Invalid access token on GET


I have an OAuth+User Managed app on the zoom marketplace that I would like to publish. Beside that, I also have an SDK app because I need to use webSDK integration.

My requirement is to be able to start zoom meetings on behalf of other users (not belonging to my development account). For this reason, I understand that I need to use zak token, as well as to publish my app to the zoom marketplace.

QUESTION 1: it is enough to publish OAuth app or I also need to publish the SDK app?

This is what I do:
my users connect their zoom account to the app via OAuth2 in order to obtain an access token. I store users’ access_token on my db. When a user wants to start a zoom meeting on my app, I invoke first the API to get the zak token, and then the API to create a meeting. I also generate an sdk signature with role 1, and then I use the webSDK’s component view to start the meeting on my app.

The problem is: sometimes I get this error when I try to get a zak token:

“code”: 4700,
“message”: “Invalid access token, does not contain scopes: [user:write:admin, user:read:admin, user:read, user:write, user_profile].”

I have added the user_zak:read scope to both my applications (OAuth and SDK).

It seems that I get this error when I invoke the API with the access_token of the user to whom the app is connected. For example, on my local environment, I am not able to get the zak token for my development user, while for other users connected my my development account it works.

On dev environment, where the app is currently being reviewed and connected to the reviewer’s zoom account, the reviewer is getting the same error.

Can you please help?

@alessandro.feliziani Hope you will be fine.

Here is the session → Get user Zoom Access Key Token - ZAK - (Zoom REST API)

Invoking this endpoint fixes the issue:

I also notic that zak is a one-time token. I was storing it on db in order to re-use it. This is wrong, need to generate a fresh one each time.

Hi I am developing app using Android zoom meeting SDK using which SDK is initialised by JWT token and ZAK token is used to join meeting as Host. I want to know lifetime of ZAK token for Free user and paid user. As my meetings can run for 10 hrs. And life of ZAK token is just 2 hrs.
Please reply

You have ttl (time-to-live) for custom expiry time with zak.

Hi thanks for your reply. Can you please provide exact code where TTL is to be passed to generate the ZAK. I am using PHP CURL to generate the ZAK which is valid for 2 hrs. only. I have purchased your paid plan Rs. 1300/- per month where meeting can last up to 30hrs. with 100 participants. The Android app that we developed using zoom SDK have meeting for 8 hrs. Long but as Zak token life is of 2 hrs so it ends the meeting. Please let us know how we can have ZAK token of long life.
Also the app that we developed does not initialise zoomsdk on Android version 14
Please provide solution.
Thanks & Regards

Here is the endpoint → /users/{userId}/token

The above solution does not solve my problem. Please provide solution for my second problem of Error in initizing the zoomsdk on Android version 14.
What is the solution so that zoomsdk initialise on Android 14 version also. It is working fine for Android version 13