Having troubles authenticating Zoom API with OAuth 2.0 Authentication (Python)

Having troubles understanding how to save access_tokens and refresh_tokens to environmental variables so we can use these tokens in subsequent post calls. Authorization code keeps expiring whenever a session is exited out.

{‘reason’: ‘Invalid authorization code xxxxxxxxxxxxxxxxxxxxxxxxxx’, ‘error’: ‘invalid_request’}

Which App Type (OAuth / Chatbot / JWT / Webhook)?

Which Endpoint/s?
'https://zoom.us/oauth/token?’, ‘https://api.zoom.us/v2/meetings/

How To Reproduce (If applicable)

Steps to reproduce the behavior:

  1. Initialize API URLS (token_url and meeting_url)

  2. Initialize client secret, client id and auth code received from OAuth app.

  3. Run functions with authorization

def get_token(client_id, client_secret, token_url):
headers = {‘Authorization’: ‘Basic {}’.format(base64.b64encode(bytes(’{}:{}’.format(client_id,client_secret).encode(‘utf-8’))).decode(‘utf-8’))}
response = requests.post(token_url+‘grant_type=authorization_code&code=’ + authorization_code + ‘&redirect_uri=https://manual.connect-care.ca/’, headers=headers)
return json.loads(response.text)**

def token_refresh(client_id, client_secret, token_url, refresh_token):
refresh_data = ‘grant_type=refresh_token&refresh_token=’+ refresh_token
headers = {‘Authorization’: ‘Basic {}’.format(base64.b64encode(bytes(’{}:{}’.format(client_id,client_secret).encode(‘utf-8’))).decode(‘utf-8’))}
response = requests.post(token_url + refresh_data, headers=headers)
return json.loads(response.text)

  1. Save response.text into Access_Token and Refresh_Token variables.

refresh_token = json_token[‘refresh_token’]
access_token = json_token[‘access_token’]

  1. Use Access_token to post to meeting url

headers = {‘content-type’: ‘application/json’,‘Authorization’: "Bearer " + access_token}
for i in range(len(input_values)):
if input_values.ZoomInvite[i] == ‘Blank’:
payload = {‘email’:input_values.Email_Address[i],‘first_name’:input_values.Learner_Name[i], ‘last_name’:‘Test’}
SessionDetail = str(input_values.SessionDetail[i])
r = requests.post(meetingurl + SessionDetail + “/registrants”, data=json.dumps(payload), headers=headers)
RegistrationData = json.loads(r.text)
input_values.ZoomInvite[i] = RegistrationData[‘join_url’]
if r.ok:
print(“download complete”)
if “token” in r.text:
print(“refresh token”)
print(“Invite is not Blank”)

Additional context

Once we get the tokens, we want to automate the post request (daily) without having to reproduce the authorization code on a daily basis (human interaction). Right now I am trying to save the access_token and refresh_token from the JSON response to an environmental variable. IE.

os.environ['refresh_token'] = refresh_token
os.environ['access_token'] = access_token

And use these saved values in subsequent Post requests to the Zoom API.

Hi @chrispotvin4, when an access token is provided, the response includes a single refresh token used to request the next valid access token. Access tokens are valid for one hour, with only one valid at one time per user. Refresh tokens have an expiration time of 15 years, but as with the access token - only one is valid at one time.

So when implementing OAuth token exchanges, you should store the currently valid access token (to make API requests) and currently valid refresh token. When the access token expires, the current refresh token (stored) should then be used to request a new access token.

This exchange should be built into the request process. If the access token is found to not be valid, you should use the stored refresh token to receive a new one.

Hope this helps

Hey Michael,

Yes using the database to store the tokens have made it much easier to handle. I have been able to run my script now without a hitch. I do have another question if that is okay.


How does this Endpoint work? What does the JSON response look like? We’re trying to embed the Calendar invitation but haven’t figured it out quite yet.

Hey @chrispotvin4,

That endpoint is not available in our Developer Platform. What are you trying to accomplish?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.