Hello,
We want to delete a location using the REST API, we get:
{
“code”: 4711,
“message”: “Invalid access token, does not contain scopes:[ ].”
}
Can you help us please ?
Hi @thomas.leguen you seem to have the correct scopes based on the documentation, can you please tell me if you have the same result if you generate a new access token?
Please also confirm if you are an admin with the permissions assigned to access this endpoint.
Hello @gianni.zoom , yes we do regenerate new tokens and we also are admins.
@thomas.leguen Can you please share the zm-tracking-id from the response header of the error? Please share from the most recent example within the last 5 days.
@gianni.zoom I’m experiencing the same problem: I am attempting to delete a room location but I am getting the same error message mentioned by @thomas.leguen:
REQUEST:
DELETE https://api.zoom.us/v2/rooms/locations/FnsQXeE3Q3Og9kiz-i9NQQ
RESPONSE:
HTTP/1.1 400 Bad Request
{"code":4711,"message":"Invalid access token, does not contain scopes:[]."}
I checked my OAuth app and I confirm that it has the granular scope zoom_rooms:write:location:admin.
Here is the zm-trackingid of 4 different requests where I experienced this problem:
x-zm-trackingid: v=2.0;clid=us06;rid=WEB_9dc094a8d5896b9d920eb14c1d3aef33
x-zm-trackingid: v=2.0;clid=us06;rid=WEB_44519febd1b95a10f54a1f7825e79660
x-zm-trackingid: v=2.0;clid=us06;rid=WEB_9f1bb60bd9cd29b542bb8bd748f7081c
x-zm-trackingid: v=2.0;clid=us06;rid=WEB_13e0b7a1c77f235bab58c936c0efc73a
Hi @desautelsj , can you please verify the following?
Prerequisites:
- Account owner or admin permissions for Zoom Rooms
- Zoom Rooms Version 4.0 or higher
I am indeed the account owner but, correct me if I’m wrong, what’s more relevant is that my S2S OAuth app has the required granular scope.
Can you tell me how I check the Zoom Room version number? To be crystal clear: I am invoking the API endpoint, I am not using a SDK.
Hi @desautelsj ,
Scopes and account permissions are both important for access. If you have all prereqs met, please try to re-auth, generate a new token with the scope in place and query the endpoint again.
I totally understand, however that is the requirement listed to use this API. I will follow up with a colleague who has full testing configurations to verify if this is the case or we need to update our docs: Rooms APIs
Here’s how to check the version:
@gianni.zoom You ask for the “Zoom Room version” but the link you provided explains how to get the version of the Zoom software. Are these two things the same?
In any case, here’s the version of the software installed on my machine:
I am a little confused why the version of a software installed on my machine would play a role in a weird behavior from the Zoom API though.
At the risk of repeating myself: I want to make it abundantly clear that I am writing code to invoke API endpoints. I am not using a Zoom SDK, I am not using functionality in the Zoom software either. That’s why I am surprised that a given version of a software would make a difference.
By the way, were the zm-trackingid I previously provided helpful?
Hi @desautelsj , apologies, I meant to send this link: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0060443
Is the machine you’re referring to a Zoom Room? A Zoom Room can have a different version than another device such as your laptop. I understand you’re not using an SDK. We cycle through the requirements to help diagnose API behavior. Unfortunately, sometimes our error codes could be better so the issue is not always logical/clear so I am ruling everything out.
Did you do the following?
I followed instructions to look at the rooms on my account and there are none:
No. I’m referring to my laptop. I am writing code that I execute from my laptop; this code sends HTTP requests to the Zoom API endpoints such as what I disclosed earlier:
DELETE https://api.zoom.us/v2/rooms/locations/FnsQXeE3Q3Og9kiz-i9NQQ
and I receive the following answer from the Zoom API:
HTTP/1.1 400 Bad Request
{"code":4711,"message":"Invalid access token, does not contain scopes:[]."}
And please note that this is the exact same message that @thomas.leguen received when he sent a similar DELETE http requests to the same endpoint.
Yes I have. In fact my OAuth token expires every 60 minutes and it has been renewed several times.
I appreciate the methodical approach to eliminate possible root causes, I just don’t want us to spend time on a wild goose chase. I want to make sure it’s quite clear that I am sending HTTP requests to the API without the involvement of any other software or SDK and therefore the version of any such SDK/software should not matter.
