Getting error Signature is Invalid - Web SDK Integration


I need technical support for the Zoom Web SDK. I am getting an error message “Signature is Invalid”

Here are the steps I followed.

  1. Downloaded the SDK Web sample from github.
    Project: meetingsdk-web-sample

  2. Modified Index.js file accordingly. Added Client Key and Secret as per given instructions.

  3. Run the npm install command. It installed the node_modules in the CDN folder. (NPM is Latest)

  4. Run the npm start command to run the sample application.

  5. Sample application was running, I added meeting ID and password etc and hit the Join button. It was showing the signature invalid screen.

After downloading the web sample app, I added the secret and client Ids.

1 Like

Getting the same error here. It was fine yesterday.

Hi @imrangmworld,

Thanks for reaching out to us and welcome to our community!

I will remove your screen capturing video and source code links as it’s exposing your SDK credentials and meeting details. I will encourage you to regenerate the SDK secret.

Are you using the right SDK from Meeting SDK? You can refer to this link Meeting SDK Auth


I can’t seem to solve this invalid signature issue. I use the ZoomClient API to successfully create a scheduled meeting. I am trying to use the function below to create a signature to start the meeting, but I keep getting an invalid signature error. I’m using the web (component view). My credentials are Server-To-Server OAuth. Please help.

function generateSignature(key, secret, meetingNumber, role) {
const iat = Math.floor( / 1000) - 30;
const exp = iat + 60 * 60 * 2;

const oHeader = {
    alg: "HS256",
    typ: "JWT"

const oPayload = {
    appKey: key,
    sdkKey: key,
    meetingNumber: meetingNumber,
    role: role,
    iat: iat,
    exp: exp

// Define the HMACSHA256 function inline
function HMACSHA256(key, message) {
    const hash = CryptoJS.HmacSHA256(message, key);
    return CryptoJS.enc.Base64.stringify(hash);

// Create the encoded header and payload strings
const encodedHeader = btoa(JSON.stringify(oHeader));
const encodedPayload = btoa(JSON.stringify(oPayload));

// Generate the signature using HMAC SHA-256
const signature = HMACSHA256(secret, encodedHeader + "." + encodedPayload);

return signature;


async function initializeZoomMeeting() {
const client = ZoomMtgEmbedded.createClient();
const meetingSDKElement = document.getElementById(‘meetingSDKElement’);
const sdkKey = getCookie(“sdkKeyCookie”);
const secret = getCookie(“secretCookie”);
const mn = getCookie(“meetingIDCookie”)
client.init({ zoomAppRoot: meetingSDKElement, language: ‘en-US’ });
const generatedSignature = generateSignature(
mn, // Meeting Number
1 // Role (0 for a host, 1 for a participant)

try {
        sdkKey: clientID,
        signature: generatedSignature, // role in SDK signature needs to be 1
        meetingNumber: getCookie("meetingIDCookie"),
        password: meetingPassword,
        userName: email,
        zak: zakToken
} catch (error) {
    console.error('Error:', error);


// Initialize Zoom Meeting on page load.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.