List Meetings generates Scope error (4700) via service code but works via postman and cURL

API and Webhooks Meetings
1

Description
Attempting to list the meetings for current user but receiving a scope error via service (python/flask) code. Same access_token works via postman without issue.

Error

{'code': 4700, 'message': 'Invalid access token, does not contain scopes: [meeting:write, meeting:write:admin].'}

Which App Type (OAuth / Chatbot / JWT / Webhook)?
SDK - “Zoom App”

image
image712×62 4.11 KB

Which Endpoint/s?
https://api.zoom.us/v2/users/me/meetings

How To Reproduce (If applicable)

  1. User Authorizes via https://zoom.us/oauth/authorize?response_type=code&client_id=[client_id]&redirect_uri=[redirect_uri]
  2. Capture [code] value appended to [redirect_uri]. Then send authorization code grant token request https://zoom.us/oauth/token?grant_type=authorization_code&code=[code]&redirect_uri=[redirect_uri] using basic auth header base64.encoded(client_id:client_secret) to get the initial refresh token
  3. use the refresh token to get access token https://zoom.us/oauth/token?grant_type=refresh_token&refresh_token=[refresh_token] (same basic auth as above)
  4. now that we have an active access token, use it to request https://api.zoom.us/v2/users/me/meetings using bearer access token generated above
  5. via service code receive this error {'code': 4700, 'message': 'Invalid access token, does not contain scopes: [meeting:write, meeting:write:admin].'}

NOTE: This exact flow works via postman… :thinking:

image
image1920×1615 103 KB

Calling Code (Python)

   ... 
    url = f"https://api.zoom.us/v2/users/me/meetings"
    headers = {
        'Authorization': f"Bearer {access_token}",
    }
    response = requests.post(url, headers=headers)
    ...

Additional Context
The token should have meeting:read scope which, as I understand from the API documentation, is sufficient.

The response from the refresh step to get the active access_token is below:

{'access_token': '[access_token]', 'token_type': 'bearer', 'refresh_token': '[refresh_token]', 'expires_in': 3599, 'scope': 'meeting:read recording:read user:read zoomapp:inmeeting'}

(all actual token values replaced by bracketed symbols)

Also to test excluding any additional headers that postman might add I tried it as cURL and it works:

image
image1046×292 85.7 KB

2

Try switching to requests.get() so that you send a GET request and not a POST request. This will match the calls you made in Postman.

1 Like
3

:man_facepalming: Alas… that was exactly it. Thank you @MultiplayerSession :pray:

1 Like