Code 200, No permission on Account & User Settings Request

Description
Sometimes on a request sent to https://api.zoom.us/v2/accounts/me/settings I am getting an unusual response that the user do not have permission to make this call.
EDIT: Also sometimes on requests sent to https://api.zoom.us/v2/users/{userId}/settings

Error
{“code”:200,“message”:“No permission.”}

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

I was wondering in what ways it would be possible for an account or user to receive this response from a request to these endpoints as I have been seeing it somewhat regularly and have no clue what’s causing this error.

Hey @jason.m42,

Thank you for reaching out to the Zoom Developer Forum. Just to confirm, you are using OAuth for these requests, correct?

Please provide an example of the request body that you’re using when making the /acocunts/me/settings request.

Thanks,
Max

Hi Max,
Yes we’re using OAuth for the requests. I’ve put an example of the data in the request below (with a shortened token).

{Method: GET, RequestUri: 'https://api.zoom.us/v2/accounts/me/settings', Version: 1.1, Content: <null>, Headers: { Authorization: Bearer eyJhbGci[...]St8g Accept: application/json }}

Hey @jason.m42,

Thank you for the update. It looks like the Get Settings Account API requires a paid account:

I hope that helps!

Thanks,
Max

Hi Max,
I’ve also gotten the error {"code":200,"message":"Only available for Paid account."} at this same endpoint from different users. Would a No Permission be the same error or is there a difference that causes a No Permission error versus Only available for Paid account?

Thanks,
Jason

Hey @jason.m42,

It’s possible that the error messaging changes depending on if you are using the /me route or if you are using the userId. If you’re able to share a request that returns the Only available for Paid account error I’ll provide more specifics.

Thanks,
Max

Hey @MaxM,
The requests where we get these errors are being constructed the exact same way, and are all being sent to the /me route. The only difference there should be is the account that is making the request. Receiving Only available for Paid account is pretty clear, but No Permission is confusing. It could be possible a sub-account is triggering the route that sends an accounts/me request though. Would that cause a No Permission response?

Hey @jason.m42,

Thank you for the update. Yes, if you’re calling this endpoint with credentials from a sub-account then you’ll encounter this issue. This is to prevent sub-accounts from making changes that affect the master account.

Let me know if you have any questions.

Thanks,
Max

Hey @MaxM,
Thanks for the response. One follow-up question, is there a request I can make to the API to determine if an account is a sub-account versus a master account?

Thanks

Hey @jason.m42,

Good question! There are a couple of different options when it comes to checking if an account is a master account or not.

  1. You can compare the account Id with what is found in the List Sub-Accounts API

  2. You can call the Get a Sub Account API and check for a 404 response to indicate that it is not a sub account

  3. As we’ve seen, you can check for a “No Permission” error to confirm if you are calling the API as a Sub-Account.

Let me know if that helps.

Thanks,
Max

Hi @MaxM,
That’s very helpful, thank you!

One additional followup question, occasionally we also get the same “No permission” responses on requests to https://api.zoom.us/v2/users/{userId}/settings where userId is a valid Zoom User Id. I’ve seen that permissions can be assigned for Users, so would the error in this case be that the User does not have permissions to view their own settings?

Thanks for all your help!

Hey @jason.m42,

Thank you for your question. Looking at your “rev-RLC” app, I’m not seeing a reason why this would happen. Is that the app you’re using when you see this issue? Are you able to provide a user ID that exhibits this error as well?

Thanks,
Max

Hi @MaxM,
Apologies for the confusion, the app on this account is just for local testing purposes. I’m investigating issues being seen for a different app that is already published on the marketplace, just not attached to this account.

I do have an example though; a request was made to https://api.zoom.us/v2/users/OidcEPa3RqSVQWrKf_iKFQ/settings and got back {\"code\":200,\"message\":\"No permission.\"}.

Thanks for all your help!

Hey @jason.m42,

Thank you for the update. As this is associated with a different account, please send an email to developersupport@zoom.us with a link to this thread, as well as the account owner ID and app name involved. I’ll investigate this from there.

Thanks,
Max