Invalid S2S Access Token

API Endpoint(s) and/or Zoom API Event(s)
Link the API endpoint(s) and/orZoom API Event(s) you’re working with to help give context.

On creating S2S Access Token for the first time, I am getting Invalid Access Token while adding hosts, but when I regenrated the token it worked correctly. This is happening more than once now. How do I resolve this?

Invalid Access Token

How To Reproduce
Steps to reproduce the behavior:
*1. Add credentials for creating S2S Access TOken
*2. Generate the token
*3. Sometimes I’m getting Invalid Access Token

Hi @abhishekkumar
Thanks for reaching out to us!
Could you please make sure that you are not generating more than 1 token at a time?
With server to server Oauth tokens, you can only have 1 active token, so if you generate a new token, the previous one will be invalidated.
This could be causing the invalid access token error you are seeing.

@elisa.zoom It happened for a new token i generated, the token was working fine after regenerating again. I faced it more than once.

Hey @abhishekkumar
Is this still happening today?
Whenever this happens again, could you please save the access token and the request you sent and share them with me? You can ping me here and once you have that information I will send you a Direct Message and that way you will be able to send that token privately

1 Like

zoom token -

The token was generated just now and when we are trying to add an user we can getting Invalid access token. The next time when we are regenerating access token it’s working when we regenerated it.

on decoding the token:

  "aud": "",
  "uid": "2
  "ver": 9,
  "nbf": 1684824624,
  "code": "7
  "iss": "z
  "gno": 0,
  "exp": 1684828224,
  "type": 3,
  "iat": 1684824624,
  "aid": "rfNk

can we check this ?

I will send you a private message to follow up @abhishekkumar

I have a similar question: We are seeing an HTTP 400 “Bad Request” response from some of our Zoom API calls. The body message is “Invalid access token.”

Make sure that your access_tokens are valid.
With the server to server oauth app, when you generate a new token, the previous one gets invalidated

Hi Elisa, thanks for your response. I do take care to replace the old access token when we generate a new one. I have some details about the error we are seeing, I wonder if you would be able to use the tracking code below to determine the cause of the error?

We are seeing an HTTP 400 “Bad Request” response from some of our Zoom API calls. The body message is “Invalid access token.” We have seen this both in a production account and QA accounts. It does not happen every time.

This result is from a query to get a phone user profile, e.g. GET “accounts/{accountId}/phone/users/{userId}”. The log info, from an example using a production account, is below. Some relevant data from the log:

Account Id = Tm8NBVszRdmL-A1s52mOOA
User Id = 9VftMZP-ToOg9idf6ypWYw
Query: GET: URL=
Tracking Id: WEB_29b99fb5a701472abb7a42270b57db86

2023-05-23 00:33:39,652 ERROR ZOOM-3661-group-Tm8NBVszRdmL-A1s52mOOA-collector (txnid=2ymr17edlhzjmeax,appid=100):RestServiceUnirestImpl Throwing exception for response: HTTP Status=400, Status Text=Bad Request, Headers={date=[Tue, 23 May 2023 00:33:39 GMT], content-length=[46], server=[cloudflare], x-zm-region=[VA], cf-ray=[7cb9356e5bd48cc6-EWR], vary=[Origin, Access-Control-Request-Method, Access-Control-Request-Headers], x-frame-options=[deny], cf-cache-status=[DYNAMIC], strict-transport-security=[max-age=31536000; includeSubDomains], nel=[{“success_fraction”:0.01,“report_to”:“cf-nel”,“max_age”:604800}], content-type=[application/json], connection=[keep-alive], report-to=[{“endpoints”:[{“url”:“”}],“group”:“cf-nel”,“max_age”:604800}], x-zm-trackingid=[WEB_29b99fb5a701472abb7a42270b57db86], alt-svc=[h3=“:443”; ma=86400, h3-29=“:443”; ma=86400]}, Body={“code”:401,“message”:“Invalid access token.”}, Request=Executing GET: URL=, Headers={authorization=[Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJZeGxuYlhmM1R0UzJpV3o0djNHeXJnIiwiZXhwIjoxNjg0ODA1NjE5fQ.jKNunzbc6eZX0cXynF_7ViOpJAOT5jZRfJBcaiK0P4Q], accept-encoding=[gzip], accept=[application/json], user-agent=[unirest-java/3.1.00]}, Body=none

Thank you,

Sorry for the late reply here
I have created an internal ticket with our Engineering team and will update you as soon as I hear back from them (ZSEE-95349 for your reference)