Code 124 (Invalid access token) received for JWT API calls

Description
When using either dynamically created JWT tokens, or even hard-copying the one provided from the App Marketplace for my app, my API requests always fail due to an ‘invalid access token’.

Error
The response from the API is: { code: 124, message: “Invalid access token.” }

Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT Credentials, Account-level app

Which Endpoint/s?
I am currently working on the Meetings endpoint, specifically trying to create a meeting.

How To Reproduce (If applicable)

Request URL:
https://eu01api-www4local.zoom.us/v2/users/me/meetings

Headers:

CURLOPT_HTTPHEADER => [
            "authorization: Bearer " . $this->generate_JWT(),
            "content-type: application/json"
]

where…

private function generate_JWT()
{
    $payload = [
        "iss" => self::ZOOM_API_SECRET,
        "exp" => time() + $this->timeout,
    ];
    return JWT::encode($payload, self::ZOOM_API_KEY,  'HS256');
}

using Firebase\JWT\JWT class per jwt.io reference

Am trying to connect from a project I am writing on localhost (so ‘CURLOPT_SSL_VERIFYPEER => false’). Any help you could give is appreciated.

Hey @eamonn

Thanks for posting on the Zoom Devforum! I am still learning, but I will try my best to help answer your question. :slightly_smiling_face:

Checkout this related thread that may have the answer you are looking for:

If this thread did not help, please let us know by replying back here and someone from the Developer Relations team will get back to you shortly.

Thanks,
DeveloperBot

This solution is not suited to my query.

Is this the correct forum for my query - I can post it elsewhere if needs be…

Hey @eamonn,

Thank you for reaching out to the Zoom Developer Forum. I just have a couple of questions to get us started. Does the token work if you replace me with the User ID? Do the tokens work for account-level APIs such as the dashboard? I’m thinking the issue here is that JWT tokens are account-level but the me route is specific to a user.

I hope that helps! Let me know if you have any questions.

Thanks,
Max

Hi Max,
Thanks for your suggestions. I have tried using the user email instead of me in the URL. I have also tried basic GET requests for listing users and for listing existing meetings; neither to any avail. My assumption at this point is there is some scope issue with the JWT app?

Hey @eamonn,

Thank you for reaching out to the Zoom Developer Forum. After looking at this a bit closer, I’m thinking this may be related to the URL that you’re using. Please try using the URL listed in the documentation to see if that resolves your issues: https://api.zoom.us/v2/

I hope that helps!

Thanks,
Max

Hi Max.
That worked. That’s actually pretty frustrating - the API documentation states:
To support GDPR requirements of EU customers, you may use https://eu01api-www4local.zoom.us as the base URL for all API requests associated with EU accounts.
We’re registering with .ie accounts and domains, and there is nothing in Account Settings or Profile to suggest that we are not an EU customer, or how to become one if not. I would suggest that a little more clarity on this in the documentation would have saved me a lot of bother, and may do likewise for others in the future.

Nonetheless, thanks for you help - well spotted!

Hey @eamonn,

Sorry for the frustration here. Can you point to us where the documentation says that so we can clear up any confusion?

Thanks,
Tommy

Hi @tommy,

API docs, page 1, paragraph 3:

Also, upon reflection, the returned error ‘invalid access token’ does not accurately describe the issue either, but I can understand how that’s a circular problem to solve.

Hey @eamonn,

Thank you for pointing out where that is documented. From here I can have our documentation team address that or have our engineering team determine why that isn’t working. First, I want to confirm if you are able to use that API base URL if you remove the /v2 route from the URL?

Thanks,
Max

Hi Max,

When sending to:

Hey @eamonn,

Thank you for testing that! I’ve since reached out to our engineering team to confirm how the EU base URL should be used and how our documentation should be updated. I’ll keep you posted with any new developments. (ZOOM-232544)

Thanks,
Max

Hey @eamonn,

Thank you for your patience. I sent you a DM requesting the account owner email as our internal team indicated this could be caused by your account not being located in our EU Cluster. With the Account Owner email or even an email of a user on that account, I can check if this is the case.

Thanks,
Max