Can't I set refresh token in URL query parameters?

API Endpoint(s) and/or Zoom API Event(s)
Link the API endpoint(s) and/orZoom API Event(s) you’re working with to help give context.

this is my api call

  • api endpoint: /oauth/token?grant_type=refresh_token&refresh_token=${refreshToken}`
  • method: POST
  • header: ‘Authorization’: ‘Basic ${base64 encoded from zoom app client id & client secret }’

Details on your question, workflow or the problem you’re trying to solve.
I review my codes of zoom api call, because I got email about Zoom API Security Update. It says;

As a part of our continuing efforts to improve the security of Zoom OAuth App Types using Authorization flow, we are removing the ability to set the access tokens, refresh tokens and revoke tokens in the URL query parameters.

but this article says;

What happens if I fail to update my code?
Beginning February 14, 2023, any API request that is sent with the access token in the URL query parameters will fail.

My api call has refresh token in query parameters. Must I update api call? and if yes, how to update?

Hi @kanata.koyama
Yes, you will need to update your call. This change will take effect on access_tokens, refresh_tokens and revoke_tokens.

Here is a link to our Docs that has examples on how to change this workflow:

Hope this helps,

1 Like

hi @elisa.zoom
thank you for reply! i tried our new api call with reference to this but finally got an unsupported_grant_type error… (same error as this)
Here is our api call :point_down:


# Header
Authorization: Basic ${base64 encoded from zoom app client id & client secret }
Content-Type: application/x-www-form-urlencoded

# Request body
refresh_token: ${refreshToken}
grant_type: refresh_token

How can we fix it? or isn’t the new api call available yet?

ah sorry, Our api call for application/x-www-form-urlencoded was wrong formatted…
We fixed it! thanks!

1 Like

Good news! @kanata.koyama