Invalid Signature Web SDK


I can’t seem to solve this invalid signature issue. I use the ZoomClient API to successfully create a scheduled meeting. I am trying to use the function below to create a signature to start the meeting, but I keep getting an invalid signature error. I’m using the web (component view). My credentials are Server-To-Server OAuth. Please help. I appreciate help from any body. Thanks

function generateSignature(key, secret, meetingNumber, role) {
const iat = Math.floor( / 1000) - 30;
const exp = iat + 60 * 60 * 2;

const oHeader = {
    alg: "HS256",
    typ: "JWT"

const oPayload = {
    appKey: key,
    sdkKey: key,
    meetingNumber: meetingNumber,
    role: role,
    iat: iat,
    exp: exp

// Define the HMACSHA256 function inline
function HMACSHA256(key, message) {
    const hash = CryptoJS.HmacSHA256(message, key);
    return CryptoJS.enc.Base64.stringify(hash);

// Create the encoded header and payload strings
const encodedHeader = btoa(JSON.stringify(oHeader));
const encodedPayload = btoa(JSON.stringify(oPayload));

// Generate the signature using HMAC SHA-256
const signature = HMACSHA256(secret, encodedHeader + "." + encodedPayload);

return signature;


async function initializeZoomMeeting() {
const client = ZoomMtgEmbedded.createClient();
const meetingSDKElement = document.getElementById(‘meetingSDKElement’);
const sdkKey = getCookie(“sdkKeyCookie”);
const secret = getCookie(“secretCookie”);
const mn = getCookie(“meetingIDCookie”)
client.init({ zoomAppRoot: meetingSDKElement, language: ‘en-US’ });
const generatedSignature = generateSignature(
mn, // Meeting Number
1 // Role (0 for a host, 1 for a participant)

try {
        sdkKey: clientID,
        signature: generatedSignature, // role in SDK signature needs to be 1
        meetingNumber: getCookie("meetingIDCookie"),
        password: meetingPassword,
        userName: email,
        zak: zakToken
} catch (error) {
    console.error('Error:', error);


// Initialize Zoom Meeting on page load.

@chuxyno to join Meeting with Meeting SDK, you need to use the ClientId and ClientSecret from a Meeting SDK App type instead of Server to Server Oauth app type

Thanks Chun. Does this mean I need to use both auth, or discard Server to Server Oauth for Meeting SDK auth?

@chuxyno you will need to use S2S OAuth for your API access, and Meeting SDK Credentials for Meeting SDK Auth.

There will be 2 apps.

Thanks. Will try it now

Hi Chung

Can you give me a pointer on this problem? Will I create a webinar with S2S Oauth, and start and join the webinar with the Meeting SDK Auth?

I can’t seem to be able to create a meeting with Meeting SDK Auth. Generating access tokens kept failing with the authorised code.

I’ve used the Meeting SDK Auth ID and secret to try starting the meeting, but I still get an invalid signature.

Can I see sample codes to create, start, and join webinars?

Hi Chung

I created a webinar with S2S credentials (I haven’t been able to do the same with the Meeting SDK). I tried to start a webinar with Meeting SDK credentials but still got an invalid signature.

@chuxyno , are you using the Web version of Meeting SDK?

If you are using Client View to join Webinar

If you are using Component View to join Webinar

Hi Chun

It’s been a week now since I’ve been on this invalid signature issue. I haven’t been able to move forward with my project. I had seen the links you sent before you sent them. How can I share my method of generating the signature, starting the webinar, and also my client ID and secret to help locate the problem? I’m using the Meeting SDK (web-compliant view) for starting and joining the webinar. I used S2S to create it.

This thread is in PM follow up.

The solution to the thread is to use the sample from Meeting SDK Auth