Questions:
- Have you been able to reproduce? Both @thomas.leguen and I have provided the actual HTTP request and you should be able to use a tool like
curlorpostmanto reproduce. - I provided a few
zm-trackingid. Did they allow you to dig a little deeper into this scenario?
By re-auth I mean re-installing the app locally and then generating a new token. It sounds like you are just getting a fresh token.
I hear you, however, sometimes things that a customer believes does not matter, do. The platform is not perfect and there has been weird behavior discovered over the years.
Nonetheless if you do not have a Zoom Room device, you have not met the requirements to use the endpoint. However, the error message is still not helpful.
This is an interesting theory! I am allowed to create and update room locations despite the fact I do not have a device but I am NOT allowed to delete a location unless I have a device. Let me go write a test to validate this theory. I’ll be right back…
I created a Zoom room with the following request:
REQUEST:
POST https://api.zoom.us/v2/rooms
{"name":"ZoomNet Integration Testing: Room","type":"ZoomRoom"}
RESPONSE:
HTTP/1.1 201 Created
{"id":"TLd5jdjdSIys-XTFv0uIYQ","room_id":"i8yy53rfR26Kl2uStzDHqA","name":"ZoomNet Integration Testing: Room","type":"ZoomRoom","location_id":""}
I used the UI to confirm that a new room was created:
And finally I issued the HTTP request to delete a location with the same unfortunate result:
REQUEST:
DELETE https://api.zoom.us/v2/rooms/locations/FnsQXeE3Q3Og9kiz-i9NQQ
RESPONSE:
HTTP/1.1 400 Bad Request
{"code":4711,"message":"Invalid access token, does not contain scopes:[]."}
I think this test disproves your theory that the issue was caused by the fact that I didn’t have a room on my account.
@gianni.zoom By the way, you haven’t responded to my earlier questions:
- have you been able to reproduce this issue? I believe I have given you all the info you need to reproduce this scenario.
- Per you request, I have provided 4 tracking Ids. Were you able to find any new information about this situation using these tracking IDs?
I have deleted my S2S OAuth app and created a new one. Nothing changed, I still get {"code":4711,"message":"Invalid access token, does not contain scopes:[]."} when I try to delete a room location.
Hi @desautelsj ,
I cannot re-produce the behavior you’re experiencing and your tracking ids have not been checked. I want to clarify that while I appreciate you sending them, I did not request yours. The request was for the customer who initially opened this post. With you, I was cycling through a few other factors that we’ve learned could have yielded the unexpected response before processing the tracking ids.
Thank you for testing and sharing this as well.
Given you’ve been given a trial license, I am trying to rule any internal permission flags that could be impacting what you’re seeing. Thank you for your patience and I’ll get back to you soon.
Additionally, can you please confirm if you have the option to delete the location manually? https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0063345&_gl=1*1u6tofz*_gcl_aw*R0NMLjE3NDAwODg4MTkuQ2owS0NRaUF3dHU5QmhDOEFSSXNBSTlKSGFueHhiaTdjNENLQldzNDY5R01JMzl1bFkybnF1QktJYmk4Z25sbFVJYkI3VHFZb1pYeVNHRWFBdmE2RUFMd193Y0I.*_gcl_au*MTY2NTI5Nzg2Ni4xNzQxODA1ODA3*_ga*MjEzODU3MjQ0Ni4xNzEyMTc1Mzc3*_ga_L8TBF28DDX*MTc0NDY1MTA2My40NTkuMS4xNzQ0NjU0MzI3LjAuMC4w
Fair enough. You didn’t request mine but, presumably, you asked @thomas.leguen for his because you felt it would be helpful in your investigation. That’s why I proactively provided mine and I was hoping you would used the IDs I provided to accelerate the investigation.
Hi @desautelsj , thanks so much! As I shared before, with you, I was cycling through a few other factors that we’ve learned could have yielded the unexpected response before processing the tracking ids. Awaiting updates from service engineering about the tracking ids currently 
1 Like
Hi @desautelsj can you please send the new client id and latest tracking id? Since you deleted the original app, we cannot source. I’ll message you so you can share the client id privately.