Hi As JWT APP is getting deprecated we are migrating to Server to server OAuth APP
Sometimes randomly we come across an issue
124- Invalid access token during our API calls
it may be due to concurrent API calls as multiple API calls getting hit simultaneously so token is getting invalid
i have read about some articles we need to increase token_index of our APP which can be used in https://zoom.us/oauth/token API
What is the max limit count for token_index for OAUTH token API ?
Who should we contact to increase our token_index limit?
Please send me some documentation of how this token_index works in OAUTH token API and how it should be implemented.
Hi @alroya
Thanks for reaching out to the Zoom Developer Forum, I am happy to help here!
This invalid access token issue you are seeing could be due to the concurrent API calls that you are generating; what I mean by this is that when you generate a new access token, the previous one will get invalidated.
A workaround for this issue is increasing your token_index tolerance or also creating different apps for different purposes.
And they will help you with this.
I am not aware of the max value of the token_index tolerance but support will be able to provide you with that information.
Cheers,
Elisa
In my case, I was limited to 3 token_index values (but testing still only accepted the default value of 1 for that parameter, so no impact from working with support), which wasn’t enough to cover two environments anyway, so I ended up creating multiple identical applications. In theory, you can negotiate for higher limits if you have what they called “a genuine business impacting use case” to counter the “higher security risk of having more index token [values]”.
Hi @MultiplayerSession
Thanks for sharing that with the community.
I am just curious about your case, where you can not use the token_index … I am happy to take a look into this for you.
If you have a support ticket number that you could share with me or I am happy to troubleshoot it
if there are multiple User how will it work if oauth token is getting expired for eg
One user is creating Zoom meeting via API and other is deleting another zoom meeting at same time then the firt token will get invalidated.
JWT app was not having this issue. so this migration to server to serve oauth is having this drawback
@alroya You have two valid (from Zoom’s perspective) tokens simultaneously (either via separate token_index values or different applications), but only one of them is in active use by your application at a given time. If you have a shared database, it can decide which one is in active use. You renew and perform maintenance on the token that is inactive, then swap it into active use for your application. Other processes can continue using the previous active token because it’s still valid from Zoom’s perspective, so they don’t need to notice the new token immediately. I’ve written more about this concept of a key rotation strategy in other threads.
@elisa.zoom I was getting a HTTP 400 response code with the body {"reason":"Invalid request : Maximum group number limit exceeded","error":"invalid_request"} whenever I raised the token_index above 0, but I’d invested 2 months into support ticket #14947692 and decided it was no longer worth the effort to troubleshoot further when anyone can just create multiple duplicate applications without Zoom’s prior approval (which is what the first backend engineer’s reply to that ticket recommended doing anyway) for functionality that should be available by default. Don’t worry about it; we needed 4 valid tokens anyway to share across 2 environments, and I don’t anticipate switching back to using token_index and coming up with a persuasive “genuine business impacting use case” at this point to make that happen.
@MultiplayerSession
Sorry to hear that Chris, I will take a look just to understand what happened and I will communicate back with you. Please let me know if there is anything else I could do for you