Invalid Signature Help

Hi All,

Hoping someone can help me with my VUE.JS and ASP.NET C# project.

So, I’m testing the zoom meetings SDK for Vue.JS.

Now for this to work I need a signature end point.

In order to get a signature end point I need a meeting room number.

In order to get a meeting room number I need an OAUTH token.

In order to get an OAUTH token I need a valid code from the App I’ve created in my account.

So, having jumped through the above hoops, I get to the point of creating a signature endpoint and when I click a button to enter a meeting room I get signature invalid.

I do know having checked multiple times that I’m using the correct SDK client key and secret from the App account so it’s not that.

I’m coding everything back end in ASP.NET C# and can extract an App code, get an OAUTH token, create a meeting room, create a signature but it’s invalid.

Can anyone shed any light on why this may be.

Signature code:

        public IHttpActionResult GetSignature(string meetingNumber)
            string apiKey = "xxx";
            string apiSecret = "xxx";
            String ts = (ToTimestamp(DateTime.UtcNow.ToUniversalTime()) - 30000).ToString();
            string role = "0";
            string sig = GenerateToken(apiKey, apiSecret, meetingNumber, ts, role);
            return Ok(sig);

        public static long ToTimestamp(DateTime value)
            long epoch = (value.Ticks - 621355968000000000) / 10000;
            return epoch;
        public static string GenerateToken(string apiKey, string apiSecret, string meetingNumber, string ts, string role)
            char[] padding = { '=' };
            string message = String.Format("{0}{1}{2}{3}", apiKey, meetingNumber, ts, role);
            apiSecret = apiSecret ?? "";
            var encoding = new System.Text.ASCIIEncoding();
            byte[] keyByte = encoding.GetBytes(apiSecret);
            byte[] messageBytesTest = encoding.GetBytes(message);
            string msgHashPreHmac = System.Convert.ToBase64String(messageBytesTest);
            byte[] messageBytes = encoding.GetBytes(msgHashPreHmac);
            using (var hmacsha256 = new HMACSHA256(keyByte))
                byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
                string msgHash = System.Convert.ToBase64String(hashmessage);
                string token = String.Format("{0}.{1}.{2}.{3}.{4}", apiKey, meetingNumber, ts, role, msgHash);
                var tokenBytes = System.Text.Encoding.UTF8.GetBytes(token);
                return System.Convert.ToBase64String(tokenBytes).TrimEnd(padding);

Front end enter room trigger is from meetingsdk-vuejs-sample

Thanks in advance,


Hi @paul.deehan ,

Which specific SDK and version are you using? Additionally, can you please clarify what SDK credentials you’re using exactly? There’s a few threads on this, and I encourage you to check out some of them, like this one:

Thank you!

I’m obtaining an OAUTH token from this API call:" + code + “&redirect_uri=” + url

I use OAUTH credentials from the App I’ve created

The then create a meeting room via:" + token (OAUTH token from above).

I then use the “id” field to generate a signature end point. Note if I copy the Zoom URL from the above call it opens a meeting room from the Zoom client I have installed. Obviously I’m after opening in a browser where I can apply my own bespoke styling and branding.

To get the signature end point I use code snippet from original post using the SDK Key and SDK secret.

When I then attempt to enter the room I get invalid signature.

It’s suggested I need to use JWT App’s but these are being flagged as deprecated next year?

To clarify further I’ve tried this via an OAUTH app, SDK app, JWT app, client Key/Secret combo’s for all three types will generate an OAUTH token will generate a room, will create a signature end point, but ALL 3 get invalid signature. It cannot be this difficult surely?

Also as I’m testing this github example (GitHub - zoom/meetingsdk-vuejs-sample: Use the Zoom Meeting SDK in a Vue.js App) it does state to use SDK app credentials



I’ve added a VUE method to generate signature:

   getSignature() {
      const timestamp = new Date().getTime() - 30000
      const msg = Buffer.from(this.apiKey + this.meetingNumber + timestamp + this.role).toString('base64')
      const hash = Crypto.createHmac('sha256', this.apiSecret).update(msg).digest('base64')
      const signature = Buffer.from(`${this.apiKey}.${this.meetingNumber}.${timestamp}.${this.role}.${hash}`).toString('base64')

And still getting invalid signature.

I’ve not tried all combinations of API keys and secrets on ALL apps on my test account.

Can anyone assist or should I merely turn attention to Twilio or Vonage.

What email address can I escalate this please?

Hi @paul.deehan , you use the SDK app credentials to generate a JWT. This is different from the JWT app type that will be deprecated. I apologize for linking the earlier thread as it is an outdated workflow.

Please follow the process as outlined as followed here: SDK Authentication

Let me know if this is clearer.

No it is not any clearer - you are sending me to SDK authentication which refers to an end point with a meeting Number.


I take my apiKey/Secret and get token e.g.

I use the token to create meeting e.g.

But now all I get is not authorised.

Sorry but the documentation on here is shocking.