Error: Invalid api key or secret

I am using rauth's OAuth2Service to handle OAuth2 authentication with Python3, and I keep getting an error about an invalid api key or secret. I have attached the code below for your reference:

class ZoomClient():
        self.zoom_auth = OAuth2Service(
            client_id = CLIENT_ID,
            client_secret = CLIENT_SECRET,
            name = 'zoom',
            authorize_url = '',
            access_token_url = '',
            base_url = ''

        self.access_token = self.get_access_token()        
        print('Access token sucessfully acquired.')


    def make_request(self):
        request_uri = ''
        headers = {
            'Authorization' : 'Bearer {}'.format(self.access_token)
        response = requests.get(request_uri, headers = headers)

    def get_decoder(self, payload):
        return json.loads(payload.decode('utf-8'))
    def get_access_token(self):
        session = self.zoom_auth.get_auth_session(data = {'code': 'foo', 'grant_type' : 'client_credentials', 'redirect_uri' : self.REDIRECT_URL}, decoder=self.get_decoder)
        return session.access_token

I have already tried replace grant_type to code, but I receive a different error from rauth shown below:

Decoder failed to handle access_token with data as returned by provider. A different decoder may be needed. Provider returned: b\'{"reason":"Internal Error","error":"invalid_request"}


{'code': 200, 'message': 'Invalid api key or secret.'}

Which App Type (OAuth / Chatbot / JWT / Webhook)?

Which Endpoint/s?

How To Reproduce (If applicable)
Steps to reproduce the behavior:

  1. Run Client class with Client ID and Secret

  2. See error

1 Like

Hey @Ansh

Thanks for posting on the Zoom Devforum! I am still learning, but I will try my best to help answer your question. :slightly_smiling_face:

Checkout this related thread that may have the answer you are looking for:

If this thread did not help, please let us know by replying back here and someone from the Developer Relations team will get back to you shortly.


1 Like

Sorry, this didn’t help

1 Like

Hey @Ansh,

Please see my post here:


Hi @tommy,

I think I tried this, and I received another error. I have attached the full error below:

    z = ZoomClient('****', '****', '')
  File "/Users/***/Desktop/Zoom-Attendance/src/", line 20, in __init__
    self.access_token = self.get_access_token()        
  File "/Users/***/Desktop/Zoom-Attendance/src/", line 38, in get_access_token
    session = self.zoom_auth.get_auth_session(data = {'code': 'foo', 'grant_type' : 'authorization_code', 'redirect_uri' : self.REDIRECT_URL}, decoder=self.get_decoder)
  File "/opt/anaconda3/lib/python3.7/site-packages/rauth/", line 556, in get_auth_session
    session = self.get_session(self.get_access_token(method, **kwargs))
  File "/opt/anaconda3/lib/python3.7/site-packages/rauth/", line 542, in get_access_token
    access_token, = process_token_request(r, decoder, key)
  File "/opt/anaconda3/lib/python3.7/site-packages/rauth/", line 24, in process_token_request
    raise KeyError(PROCESS_TOKEN_ERROR.format(key=bad_key, raw=r.content))
KeyError: 'Decoder failed to handle access_token with data as returned by provider. A different decoder may be needed. Provider returned: b\'{"reason":"Invalid authorization code foo","error":"invalid_request"}\''

The change I made was to switch grant_type to "authorization_code". I censored certain directories / client secrets using *** as they have revealing names/info.

Hey @Ansh,

Make sure you are only using the auth code in the redirect url once.

It is only valid once, then you will need to refresh the access token using the refresh flow.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.