Code 124 - Invalid Access Token Error

API Endpoint(s) and/or Zoom API Event(s)
https://api.zoom.us/v2/users/me

Description
I am trying to create a Meeting SDK app. I have it as user-level, as I want to be able to get the ZAK token from said user via OAuth, in order to be able to have the user create a meeting from our webapp, as well as embed a Zoom Meeting inside our website. I am able to get the user’s access token and refresh token, but I am getting an error when trying to get user’s info.

Error?
{ code: 124, message: ‘Invalid access token.’ }

How To Reproduce
I am just currently working via testing on Postman. I am following directions, and ensuring I am making a GET request to the API endpoint listed above, also adding in the headers:

Authorization: Bearer <access_token>

Here is the function itself:

axios({
    method: "get",
    url: "https://api.zoom.us/v2/users/me",
    headers: {
      Authorization: `Bearer ${accessToken}`,
    },
  })

I have tried everything I could, but I keep getting the error. Not sure what else to do at this point!

Hi @rmjuarez12
thanks for reaching out to the Zoom Developer Forum.
Could you please confirm with me how are you generating the access token that you are passing down in your Get users call?

Hello @elisa.zoom,

Sorry for the late reply. So, in my flow, I have it like this:

  1. User signs into their account
  2. Once logged in, they will be able to go in and go to their Zoom settings
  3. Once on Zoom settings, they will be able to click an “Authorize” button, that will essentially be used to redirect a user to the OAuth flow
  4. When it comes back, we get the authorization code, which immediately will be used to get the access_token and refresh_token. At this point, we save that into our Database.

I think I might be doing a wrong step somewhere, because when I use postman, I am able to use the access token normally, but when I use the access token generated by my server, it gives me the error above. Here is the function I have to get the token:

router.post("/authorize/access", userAuth, (req, res) => {
  const { zoom_auth_code, zoom_comparative } = req.body;

  // Get user ID from auth token to compare vs zoom comparative id
  const user_id = req.payload.subject;

  if (user_id != zoom_comparative) {
    res.status(401).json({ message: "Comparative ID does not match" });

    return;
  }

  const APIURL = "https://zoom.us/oauth/token";

  axios({
    method: "post",
    url: APIURL,
    params: {
      code: zoom_auth_code,
      grant_type: "authorization_code",
      redirect_uri: "https://dashboard.bizzll.com/account/zoom-settings",
    },
    headers: {
      Authorization: `Basic <base64 client_id:client_secret>`,
      "Content-Type": "application/x-www-form-urlencoded",
    },
  })
    .then((response) => {
      console.log(response);

      ZoomModel.addZoomAccessCode(
        user_id,
        response.data.access_token,
        response.data.refresh_token
      )
        .then((response) => {
          res.status(201).json(response);
        })
        .catch((err) => {
          res
            .status(500)
            .json({ message: "Error adding access token", error: err });
        });
    })
    .catch((err) => {
      console.log(err.response);
      res
        .status(500)
        .json({ message: "Error getting access token", error: err });
    });
});

That function does give me a valid access token, but for some reason, I get the error:

{ code: 124, message: ‘Invalid access token.’ }

Again, if I use the OAuth flow via Postman, it works well, but if I use the access token used from my flow, it gives me the error above.

Just wanted to follow up on this. The reason I am getting the error is due to my own fault. I was using the client ID and client Secret from production, when I should be using the development one. I didn’t realize that the production is the one to use only when I get my app approved and on the marketplace. Now that I switched to using the development ones, everything is working as expected.

Hi @rmjuarez12
I am happy to hear that you were able to figure out this issue!
And yes, you should be using development credentials if your app is not published in the Marketplace :slight_smile:
Feel free to reach out back to us if you need anything else.
Best,
Elisa

Thank you so much, I really appreciate that!

1 Like