Code 124 - Invalid Access Token with New Server-to-Server OAuth app

API Endpoint(s) and/or Zoom API Event(s)



Due to the retirement of JWT applications in September, we are attempting to migrate our existing JWT integration querying these endpoints to a Server-to-Server OAuth app. We set up the application with the following scopes: report:master and report:read:admin. This is a new application as of July 2023 that has never successfully been able to query these endpoints.

Querying the API https://zoom[.]us/oauth/token does generate the expected output listed in the documentation: an access token with the appropriate scopes. Querying either endpoint with this access token always fails with the message “Invalid access token”.


401 Unauthorized error with the following JSON response:

    "code": 124,
    "message": "Invalid access token."

How To Reproduce

PowerShell is below. I have also tried similar queries using curl and Postman and can share those setups but none have gotten past the 124 error. Note that the $AccountID, $ClientID, and $ClientSecret variables are defined above this code and set to the appropriate values.

function ConvertTo-Base64($plain) {
    # Converts $plain to a b64 string
    return [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes($plain))

# Format account credentials for request
$b64ClientID_ClientSecret = ConvertTo-Base64($ClientID + ":" + $ClientSecret)

# Prep for OAuth Token request
$oauthHeaders = @{ Host=''; Authorization="Basic $($b64ClientID_ClientSecret)" } 
$oauthURL = ""
$oauthBody = @{ grant_type='account_credentials'; account_id=$AccountID }

# Retrieve Access Token and Token Type from Zoom
# This returns a JSON object containing access_token, token_type, expires, and scope fields
$oauth = Invoke-WebRequest -Method POST -Uri $oauthURL -ContentType 'application/x-www-form-urlencoded' -Body $oauthBody -Headers $oauthHeaders

# Parse $oauth as a PowerShell object
$oauthDetails = $oauth | ConvertFrom-Json

# Prep Headers for API call
$headers = @{'Authorization'="$($oauthDetails.token_type) $($oauthDetails.access_token)"}
$url = "$($AccountID)/report/activities"

# Query /report/activities API
# This always returns the { "code": 124, "message": "Invalid access token." } response
$response = Invoke-WebRequest -Method Get -UseBasicParsing -Headers $headers -Uri $url

Does anyone have any ideas as to what could be causing this? I am still experiencing this issue.

Hi @algo
Thanks for reaching out to us and sorry for the late reply here!
Can you please confirm that you have a master account license enabled in your account?
If so, when you generate your token, do you get the scopes listed in the list of scopes ?

Hi @elisa.zoom!

Thank you for getting back to me on this. I can confirm both of those - please see the image below. I’ve redacted the access token itself, but this is the output I receive when completing the request in Postman.

Attempting to use the token from that output always results in the same error:

    "code": 124,
    "message": "Invalid access token."

Thanks for your quick reply here @algo
I will send you a private message to follow up with more details

For anyone else with the same problem: I was confusing two of Zoom’s APIs. In the Meeting API documentation, it lists a REST API section and a Master access API section. My app was configured to allow the REST API access but not the Master API access, but I was attempting to query the Master API endpoints.

Switching my app access to match the REST API requirements and querying the correct endpoints resolved this issue for me.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.