Get app's user requests returns 403

Description
I am trying to use the “Get an app’s user requests” API to retrieve user requests for an app in my Zoom account. However, I consistently receive a 403 Forbidden response with no response body.
• I am using a valid OAuth access token with the required scope: marketplace:read:app_request:admin.
• The app ID I am querying belongs to my account. I tried all app IDs that I got from GET https://api.zoom.us/v2/marketplace/apps.
• Other API requests with the same token (e.g., fetching app details) work correctly.

Error
I receive a 403 Forbidden response with no response body.
Response headers:

HTTP/1.1 403 Forbidden  
Date: Wed, 19 Mar 2025 07:52:37 GMT  
Content-Length: 0  
Connection: keep-alive  
x-zm-trackingid: v=2.0;sid=WEB_eed3e4aed3b666fc3a0ce274daa8fae0;rid=MP_ffaa8b6fc07065ee0df96f17a2c87207  
x-mkt-region: VA2  
x-ratelimit-category: Medium  
x-content-type-options: nosniff  
x-xss-protection: 0  
Cache-Control: no-cache, no-store, max-age=0, must-revalidate  
pragma: no-cache  
expires: 0  
strict-transport-security: max-age=31536000 ; includeSubDomains  
x-frame-options: DENY  
Server: cloudflare  

How To Reproduce
Steps to reproduce the behavior:

  1. **Request URL **: GET https://api.zoom.us/v2/marketplace/apps/4FOX4jrzQD6cs12NngQvmQ/requests?page_size=30&status=approved
  2. Headers (excluding credentials) :
Accept: application/json  
Authorization: Bearer <token>  
User-Agent: PostmanRuntime/7.43.0  
Host: api.zoom.us  
Accept-Encoding: gzip, deflate, br  
Connection: keep-alive  
  1. Authentication Method : OAuth 2.0
  2. Response: 403 Forbidden with no response body

Can you confirm if there are any additional requirements for accessing this endpoint? Is there a reason why this request would be blocked despite having the required scope?

Hi @Marcel13
Can you please try calling this endpoint with an access token generated with the credentials that belong to that app and let me know if that works?

Hi Elisa,

I followed your suggestion and ensured that I’m using an access token generated with the credentials of the app I’m querying. Here’s what I did:

  1. I retrieved my apps using:
    GET https://api.zoom.us/v2/marketplace/apps?page_size=30&type=account_added

Response:

{
    "apps": [
        {
            "app_id": "8l1ATL7CS0Ocu64GPNuF-g",
            "app_name": "Reco SaaS Security",
            "app_type": "OAuthApp",
            "app_usage": 1,
            "app_status": "PUBLISHED"
        },
        ...
    ],
    "next_page_token": "",
    "page_size": 30
}

The Reco SaaS Security app (app_id: 8l1ATL7CS0Ocu64GPNuF-g) is the one I’m using, and I verified that the access token belongs to this app.

  1. I then made a request to:
    GET https://api.zoom.us/v2/marketplace/apps/8l1ATL7CS0Ocu64GPNuF-g/requests?page_size=30&status=approved
  • Using the same access token associated with this app.
  • Confirmed that the token has the required marketplace:read:app_request:admin scope.
  • Still receiving 403 Forbidden with no response body.

I also have some screenshots from the Zoom App Marketplace dashboard. With the scopes and the Call Logs with the failing request. But can’t upload them, I’m getting this error An error occurred: Sorry, you can't embed media items in a post.

Could you confirm if there are additional requirements to access this endpoint? Are there any account-level or app-level settings that might be blocking the request?

Hey @Marcel13
I apologize I did not get back to you sooner. Are you still having this issue?

Hi Elisa,

Yes, I’m still getting 403 status with no response body when making requests to GET https://api.zoom.us/v2/marketplace/apps/{app_id}/requests.

Thanks for getting back to me.
I just sent you a DM, follow up there please

To update this thread
We have identified that this is a bug on our end. We have to display error 404 Not found as there hasn’t been any install requests from the users for this app. If there are app authorization requests, then there will be a response.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.