Getting 403 on call OAuth get token API

API and Webhooks
1

Getting 403 on call OAuth token API

Description
url call:
https://zoom.us/oauth/token?grant_type=authorization_code&code="+code+"&redirect_uri=https://gomdolworld.com/zoomverify/getToken

String auth = "Basic " + zoom.base64encode(zoomclientid + ‘:’ +zoomclientsec);
String res = zoom.postTest(url, “”,auth);

public String postTest(String requestURL, String jsonMessage, String authInfo) {

String result = “”;
try {
HttpClient client = HttpClientBuilder.create().build(); // HttpClient create
HttpPost postRequest = new HttpPost(requestURL); //POST
postRequest.setHeader(“Accept”, “application/json”);
postRequest.setHeader(“Connection”, “keep-alive”);
postRequest.setHeader(“Content-Type”, “application/json”);

if(!authInfo.equals("")) {

// postRequest.addHeader(“Authorization”,authInfo);
postRequest.setHeader(“Authorization”,authInfo);
}

postRequest.setEntity(new StringEntity(jsonMessage)); 

HttpResponse response = client.execute(postRequest);
log.info(response.toString());  // <=== get Error

//Response 출력
if (response.getStatusLine().getStatusCode() == 200) {
	ResponseHandler<String> handler = new BasicResponseHandler();
	String body = handler.handleResponse(response);
	result = body;
	System.out.println(body);
} else {
	System.out.println("response is error : " + response.getStatusLine().getStatusCode());
}

} catch (Exception e){
System.err.println(e.toString());
}

but response.StatusCode = Forbidden 403
@tommy could you help me?
@Michael_Purnell could you help me?

Screenshots (If applicable)

403 error
403 error1504×212 14.7 KB

Additional context
error full Text: HttpResponseProxy{HTTP/1.1 403 [Date: Tue, 09 Mar 2021 15:14:37 GMT, Content-Type: application/json;charset=UTF-8, Transfer-Encoding: chunked, Connection: keep-alive, x-zm-trackingid: WEB_0ffd661bad4ff075c4c4567353456ad4, X-Content-Type-Options: nosniff, Content-Security-Policy: upgrade-insecure-requests; default-src https://.zoom.us https://zoom.us https://us01pbxstatic.zoom.us blob: ‘self’; script-src ‘unsafe-eval’ ‘unsafe-inline’ blob: about: https://ruanshi2.8686c.com https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://d2b9h3rz4xo53c.cloudfront.net https://d24cgw3uvb9a9h.cloudfront.net https://googleads.g.doubleclick.net https://pi.pardot.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://static.zoom.com.cn https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/ https://optimize.google.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/releases/ https://www.gstatic.cn/recaptcha/releases/ https://google.com https://docs.google.com https://cse.google.com https://maps.google.com https://www.google.com https://www.recaptcha.net https://linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://ads.linkedin.com https://www.youtube.com https://us01pbxstatic.zoom.us https://www.gstatic.com https://www.gstatic.cn https://fonts.googleapis.com https://hcaptcha.com https://assets.hcaptcha.com https://.ada.support https://.adroll.com https://.hotjar.com https://.zoom.us https://.zoomcloudpbx.com https://.zoomus.cn https://*.zopim.com https://adroll.com https://zoom.us https://apis.google.com https://gstatic.zoom.com.cn ‘self’; img-src https: about: blob: data: ‘self’; style-src https: safari-extension: chrome-extension: ‘unsafe-inline’ data: ‘self’; font-src https: safari-extension: chrome-extension: blob: data: ‘self’; connect-src * about: blob: data: ‘self’; media-src * rtmp: blob: data: ‘self’; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: ‘self’; object-src ‘none’; base-uri ‘none’;, X-FRAME-OPTIONS: SAMEORIGIN, Set-Cookie: zm_aid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly, Set-Cookie: zm_haid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly, Set-Cookie: web_zak=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly, Set-Cookie: cred=944A3FC1E9DBCC04C4EDD8354B9F4FA5; Path=/; Secure; HttpOnly, Set-Cookie: _zm_page_auth=aw1_c_7-yLhe5CR-a_THMKTmqehw; Domain=.zoom.us; Path=/; Secure; HttpOnly, p3p: CP=“NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM”, Set-Cookie: _zm_ssid=aw1_c_QEaNLVfNS7SOJRXmPvbXrA; Domain=.zoom.us; Path=/; Secure; HttpOnly, Set-Cookie: _zm_ctaid=K-j1PzLRRZiPdnIUgz2pYg.1615302877490.edb33134f4f3b3aa53ba55ca6c2da241; Domain=.zoom.us; Expires=Tue, 09-Mar-2021 17:14:37 GMT; Path=/; Secure; HttpOnly, Set-Cookie: _zm_chtaid=173; Domain=.zoom.us; Expires=Tue, 09-Mar-2021 17:14:37 GMT; Path=/; Secure; HttpOnly, Cache-Control: no-store, Pragma: no-cache] ResponseEntityProxy{[Content-Type: application/json;charset=UTF-8,Chunked: true]}}

2

Hey @sh.baek,

Thank you for reaching out to the Zoom Developer Forum. So far, I’m not seeing anything wrong with how you’re requesting a token. When you get a 403 error, do you also get a response body with an error message?

