Cannot initialize Zoom SDK error code=3 internal errorcode 124

Device is connected to the internet via VPN: Cannot initialize Zoom SDK

Which version?

Device is connected to the network via VPN.
Initialize Zoom SDK using JWT token.
Getting Zoom Error code =3 that means network unavailable.
Internal error code = 124. There is no documentation for this error.

The device is clearly connected to the network. Why am I getting this error?

If applicable, add screenshots to help explain your problem.

Smartphone (please complete the following information):

  • Device: Pixel 3a
  • OS: 10


I work on the same team as ssaxena1 and am trying to help her with this issue. I suspect our server-side code to generate the JWT is wrong, but I don’t know why. Do you see something wrong with it? (We’re using Ruby on Rails.)

key = Rails.application.config.virtual_visits.zoom_sdk["key"]
secret = Rails.application.config.virtual_visits.zoom_sdk["secret"]

payload = {
  appKey: key,
  iat: ( * 1000).round(0),
  exp: (( + 24.hours).to_f * 1000).round(0),
  tokenExp: (( + 1.hour).to_f * 1000).round(0),
header = { typ: "JWT", alg: "HS256" }

message = [Base64.strict_encode64(header.to_json), Base64.strict_encode64(payload.to_json)].join(".")
signature = OpenSSL::HMAC.digest("SHA256", secret, message)

JWT.encode(payload, signature, "HS256", header)

I used as a reference.

Hi ssaxena and abiyan

Please make sure that you are using SDK key/secret to generate the “SDK_JWTTOKEN” and also to make sure “appKey” (SDK key), “iat” (date of issue). “exp” (date of expire) and “tokenExp” (token expire time). (basically “exp” and “tokenExp” should be the same) are all confirmed.
You can test these and generate at “” to compare as well.


  "alg": "HS256",
  "typ": "JWT"
  "appKey": "<YOUR SDK KEY>",
  "iat": 1592881200,
  "exp": 1592888400,
  "tokenExp": 1592888400 
  base64UrlEncode(header) + "." +

Another alternative way for testing purpose will be to use SDK key/secret without jwtToken.
For Example, define “SDK_KEY” and “SDK_SECRET”. (e.g. on or and manually comment “initParams.jwtToken” and add these keys. (e.g. or

 initParams.appKey = SDK_KEY;
 initParams.appSecret = SDK_SECRET;

Thanks for the response @yosuke.sawamura. Unfortunately we still can’t initialize the SDK.

  1. I made sure we’re using the SDK key and secret to generate the JWT
  2. I verified the header and payload fields match your comment and the documentation
  3. I verified the JWT I’m generating through, including verifying the signature

I also tried:

  1. changing the “exp” and “tokenExp” to be the same value (24 hours in the future), formatted the way you pasted
  2. changing the “iat”, “exp”, and “tokenExp” to be formatted in epoch time with milliseconds

None of the above helped.

We also tried using the SDK Key and Secret directly in the app and were able to initialize the Android SDK successfully. The JWT initialization, however, still isn’t working.

We also tried our JWT in the demo Android app, but it still doesn’t work.

Do you have any other suggestions? Or do you know of a working Ruby implementation for generating JWTs for the SDK?

Hi abiyani

It seems you have the time stamp in milli-seconds when we prefer seconds.
Also it might be more simple using libs form if you’re not using it.
Here is what I can provide that you might refer for further comparison…
Since your team have reported the same question over to I’ve tested your SDK ket/secret to verify init using the token generated with this.


require 'jwt'

sdk_key = '<YOUR SDK KEY>'
sdk_secret ='<YOUR SDK SECRET>' 

i = (
e = (( + 10*60*60).to_f).round(0)
t = (( + 10*60*60).to_f).round(0)

header = {
"alg": "HS256",
"typ": "JWT"

payload = {
"appKey": sdk_key, 
"iat": i,
"exp": e, 
"tokenExp": t

########### ENCODE
token = JWT.encode payload, sdk_secret, 'HS256' , header
puts token

########### DECODE
#decoded_token = JWT.decode token, sdk_secret, true, { algorithm: 'HS256' }
#puts decoded_token

Hi @yosuke.sawamura,

Thanks for providing that code, we were able to resolve our issue with it!

Good to know that the timestamp should be in seconds; it would be helpful to update the documentation with that. And it’s also worth noting that milliseconds is required for signature generation for the Web SDK (, which makes it inconsistent with the timestamp format for JWT generation for mobile SDKs.

It turns out the main issue I had was around this part of the docs:

Based on your sample code, it looks like ^ isn’t needed?

Thanks again for your help!

Hi abiyani,

Glad to hear you had it working.

Please understand that WebSDK signature has different purpose and requirement and not the same with SDK_JWTTOKEN, this is for initialization.
The HMACSHA256 signature is to define how to encode values, so in my sample its already defined.