API User creation reports missing scopes in token

Hi all,

After two days trying to understand what could be wrong and not finding similar topic here, I hope some fresh eyes could help on this one. May be I’m missing something obvious.

The goal I’m pursuing is creating users in our account via integrations.
We are on a Pro-Plan.

Steps I’ve followed:
1- With the Owner account I’ve created an Account-Level app
2- Added the Scopes that make sense for creating a user and for the rest of our context
3- Integration performs two steps:
a) API call to obtain an access token > OK
b) API call to create the user > NOK

a) Is successful and returns token consistent with Scopes selected in the App
Call used:
/zoom.us/oauth/token
with grant_type = account_credentials (provided in the header)

Response:
“access_token”: TOKEN,
“token_type”: “bearer”,
“expires_in”: 3600,
“scope”: “user:read:list_users:admin user:write:user:admin user:read:user:admin user:update:user:admin user:delete:user:admin user:update:status:admin user:update:password:admin user:read:list_assistants:admin user:write:assistant:admin user:delete:assistant:admin user:write:profile_picture:admin user:read:token:admin user:read:zak:admin user:delete:token:admin user:read:list_permissions:admin user:read:list_schedulers:admin user:delete:scheduler:admin user:update:email:admin user:read:email:admin user:read:pm_room:admin user:update:presence_status:admin user:read:settings:admin user:update:settings:admin user:write:virtual_background_files:admin user:delete:virtual_background_files:admin user:read:summary:admin user:write:feature:admin user:read:list_collaboration_devices:admin user:read:collaboration_device:admin user:update:user_account:admin user:read:presence_status:admin user:read:personal_note:admin”

b) Fails due to missing Scopes?
Call used:
/api.zoom.us/v2/users?action=create&email=testeng@test.com&first_name=Test&last_name=Eng&type=1
Error returned:
{“code”:4711,“message”:“Invalid access token, does not contain scopes:[user:write:admin, user:write].”}

According to the error user:write:admin and user:write are missing, but
I’ve found no “user:write:admin” and “user:write” alone when filtering Scopes to add to my app .
And this documentation (/developers.zoom.us/docs/integrations/oauth-scopes-granular/) don’t list these scope neither.

Thanks for any idea

Just read the change from classic to granular scopes in documentation and posts.
Being my first attempt with Zoom API I wasn’t aware of that change.

I’m confused now where to go between documentation and scopes the app created being a new one using granular scopes (i.e. not a legacy app).
Even more confused by error messages that seem to speak “classic scope language” .

Any pointers much appreciated.

Ok, I think that reading posts in several directions led me to understand that -additionally to the scope change- the message error is not consistent with what is happening.
Using postman workspace allowed me to make some successful tests not triggering the error.

Thank you @stephane for you help

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.