List Meetings generates Scope error (4700) via service code but works via postman and cURL

Attempting to list the meetings for current user but receiving a scope error via service (python/flask) code. Same access_token works via postman without issue.


{'code': 4700, 'message': 'Invalid access token, does not contain scopes: [meeting:write, meeting:write:admin].'}

Which App Type (OAuth / Chatbot / JWT / Webhook)?
SDK - “Zoom App”

Which Endpoint/s?

How To Reproduce (If applicable)

  1. User Authorizes via[client_id]&redirect_uri=[redirect_uri]
  2. Capture [code] value appended to [redirect_uri]. Then send authorization code grant token request[code]&redirect_uri=[redirect_uri] using basic auth header base64.encoded(client_id:client_secret) to get the initial refresh token
  3. use the refresh token to get access token[refresh_token] (same basic auth as above)
  4. now that we have an active access token, use it to request using bearer access token generated above
  5. via service code receive this error {'code': 4700, 'message': 'Invalid access token, does not contain scopes: [meeting:write, meeting:write:admin].'}

NOTE: This exact flow works via postman… :thinking:

Calling Code (Python)

    url = f""
    headers = {
        'Authorization': f"Bearer {access_token}",
    response =, headers=headers)

Additional Context
The token should have meeting:read scope which, as I understand from the API documentation, is sufficient.

The response from the refresh step to get the active access_token is below:

{'access_token': '[access_token]', 'token_type': 'bearer', 'refresh_token': '[refresh_token]', 'expires_in': 3599, 'scope': 'meeting:read recording:read user:read zoomapp:inmeeting'}

(all actual token values replaced by bracketed symbols)

Also to test excluding any additional headers that postman might add I tried it as cURL and it works:

Try switching to requests.get() so that you send a GET request and not a POST request. This will match the calls you made in Postman.

1 Like

:man_facepalming: Alas… that was exactly it. Thank you @MultiplayerSession :pray:

1 Like