Issue with user data API call – client credentials not supported

Hello,

Our client has requested that we integrate their chatbot with Zoom.
To achieve this, we initially created a General App in the Zoom Marketplace for testing purposes. This application has the following configuration:

  • Type: General App

  • Basic Information:

    • Selected: User-managed

    • Configured the OAuth Redirect URL

  • Access:

    • Configured 4 events and a Webhook URL
  • Surface:

    • Set the app usage as Team Chat

    • Enabled Team Chat Subscription and configured the Bot Endpoint URL

  • Scopes:

    • Chat

      • imchat:userapp
    • Message

      • message:write:content

      • message:read:content

    • Team Chat

      • team_chat:update:user_message

      • team_chat:delete:user_message

      • team_chat:update:message_status

      • team_chat:update:message_emoji

      • team_chat:write:files

      • team_chat:write:message_files

      • team_chat:read:list_scheduled_messages

      • team_chat:update:bookmark

      • team_chat:write:reminder

      • team_chat:delete:scheduled_message

      • team_chat:delete:reminder

      • team_chat:read:list_user_channels

      • team_chat:read:contact

      • team_chat:read:thread_message

      • team_chat:read:list_user_sessions

      • team_chat:read:list_user_messages

      • team_chat:read:user_message

    • User

      • user:read:user

      • user:read:presence_status

Once this setup was completed, we added the app for local testing.

In parallel, we created a small Node.js application to test the integration.
This app uses the CLIENT_ID, CLIENT_SECRET, and WEBHOOK_SECRET_TOKEN from our Zoom app, and calls the endpoint:

https://zoom.us/oauth/token

with Basic Authentication and grant_type=client_credentials.

In the response payload, along with the access token, we receive the following scopes:

marketplace:delete:event_subscription 
marketplace:read:list_event_subscriptions 
marketplace:update:client_secret 
marketplace:update:event_subscription 
marketplace:write:event_subscription 
marketplace:write:websocket_connection 
imchat:userapp

At first glance, everything seems to work:

  • The user installs the application.

  • The user can chat with our chatbot through the integration.

  • Our application receives the bot_notification event via webhook and responds correctly.

The problem:
We need to retrieve additional user information. We are trying to call:

GET https://api.zoom.us/v2/users/{userId}

using the token generated earlier. However, the API returns the following error:

{
  "code": 124,
  "message": "This API does not support client credentials for authorization."
}

Although our app has the scope user:read:user, this scope does not appear in the token response.

My questions:

  • Why are we unable to access user data with the current setup?

  • Is this a permissions issue with the app owner?

  • Do we need to create a different type of application to perform these user data queries? If so, which type of app should we create, and what is the correct approach?

  • Or am I missing something in the way I am performing the request?

In summary: Could someone clarify what I am missing or doing wrong?

Thank you in advance.

1 Like

Since this is a user-managed application, are you passing the me keyword as the user ID in the Get a user request URL? This seems like an error condition when you don’t do so. Otherwise, you’ll need the admin-level scopes and be an admin-managed application.

2 Likes

Hi @Andres_J, the Users APIs require a user-authorized OAuth access token, so a token from grant_type=client_credentials will be rejected for user data

Your current token’s scopes (marketplace:*, imchat:userapp) indicate a client-credentials grant intended for marketplace/chat, not Users endpoints; request the user:read:user or user:read:admin scopes via user consent or account-level auth instead

For a user-managed app, run the Authorization Code flow and call GET /users/me (the me keyword returns the installing user without needing their ID)

If you must read other users on the account, make the app admin-managed or use Server-to-Server OAuth, and include admin scopes like user:read:admin as listed in the Users API reference

3 Likes

Hi,

I have tried with “me” and also using the userid, getting the same error.

Regards.

Hi,

I have tried to create an S2S with Account-level app but I do not have the scope “user:read:admin” nor the “user:read:user:admin” and “user:read:user”.

Regards.

Hi @Andres_J

When you do not see the scopes available, it’s most likely because the account owner did not give permission for that category for your specific role. See the documentation here: Using role management.

They would need to give read rights for users under the user management settings in the portal.