Getting {'code': 124, 'message': 'Invalid access token.'} when calling /chat/users/{userId}/messages/files. How to fix the problem?

Just this week I started getting the error {‘code’: 124, ‘message’: ‘Invalid access token.’} when calling /chat/users/{userId}/messages/files endpoing with an oauth access token. I am using this endpoint to upload a newly generated file on a callback call to my backend. I event tried revoking the token and using your sample application (zoomapps-sample-js) to generate access tokens to call the ‘files’ endpoint. Nothing seems to work.

{‘code’: 124, ‘message’: ‘Invalid access token.’} when calling both /chat/users/{userId}/messages/files and /chat/users/me/messages/files with a seemingly valid access token via Postman.

Hi @Staysmoon
Thanks for reaching out to the Zoom Developer Forum and welcome to our community!
Are you still experiencing this issue or were you able to solve it?

Please, let me know if there is anything I can do to support you

Hi @elisa.zoom! Unfortunately, I am still experiencing the problem. Double checked it yesterday and still no result.

Thanks @Staysmoon
Could you please share with me how are you generating the access token that you are trying to use to call our Chat endpoints?
Also, what kind of application are you using to generate those access tokens?


I am generating the token according to zoom’s guidelines (OAuth with Zoom) with the ‘chat_message:write’ scope. As for the app itself, I am building a document management app (office editor) so this endpoint is cruicial to make it working.

Could you please share the complete request URL that you are sending when requesting the access_token please @Staysmoon

The URL is{code}&code_verifier={verifier}&redirect_uri={auth_redirect_uri}&grant_type=authorization_code (‘code’ and ‘verifier’ from redirect_uri when users authorize my app) @elisa.zoom

Hi @Staysmoon
Sorry for the late reply.
If you have not been able to fix this issue, I would recommend you look into this amazing guide written by one of my colleagues that is relevant to the issue you are facing:

Hi Elisa,
I have the same issue.
I am using this endpoint to get the token (and it is working fine)
After retrieving the token, I am trying (using Rester) to call an endpoint, for example (same response for all the endpoints I tried),, but I always get the same response:

    "code": 124,
    "message": "Invalid access token."

Hi @tech5
Thanks for reaching out and welcome to our community.
Can you please verify that your server to server app has the right scopes added to call the endpoints you need?

I posted an extensive (and detailed) reply for you, but it seems that your system removed it (two times ), now I have to start from the beginning.
All the endpoints return the same error. I added the right permission, but as I commented all the endpoints (I tried many), return the same 124 code.

On the other hand, I tried to import the file I downloaded from here (spec) but the importation process to POSTMAN returns an error (I am trying to share screenshots with you here, but it seems that is not possible).

We have many customers using the JWT app, and we need to migrate to the " server to server app " but at the moment I did not find any clear documentation for this thing, it looks a bit confusing and there are not examples for PHP Etc…
This is how I call this endpoint, and how I pass the token I get from /oauth/token endpoint

I use Rester for testing the API (and postman as well). This is how I pass the token.
Authorization: Bearer lVDFKdmFDZzp0SXdmUFBycDg3ekJNQ2hhMFdCejQ0cUI4OG1OA==

Note: Finally I saw many posts and I removed all of them leaving only this one.
Trying to attach images to this post I got this message many times “An error occurred: Sorry, you can’t embed media items in a post.” If I am not allowed to attach images, why does the editor show this option? How I can explain the problem if I cannot upload a single screenshot :).

I am using Rester App to test the endpoints, and after moving “Bearer” from the environment constant “Token”, it works, but now I get a new error “Invalid CORS request”, is it not possible to test the endpoint using Rester or Postman? Should I call the endpoints from the server in order to test them? I am trying the endpoint to get the users list.
Kind regards.

Hi @tech5
Thanks for sharing more details with us and sorry that your post got deleted and that you are having trouble downloading the API spec

We have a Postman public space that you can use to test, please refer to the following post:

I also want to share this post about how to user the Server to server oauth app with postman:

I hope some of this information help