Issue with Zoom API Integration on Website (JWT → OAuth Migration)

Hi all,

I’m working on a website for a Texas Roadhouse location, and I’m integrating Zoom meetings so customers can schedule virtual events and catering consultations directly from the site. The site uses a PHP backend that connects to the Zoom API.

I originally built this using a JWT app, but since JWT is deprecated, I’m trying to migrate everything to OAuth. After switching, my API calls to create a meeting return:

{
“code”: 124,
“message”: “Invalid access token.”
}

Details:

API endpoint: POST /users/{userId}/meetings

UserId: my email address (works in JWT version)

Token: Access token generated via OAuth app in Zoom Marketplace

Redirect URL + scopes configured: meeting:write, user:read

Backend: PHP 8.1 with cURL requests

Troubleshooting I’ve tried:

Verified that the access token is generated (I can see it in the logs).

Double-checked scopes in Zoom Marketplace.

Tested the same API request in Postman (same error).

Tried both account-level and user-level OAuth apps.

The goal is to allow users on the Texas Roadhouse site to click a button → book a consultation → automatically generate a Zoom meeting link via API.

Has anyone else run into this invalid access token issue during JWT to OAuth migration? Do I need to adjust how I’m refreshing tokens, or is there something specific to the {userId} parameter I should change?

Thanks in advance for any help!

Hi Emily,

if the OAuth access token isn’t tied correctly to the user context or if the {userId} value doesn’t match what Zoom expects. Instead of using your email, try using "me" as the {userId}, since the OAuth token is already scoped to the authenticated user. Also make sure you’re exchanging the authorization code for both an access token and refresh token, and that you’re using the latest, unexpired access token in each API call. If you’re still hitting the error even in Postman, it suggests the token itself isn’t valid for the scopes requested so recheck that your OAuth app is published (or set to account-level if multiple users are involved) and that the generated token explicitly includes meeting:write.

Hi @Emily4 when you say JWT to OAuth migration, did you just create an OAuth app or you’re following this guide?

Can you confirm if you have any other features enabled, for example Meeting SDK?

Additionally, what is the full response from the token creation call? Do you see token expiration and the scopes added in the response?

Thanks so much for the detailed explanation—that really helps! I hadn’t tried using “me” as the {userId}, so I’ll test that approach instead of the email. I’ll also double-check that my token exchange is correctly pulling both the access and refresh tokens, and that I’m always sending the latest unexpired token. Good point about verifying the scopes and app type too—I’ll go back and make sure the OAuth app is set up at the right level and that the generated token actually includes the meeting scopes. Appreciate the guidance!