Invalid api key or secret error

I have been working on a Laravel project that provides online education to students. I wanted to use ZOOM services of video conferencing so that teacher can connect with his students through video conference. Following the API reference documentation, I have registered an app with zoom. I got API key and API secret along with an access token by following the documentation.

I am sending subsequent requests to post/fetch data from zoom, but I have been getting an error message like this.

Client error: POST resulted in a 400 Bad Request response: {“code”:200,“message”:“Invalid api key or secret.”}

I am sending API key and API secret in header but still getting the same error. Probably I am doing something wrong with the requesting process or may be something else, I don’t know. I have searched on internet how to integrate zoom with Laravel app but couldn’t found any helpful information.

Can anybody please help me to figure out what I am doing wrong? Can someone provide me some helpful resources about zoom API integration with Laravel?

My code:

    $client_id = env('CLIENT_ID');
    $client_secret = env('CLIENT_SECRET');

    $content = "grant_type=client_credentials&client_id=$client_id&client_secret=$client_secret";

    $curl = curl_init();

    curl_setopt_array($curl, array(

        CURLOPT_URL => $token_url,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => $content


    $data = curl_exec($curl);
    $result = json_decode($data);

    $access_token = $result->access_token;
    $client = new \GuzzleHttp\Client();

    $api_key = env('API_KEY');
    $api_secret = env('API_SECRET');

    $response = $client->request('POST', '', [
        'headers' => [
            'apikey' => $api_key,
            'apisecret' => $api_secret,
            'Accept' => 'application/json',
            'Content-Type' => 'application/json',
            'Authorization'     => 'Bearer '. $access_token
        'form_params' => [
            'first_name' => $request->first_name,
            'last_name' => $request->last_name,
            'email' => $request->email,
            'password' => $request->password,
    $response = $response->getBody()->getContents();

Hey @umarraza2200 thanks for using the Zoom API!

I noticed you are trying to use: grant_type=client_credentials to get an access_token. The grant_type=client_credentials is only for getting Chatbot tokens.

To call the Zoom APIs via the OAuth App Type you must use: grant_type=code to get an access_token.


For server to server integration, you can use a JWT App Type to call the Zoom APIs.

More details on Zoom App Types here.

Let me know if this works for you!


Hi Tommy,

Thanks for reaching me out. Let me know that what type, either JWT App type or OAuth type i have to use in my application. The scenario of the application is that on this web application,

teachers can take online virtual classes and can deliver lectures to students of this application. What type of app i have to integrate in my application? JWT for server to server integration or OAuth

for end-user?

I will be grateful if you guide me about that.


Umar Raza

Hey @umarraza2200,

For your use case, I would suggest an OAuth App because you will have many end-users using your application.

By creating an OAuth App on the Zoom App Marketplace, you can securely integrate with Zoom APIs and access users’ authorized data using a user-based authentication approach. This app can either be installed and managed across an account by account admins (account-level app) or by users individually (user-managed app).


Hey Tommy,

Just last question, Is there any certain type of role of JWT to integrate my app with OAuth? Do we need JWT token or JWT credentials to enable Oauth in my application? I am asking this because I have tried integrating Oauth and I was getting an

error related to JWT credentials “Invalid api key or secret”. What is the relationship between JWT and Oauth in this case.


Hey @umarraza2200,

If you use OAuth, in most cases you would not want to use JWT as well.

The steps to authenticate OAuth to call our API’s are a little different then JWT.

Here are instructions on how to get an access_token to call the Zoom API endpoints.

  1. Get an Authorization Code
  2. Use Authorization Code to get an Access Token
  3. Use the Access Token to call Zoom APIs. For example,


"Authorization": "Bearer {{ Access Token }}"

Let me know if this helps!


Hi tommy,

I’ve followed the guide you mentioned. Zoom gives an example to get an access token in Node js. I am using Laravel so I have to make request in Laravel. This is the code

$client_id = env('CLIENT_ID');
$client_secret = env('CLIENT_SECRET');
$redirect_uri = "http://localhost/alkhizra/get-autorization-code";
$content = "'$client_id'.&redirect_uri=.$redirect_uri";

$client = new \GuzzleHttp\Client();
$request = $client->get("'$client_id'.&redirect_uri=.$redirect_uri");
$response = $request->getBody()->getContents();

Now I am getting an error of invalid client_id although the client_id is correct.
Invalid client_id: .‘7zYVrnETtq5iqpuWXr5lA’. (4,702)

Can we make API requests to zoom if we are working on localhost or there are any helpful resource about integrating Zoom with Laravel application?

Hey @umarraza2200,

Can you try turning your localhost into a web server?

Example here:

Let me know if this works!