Getting 401 trying to refresh authorization token

We have an oauth app that appears to be working most of the time. It will use a stored refresh token to get a new access token, then create a meeting using the access token for authorization. And of course it save the new refresh and access token for next time.

It seems to work most of the time but we’re occasionally getting a 401.

HTTP 401 unauthorized status code returned.

Which App Type (OAuth / Chatbot / JWT / Webhook)?

Which Endpoint/s?

How To Reproduce (If applicable)
Post to URL
Content-Type-- ‘application/x-www-form-urlencoded
below is pseudo code for auth and body
Authorization-- "Basic " + base64 encoded (API Key + “:” + API Secret )
body – grant_type=refresh_token’
+ ‘&refresh_token=’ + URLEncodedUTF-8(refreshtoken)

Screenshots (If applicable)

Additional context
Is there something that could make a stored refresh token no longer valid? It seems like it works most of the time but some users have reported occasional failure. If they manually reauthorize, it starts working for a while but could fail a few days later. But also, some users that haven’t authorized in weeks are code can refresh and get new tokens with no issues.

1 Like

Hey @kkoellner,

Are you sending the grant_type and refresh token in the body?

Can you try adding it as query params as noted here:


I may have found the issue. We’re getting an occasional {“code”:300,“message”:“Invalid meetingId”} on cancel meeting. Our code composes and exception for our application to handle at a higher level but then the token that was just refreshed doesn’t get saved. Bottom line is we have to put the save token in a “finally” so it always gets saved.

Note sure why we’re getting an occasional 300 on cancel, maybe the meeting was manually deleted outside our application.

This is what we are getting on the cancel –

HttpRequest -- DELETE Content-Type:application/json Authorization:Bearer eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLzeCJraWQiOiI0MzY0OTE1OC1kYzQ3LTRjYzItOGJmYS1hMzk2YTUzODhhY2UifQ.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiJTck1pMUJES1FtV19VSVZtTlJnR2hRIiwiY29kZSI6InozNHJYbTlWV3RfajluNXZXemZSd2VQSnd0VGlaNFFEZyIsImlzcyI6InVybjp6b29tOmNvbm5lY3Q6Y2xpZW50aWQ6U3JNaTFCREtRbVdfVUlWbU5SZ0doUSIsImF1dGhlbnRpY2F0aW9uSWQiOiIwZTVhOWI4MGUyMDk5MzhlYzNjYTU0MjZjOTFiMzI4MSIsInVzZXJJZCI6Imo5bjV2V3pmUndlUEp3dFRpWjRRRGciLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiSXpJMTJzN0dSVVNvc29UMk42WldYZyIsIm5iZiI6MTU4NzU3MzIzMiwiZXhwIjoxNTg3NTc2ODMyLCJ0b2tlblR5cGUiOiJhY2Nlc3NfdG9rZW4iLCJpYXQiOjE1ODc1NzMyMzIsImp0aSI6ImQxY2QzZTViLWIzZjAtNDA0Yy1hNTYzLTAyMDllNzRlN2E5MiIsInRvbGVyYW5jZUlkIjoxOX0.Wn0OOjFqXGlgTZoyT6mtPPBeVJs5JPDxeJdfUFs0se0oCTRAkFGRFifqUpQu-85CJ4_wbCtMITC5mb3AqNVSMg

HttpResponse – 400 null Transfer-Encoding:chunked Cache-Control:no-cache, no-store, must-revalidate, no-transform Server:ZOOM X-Content-Type-Options:nosniff Connection:keep-alive Set-Cookie:_zm_date_format=mm/dd/yy;; Path=/; Secure;_zm_chtaid="";; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly;_zm_ctaid="";; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly;zm_haid="";; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly;zm_aid="";; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly Expires:Thu, 01 Jan 1970 00:00:00 GMT Pragma:no-cache x-zm-trackingid:WEB_fb30f595b872200daef40c4bf4244589 Date:Wed, 22 Apr 2020 16:33:52 GMT Content-Type:application/json;charset=UTF-8
{“code”:300,“message”:“Invalid meetingId”}

Hey @kkoellner,

Yeah you cannot pass in null as the meeting ID. :slight_smile: