Invalid access token on GET


I have an OAuth+User Managed app on the zoom marketplace that I would like to publish. Beside that, I also have an SDK app because I need to use webSDK integration.

My requirement is to be able to start zoom meetings on behalf of other users (not belonging to my development account). For this reason, I understand that I need to use zak token, as well as to publish my app to the zoom marketplace.

QUESTION 1: it is enough to publish OAuth app or I also need to publish the SDK app?

This is what I do:
my users connect their zoom account to the app via OAuth2 in order to obtain an access token. I store users’ access_token on my db. When a user wants to start a zoom meeting on my app, I invoke first the API to get the zak token, and then the API to create a meeting. I also generate an sdk signature with role 1, and then I use the webSDK’s component view to start the meeting on my app.

The problem is: sometimes I get this error when I try to get a zak token:

“code”: 4700,
“message”: “Invalid access token, does not contain scopes: [user:write:admin, user:read:admin, user:read, user:write, user_profile].”

I have added the user_zak:read scope to both my applications (OAuth and SDK).

It seems that I get this error when I invoke the API with the access_token of the user to whom the app is connected. For example, on my local environment, I am not able to get the zak token for my development user, while for other users connected my my development account it works.

On dev environment, where the app is currently being reviewed and connected to the reviewer’s zoom account, the reviewer is getting the same error.

Can you please help?

@alessandro.feliziani Hope you will be fine.

Here is the session → Get user Zoom Access Key Token - ZAK - (Zoom REST API)

Invoking this endpoint fixes the issue:

I also notic that zak is a one-time token. I was storing it on db in order to re-use it. This is wrong, need to generate a fresh one each time.