Hi Gianni, since I kicked off this issue I am confirming that @bmccracken is the PjM on our team and @dnelson1 is our Lead BE dev. Trace (shelms1) has recently moved to another team so we’d like to consolidate conversations ASAP given the blocker on our end. Hope this helps, thanks!
1 Like
@gianni.zoom just following up on the above to make sure we’re okay to move forward. Thanks!
1 Like
Hi @gianni.zoom, yeah I changed teams and now @bbrown, @dnelson1, and @bmccracken will be taking over this work. Thank you for all of your help! 
Hi @bmccracken @bbrown @dnelson1 thanks so much, I’ll update shortly!
@gianni.zoom appreciate the update. For the sake of understanding where we are at in the process, this issue was submitted 27 days ago, and converted to a ticket 20 days ago. Is this being actively worked on? We need to start looking into alternatives soon given our timeline, so if you could help me understand a potential timeline or ETA that would be very helpful on our end. Thanks!
Hi @bbrown , with the internal review, your team is encouraged to ensure that the accessing user has the same permissions assigned, whether at the role level or the user level when accessing the API. Can you please double check and confirm the following:
- what is the user role (e.x. admin, owner) for person querying the API
- whether that user role has all permissions added in the web portal
- the scopes assigned are relevant for the user access
I believe you have done so, but I need to ask in good faith again for the internal teammate who has looked at the backend review for the behavior you’re seeing.
Additionally, I initially shared with @shelms1 about the app transfer but will pull you into a private message and re-share. EDIT: sent private message with the details I sent to him just now. Check your notifications to click into the private message and see the review/action items.
Hi @gianni.zoom, just checking in to see if this is still being looked into? It’s a pretty major blocker with being able to develop for Server-to-Server and master scopes.
Thank you, @gianni.zoom: this is a server-to-server app, so I don’t think “user role” for the person querying for the API is relevant.
Hi @dnelson1 , it is relevant. Can you please respond to the private message with the full details of what we looked into? Thank you!
For the trace scope error the root of the issue is typically the following:
- The mismatch between the app’s scopes and the user’s permissions .
- Attempting to access Sub-accounts APIs using the Master account ID → These APIs, such as:
/v2/accounts/{accountId}/*******, are specifically designed for Sub-accounts and should not be used with the Account IDs of the master account or Account. For more information, please visit:
Master Account API
Given you are the account owner on the master-subaccount structure and have the correct scopes applied, I believe there is another issue, but am experiencing a bit of pushback with the investigation. Hoping to resolve soon. Can you please confirm you are the master account owner and that is the role from which you are calling the API?
Hi Gianni,
Are there any updates on ZSEE-141967? I am attempting to call
GET /accounts/{accountId}/users
with a Zoom marketplace application (server-to-server oauth) that was created about a month ago, and I am getting the following response:
{
“code”: 4711,
“message”: “Invalid access token, does not contain scopes:[user:read:list_users:master].”
}
I have confirmed that the scope of the token being used is “recording:master user:read:list_users:master”, and I have an Admin account.
Thanks for your help,
Aaron Drake
Hi @acdrake are you passing a sub account id in accountId? You cannot use the master account id.
Hi all, please confirm if you are using a subaccount id or master account id in that request call. These APIs, such as: /v2/accounts/{accountId}/******* , are specifically designed for Sub-accounts and should not be used with the Account IDs of the master account or Account
Yes, I was attempting to use the master account ID. However, one of my coworkers said he was previously able to call this API using the master ID. Is this functionality that is now broken? Is there any other way to fetch all user data efficiently?
Thanks,
Aaron
Is there another API that works with a master account?
Hi @bbrown @acdrake , if you are looking for information for the master account, use “me” in place of accountId:
/v2/accounts/me/*******
I made the wrong assumption you were running to this error while trying to query for a subaccount.
Can you please run the request with me and let me know if it works?
Thanks for clarifying, Gianni.
I just tried making a GET request to /v2/accounts/me/users, and I’m getting back the following error response:
{
“code”: 4711,
“message”: “Invalid access token, does not contain scopes:[user:read:list_users:master].”
}
Prior to making this call, I attempted to get a new token by making a call to /oauth/token?grant_type=account_credentials&account_id={account_id}, and this is the info for the token being used:
Token Name: access_token
Access Token: ey…fw
Token Type: bearer
expires_in: 3599
scope: recording:master user:read:list_users:master
api_url: https://api.zoom.us
access_token_url: https://zoom.us/oauth/token?grant_type=account_credentials&account_id={account_id}
client_id: {client_id}
client_secret: {client_secret}
grant_type: password_credentials
client_authentication: header
refresh_token_url: https://zoom.us/oauth/token?grant_type=account_credentials&account_id={account_id}
timestamp: 1729022783762
Should I be doing something different to try to get the token if I’m using “me” as the account?
Thanks,
Aaron
Hi @acdrake , your token seems to be generated correct, but since you’re looking to see your own master’s accounts’ users, please use this endpoint: Users APIs - Zoom Developers
The error message you received does not not seem relevant.
me didn’t work, but following your advice on using a non-account URL, I found past_meetings/{meetingId}/participants, which may achieve what we need. I’ve asked my colleague why we’re using the accounts/{account_id/me}/metrics/meetings/{meetingId}/participants endpoint instead, but assuming the former is ok, I think we’re onto something (although I’m told that we’ll need sub-accounts to handle dev/stage/prod environments, so I may be able to try the latter once those are activated in our account).
Thank you for your help, Gianni.
Hi @dnelson1 see my response above your last one for an alternative and please let me know if it works since you’re checking your own account.
The master account endpoints are only if you have sub accounts to your master account. I’ve hyperlinked the documentation so you can see the scope of use outlined there.