameter than means you topic or you token is invalid.

Please check you token payload. The topic must same with the ‘tpc’ field.

The payload format :
“app_key”: LITE_SDK_KEY,
“version”: 1,
“iat”: now_in_sec+1000,
“exp”: now_in_sec+(22460*60),


Hi Fred,

thank you for the answer, but it didn’t help. As I mentioned before, I’m using JWTUtil class from your demo. That class doesn’t have the “tpc” field in the payload. I added and tried again, but no success, the same error appear. Here is the whole class that generate token (I added just the TPC field)

public class JWTUtil {

final static String TAG = JWTUtil.class.getSimpleName();

final static long EXPIRED_TIME = 3600 * 4;

private static final String apiKey = "";

private static final String apiSecret = "";
//for sdk user to bind zoom id with app userId.
public static String customIdentity = "test_" + Build.MODEL;

public static String createJWTAccessToken() {

    int version = BuildConfig.VERSION_CODE;
    long iat = System.currentTimeMillis() / 1000;
    long exp = iat + EXPIRED_TIME;

    if (TextUtils.isEmpty(apiKey) || TextUtils.isEmpty(apiSecret)) {
        return "";

    JSONObject headerObject = new JSONObject();
    JSONObject payLoadObject = new JSONObject();
    try {
        payLoadObject.put("app_key", apiKey);
        payLoadObject.put("version", version);
        payLoadObject.put("iat", iat);
        payLoadObject.put("exp", exp);
        payLoadObject.put("user_identity", customIdentity);
        payLoadObject.put("tpc", customIdentity + "_topic");
    } catch (Exception e) {
        Log.e(TAG, e.toString());

    try {
        headerObject.put("alg", "HS256");
        payLoadObject.put("typ", "JWT");
    } catch (Exception e) {
        Log.e(TAG, e.toString());

    String payload = payLoadObject.toString();
    String header = headerObject.toString();

    try {
        String headerBase64Str = Base64.encodeToString(header.getBytes("utf-8"), Base64.NO_WRAP | Base64.NO_PADDING | Base64.URL_SAFE);
        String payloadBase64Str = Base64.encodeToString(payload.getBytes("utf-8"), Base64.NO_WRAP | Base64.NO_PADDING | Base64.URL_SAFE);
        final Mac mac = Mac.getInstance("HmacSHA256");
        SecretKeySpec secretKeySpec = new SecretKeySpec(apiSecret.getBytes(), "HmacSHA256");

        byte[] digest = mac.doFinal((headerBase64Str + "." + payloadBase64Str).getBytes());

        String token = headerBase64Str + "." + payloadBase64Str + "." + Base64.encodeToString(digest, Base64.NO_WRAP | Base64.NO_PADDING | Base64.URL_SAFE);

        Log.d(JWTUtil.class.getName(), "createJWTAccessToken:" + token);

        return token;
    } catch (NoSuchAlgorithmException e) {
    } catch (UnsupportedEncodingException e) {
    } catch (InvalidKeyException e) {
    return null;

I’m sending the class without aoyKey and Secret, which I have entered in the project. I get both apiKey and Secret from

Are this correct key and secret? Or we need to use something else?

we use “” as domain, when we initialize the SDK.

Note that we create this application on zoom before we got access to InstantSDK demo. Initially we had access to the older version of the ZoomSDK. Can it make problem? Do we use wrong apiKey and secret or you need to enable something else for this application/account? If you want I can share our credentials on email.

Hi @blagojco

The input Session Name must same with the “tpc” field value. one token bind one sessionName


Thank you Fred, is working now.