{"code":124,"message":"Invalid access token."} - Android/Java


We are having some issues accessing the https://api.zoom.us/v2/users API. We are getting {“code”:124,“message”:“Invalid access token.”}. 


This is the code snippet I have used in generating a key: 



                JSONObject header = new JSONObject();

                header.put(“alg”, “HS256”);

                header.put(“typ”, “JWT”);


                JSONObject claim = new JSONObject();

                claim.put(“exp”, System.currentTimeMillis() + 86400000);

                claim.put(“iss”, Keys.API_KEY);


                compactJws = Jwts.builder()




                        .signWith(SignatureAlgorithm.HS256, Keys.API_SECRET.getBytes())



Hi Ben,

This error indicates there is something wrong with your token generation. Not sure the language or library you are using, but start there.


We are using android/java


Are you using one of the libraries on https://jwt.io/#libraries ?


Yes we are using only libraries that you listed there. 


We are using this library: jjwt - Java JWT: JSON Web Token for Java and Android


This is how the token is passed 

httpPost.addHeader(“Content-Type”, “application/x-www-form-urlencoded”);
httpPost.addHeader(“Authorization: Bearer”, “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMzAwODE5MzgwIiwiaXNzIjoiZUJjaFBUaElSOHEwMzBEdXR2REc5ZyJ9.G0HR9Psa6GTlItQHgt_JgDqHIQaAsrH3HFNZ_evA8Go”);
httpPost.addHeader(“Content-Language”, “en-US”);


There’s the issue

The key is “Authorization”, the value is “Bearer <token>”


httpPost.addHeader(“Authorization”, “Bearer <token>”);


Also, depending on the endpoint, if it requires body arguments you should be using

httpPost.addHeader(“Content-Type”, “application/json”);

The data should be sent in the body as a json string/object (I believe only changing a user’s profile pic api is different, and that would be form data, not form url encoded)


httpPost.addHeader(“Content-Language”, “en-US”); shouldn’t be necessary 


Hi Josh,

That did not seem to work, here is the entire thing: 


protected String doInBackground(String… params) {
HttpClient httpClient = new DefaultHttpClient();
HttpPost httpPost = new HttpPost(“https://api.zoom.us/v2/users”);
List<NameValuePair> nameValuePair = new ArrayList<NameValuePair>(1);
nameValuePair.add(new BasicNameValuePair(“api_key”, Keys.API_KEY));
nameValuePair.add(new BasicNameValuePair(“api_secret”, Keys.API_SECRET));
//nameValuePair.add(new BasicNameValuePair(“Authorization: Bearer”, compactJws));
nameValuePair.add(new BasicNameValuePair(“action”, “create”));
nameValuePair.add(new BasicNameValuePair(“user_info.email”, “albert.charles@medrishealth.com”));
nameValuePair.add(new BasicNameValuePair(“user_info.type”, “3”));
nameValuePair.add(new BasicNameValuePair(“user_info.first_name”, “Albert”));
nameValuePair.add(new BasicNameValuePair(“user_info.last_name”, “Charles”));
nameValuePair.add(new BasicNameValuePair(“user_info.password”, “Test123”));

try {
httpPost.setEntity(new UrlEncodedFormEntity(nameValuePair));
httpPost.addHeader(“Content-Type”, “application/x-www-form-urlencoded”);
//httpPost.addHeader(“Content-Type”, “application/json”);
httpPost.addHeader(“Authorization”, “Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMzAwODE5MzgwIiwiaXNzIjoiZUJjaFBUaElSOHEwMzBEdXR2REc5ZyJ9.G0HR9Psa6GTlItQHgt_JgDqHIQaAsrH3HFNZ_evA8Go”);
//httpPost.addHeader(“Content-Language”, “en-US”);
HttpResponse httpResponse = httpClient.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
String jsonStr = EntityUtils.toString(httpEntity);

if (jsonStr != null) {
strServerStatus = “Success”;
} else {
strServerStatus = “Error”;
} catch (UnsupportedEncodingException e) {
strServerStatus = “UnsupportedEncodingException”;
} catch (IOException e) {
strServerStatus = “IOException”;
return strServerStatus;


I’m not a Java expert, however there seems to be a red flag to me with httpPost.setEntity(new UrlEncodedFormEntity(nameValuePair)); as mentioned before it should be a JSON, not a url encoded form.

In the end you should be passing something like { “action”: “string”, “user_info”: { “email”: “string”, “type”: “integer”, “first_name”: “string”, “last_name”: “string” } } in the body of the request


take a look at https://stackoverflow.com/questions/43690673/send-json-as-post Your code would look something like


JsonObject payload = new JsonObject();
JsonObject user_info = new JsonObject();

payload.addProperty(“action”, “create”);

user_info.addProperty(“type”, 3); //integer data type
user_info.addProperty(“first_name”, “Albert”);
user_info.addProperty(“last_name”, “Charles”);
//password is only used if action is autocreate

payload.addProperty(“user_info”, user_info); //not sure if this is really allowed, however user_info an object


RequestBody requestBody = RequestBody.create(jsonMediaType, new Gson().toJson(payload));

OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
.addHeader(“content-type”, “application/json”)

Response response = client.newCall(request).execute();

// this is the response of the post request
String res = response.body().string();

// you can get the response as json like this
JsonObject responseJson = new Gson().fromJson(res, JsonObject.class);


Be sure to include the authorization header too

Request request = new Request.Builder()
.addHeader(“content-type”, “application/json”)
.addHeader(“Authorization”, “Bearer <token>”)


This statement is throwing an exception:


payload.addProperty(“user_info”, user_info.getAsString());


What’s the exception?

Did you try just payload.addProperty(“user_info”, user_info);