If so, please paste the response body here.

Thanks,
Max

3

Error message is bottom

HttpResponseProxy{HTTP/1.1 403 [Date: Tue, 09 Mar 2021 15:14:37 GMT, Content-Type: application/json;charset=UTF-8, Transfer-Encoding: chunked, Connection: keep-alive, x-zm-trackingid: WEB_0ffd661bad4ff075c4c4567353456ad4, X-Content-Type-Options: nosniff, Content-Security-Policy: upgrade-insecure-requests; default-src https:// .zoom.us https://zoom.us https://us01pbxstatic.zoom.us blob: ‘self’; script-src ‘unsafe-eval’ ‘unsafe-inline’ blob: about: https://ruanshi2.8686c.com https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://d2b9h3rz4xo53c.cloudfront.net https://d24cgw3uvb9a9h.cloudfront.net https://googleads.g.doubleclick.net https://pi.pardot.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://static.zoom.com.cn https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/ https://optimize.google.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/releases/ https://www.gstatic.cn/recaptcha/releases/ https://google.com https://docs.google.com https://cse.google.com https://maps.google.com https://www.google.com https://www.recaptcha.net https://linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://ads.linkedin.com https://www.youtube.com https://us01pbxstatic.zoom.us https://www.gstatic.com https://www.gstatic.cn https://fonts.googleapis.com https://hcaptcha.com https://assets.hcaptcha.com https:// .ada.support https:// .adroll.com https:// .hotjar.com https:// .zoom.us https:// .zoomcloudpbx.com https:// .zoomus.cn https://*.zopim.com https://adroll.com https://zoom.us https://apis.google.com https://gstatic.zoom.com.cn ‘self’; img-src https: about: blob: data: ‘self’; style-src https: safari-extension: chrome-extension: ‘unsafe-inline’ data: ‘self’; font-src https: safari-extension: chrome-extension: blob: data: ‘self’; connect-src * about: blob: data: ‘self’; media-src * rtmp: blob: data: ‘self’; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: ‘self’; object-src ‘none’; base-uri ‘none’;, X-FRAME-OPTIONS: SAMEORIGIN, Set-Cookie: zm_aid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly, Set-Cookie: zm_haid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly, Set-Cookie: web_zak=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly, Set-Cookie: cred=944A3FC1E9DBCC04C4EDD8354B9F4FA5; Path=/; Secure; HttpOnly, Set-Cookie: _zm_page_auth=aw1_c_7-yLhe5CR-a_THMKTmqehw; Domain=.zoom.us; Path=/; Secure; HttpOnly, p3p: CP=“NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM”, Set-Cookie: _zm_ssid=aw1_c_QEaNLVfNS7SOJRXmPvbXrA; Domain=.zoom.us; Path=/; Secure; HttpOnly, Set-Cookie: _zm_ctaid=K-j1PzLRRZiPdnIUgz2pYg.1615302877490.edb33134f4f3b3aa53ba55ca6c2da241; Domain=.zoom.us; Expires=Tue, 09-Mar-2021 17:14:37 GMT; Path=/; Secure; HttpOnly, Set-Cookie: _zm_chtaid=173; Domain=.zoom.us; Expires=Tue, 09-Mar-2021 17:14:37 GMT; Path=/; Secure; HttpOnly, Cache-Control: no-store, Pragma: no-cache] ResponseEntityProxy{[Content-Type: application/json;charset=UTF-8,Chunked: true]}}

Thanks

4

Hey @sh.baek,

Thank you for the update. From what I can tell, that just contains headers related to the response but doesn’t include the response body itself.

I can see that in the next section of your code, you print the response body but only if you receive a 200 OK status. Try printing the response body even when you have a 403 status to see if we can learn anything else about this error.

If you see a response body is printed, please add it here and I’ll investigate further.

Thanks,
Max

5

I’ve got a strong on the part where the error occurs.
(HttpResponse response = client.execute(postRequest); <== This is where that error occurs.)
403 error is displayed in the debug process

6

Hey @sh.baek,

Thank you for highlighting where the error occurs. I understand that you’re getting a 403 status code when calling client.execute. Instead of printing the entire HTTPResponse as a string, you should be able to print just the response body just to help identify any error messages that were sent along with the 403 error.

Here’s an example of what that would look like:

HttpResponse response = client.execute(postRequest); 
ResponseHandler<String> handler = new BasicResponseHandler();
String body = handler.handleResponse(response);
System.out.println(body);

Let me know if it would be possible to try something like that in your code just for the purposes of debugging this issue. If so, please provide the output when making that change.

Thanks,
Max

7

This was a redirect error.

Thank you for your help.

1 Like
8

Hey @sh.baek,

I’m glad to hear that you resolved your issue! Please don’t hesitate to reach out if you encounter any further issues or questions.

Thanks,
Max

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.