JS errorMessage: "Invalid signature."

Happy to help! :slight_smile:


Hey @zmalik976,

After base 64 decoding your signature, it looks like you are not setting the role when generating the signature.


Hey @zhaowentao,

What is the Web SDK signature you are generating so I can debug it?


thanks, The problem has been solved。Because i missed the apiKey with the appKey. :blush:

1 Like

Hi, I’ve also cloned the sample-app-web (CDN), added my API key and secret but I still get the “signature is invalid” error.

Here are more information:
Meeting number: ***********
Meeting pwd:
role: 0


*This post has been edited to remove any meeting / webinar IDs

Sorry I’ve just found out that I need to use JWT Key and Secret to make it work.

1 Like

Hi, we are experiencing a similar problem, but it happens intermittently.

Sometimes the signature will be valid and it will continue to work even if it wasn’t recently generated:

Other signatures always fail:

(this results in a modal containing these messages: “Joining meeting timeout.” and “Signature is invalid.”)

Both were generated using the same code (in ruby). We get approximately 1 valid signature for every 5-10 attempts.

Hey @zhaowentao, @aitsidihammou.achraf,

Happy to hear you got it working! :slight_smile:


Hey @esteban,

Double check your timezone settings are synced correctly:


Hi Tommy, just double checked and it is just fine.
It’s very odd because the error message happens randomly.

What else could this be ? We have a deadline for this integration and we don’t have any other clues on what could be causing this.

Any help would be greatly appreciated !

Hi, I am also experiencing a similar problem, and when I traced back, I found that the JWT credentials should be created from the OAuth authenticated account.

Is that so?

My Meeting Signature →

Did you managed to show your issue Ashwin ?

Yes I am getting this issue. Do you know anything about that?

We’ve been trying to solve it without success… @tommy can you help us out here ? Your input would be great.

Ok, so I will tell you what problem I am having, may be you can get some idea

After the user connects their Zoom account with my app, and creating a new meeting they get this issue.

Now, how I was able to solve it partially? The JWT credentials should be from the same account which was connected earlier.

But this is not possible in the production env, that everyone creates a JWT app in their account.

@tommy help us out here.

Ashwin, just got this code from another post and it seems to solve the issue, I hope it solves your problem
as well.

require "base64"
module SignatureRoles
  HOST = 1
def generate_signature(meeting_id:)
  # Prevent time sync issue between client signature generation and Zoom
  timestamp = (Time.now.to_f * 1000).round(0) - 30000
  role = <logic for host or participant> ? SignatureRoles::HOST : SignatureRoles::PARTICIPANT
  key = Rails.application.config.zoom.api_key
  secret = Rails.application.config.zoom.api_secret
  message = Base64.strict_encode64([key, meeting_id, timestamp, role].join)
  hash = Base64.strict_encode64(OpenSSL::HMAC.digest("SHA256", secret, message))
  Base64.strict_encode64([key, meeting_id, timestamp, role, hash].join("."))

I need the PHP version of this thing. Although the current method which I use to generate the signature was used from the samples code provided by the Zoom.

This is my current code to generate the signature

        $role = 1; // Host role

        $time = time() * 1000 - 40000;//time in milliseconds (or close enough)

        $data = base64_encode($jwtApiKey . $meetingNumber . $time . $role);

        $hash = hash_hmac('sha256', $data, $jwtApiSecret, true);

        $_sig = $jwtApiKey . "." . $meetingNumber . "." . $time . "." . $role . "." . base64_encode($hash);

        //return signature, url safe base64 encoded
        $signature = rtrim(strtr(base64_encode($_sig), '+/', '-_'), '=');

Hey @esteban,

Using that code, did that solve the issue for you?


Hey @ashwin.parihar,

I see you are using the PHP sample on our docs. Are you saying it is not working?

With the Web SDK and a set of JWT credentials, you can start and join meetings owned by the same account as the JWT App, and you can join external meetings not owned by the same account as the JWT App. You can’t start meetings that are not owned by the same account as the JWT App.

Does that make sense?


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.