Cannot obtain the Access Token

I develop a client-side (browser, html/js) web application, which needs to use the ZoomAPI (users, contacts, meetings, etc.). I defined the oAuth private account-level application in the Marketplace. The redirection URL is defined with Ngrok. I successfully pass the Zoom Login and redirected back to my app with the authorization code value as a query string parameter. Anyway, when I’m trying to request access token, I receive various errors, usually 400.

I tried to simulate same call with Postman and it just works! NOTE: The regular oAuth recipe (not PKCE) doesn’t work absolutely both from my code and from Postman as well!

Please pay attention, that what I need:

  1. The really working example for client-side oAuth-PKCE flow.
  2. Documentation explaining, how to use Zoom API from browser web client-side application, how to pass the auth (1-2-3-…).

Please do not point me to existing documentation and GitHub hosted samples! I have read it already.

Thank you in advance!


Is it possible to share the code you use, while hiding the sensitive information?


I’ll try to send the code. What do you prefer? Archive? Text? Github? Anyway, I would be appreciated to look the real working example.

You can just post the relevant parts here. What programming language has been used, please?


Can you say me, please, is it possible to authenticate the client-side web app without a server? That’s the question.

We have read only access to the certain organizational REST service. The app will be hosted from a CDN. It will be static HTML/JS app powered with Angular or Aurelia framework. The app will embed Zoom Contact Book and should provide the user with ability to invite a member of Zoom Account into on-going meeting directly, without to send an invitation.

Just to check if I understood you well: you would like to have a web app where:

Different users use the zoom features
No server authentication is involved

I remember seeing some docs which were purely web only, with embedded code. I don’t know if this can meet your needs. Do have a look

Yes, I’m talking about the web application, which don’t need to be authenticated on server side, only on client. I need list all users belongs to my account, e.g. I need to be able to call from my web client directly. OK? The problem is in Zoom oAuth flow. I can pass “authorize” step and obtain a code, but, when I call to /token endpoint, I receive 400 error (bad request):

const authorization = Basic ${getBase64Token()};
const myHeaders = new Headers();
myHeaders.append(“Authorization”, authorization);
myHeaders.append(“Content-Type”, “application/x-www-form-urlencoded”);

fetch(this.config.token_endpoint, {
method: ‘POST’,
body: new URLSearchParams(
grant_type: ‘authorization_code’,
code: q.code,
client_id: this.config.client_id,
redirect_uri: this.config.redirect_uri,
code_verifier: this.getCodeVerifier(),
headers: myHeaders,
mode: ‘no-cors’
}).then((response) => response.json());

I am not very familiar with typescript & cannot help you in much detail. I guess getBase64Token() is the issue? What does it return? What does this function do? I guess it is a function similar to a javascript function?

:man_facepalming: :hushed: :scream_cat: :face_with_open_eyes_and_hand_over_mouth: :rage:

Are you bot or human? Can I talk with human please??? It’s impossible! I can’t waste my time, hour by hour, in that chat and don’t receive an answer.

This topic was automatically closed 368 days after the last reply. New replies are no longer allowed.