Hi Gianni, since I kicked off this issue I am confirming that @bmccracken is the PjM on our team and @dnelson1 is our Lead BE dev. Trace (shelms1) has recently moved to another team so we’d like to consolidate conversations ASAP given the blocker on our end. Hope this helps, thanks!
@gianni.zoom just following up on the above to make sure we’re okay to move forward. Thanks!
Hi @gianni.zoom, yeah I changed teams and now @bbrown, @dnelson1, and @bmccracken will be taking over this work. Thank you for all of your help!
Hi @bmccracken @bbrown @dnelson1 thanks so much, I’ll update shortly!
@gianni.zoom appreciate the update. For the sake of understanding where we are at in the process, this issue was submitted 27 days ago, and converted to a ticket 20 days ago. Is this being actively worked on? We need to start looking into alternatives soon given our timeline, so if you could help me understand a potential timeline or ETA that would be very helpful on our end. Thanks!
Hi @bbrown , with the internal review, your team is encouraged to ensure that the accessing user has the same permissions assigned, whether at the role level or the user level when accessing the API. Can you please double check and confirm the following:
- what is the user role (e.x. admin, owner) for person querying the API
- whether that user role has all permissions added in the web portal
- the scopes assigned are relevant for the user access
I believe you have done so, but I need to ask in good faith again for the internal teammate who has looked at the backend review for the behavior you’re seeing.
Additionally, I initially shared with @shelms1 about the app transfer but will pull you into a private message and re-share. EDIT: sent private message with the details I sent to him just now. Check your notifications to click into the private message and see the review/action items.
Hi @gianni.zoom, just checking in to see if this is still being looked into? It’s a pretty major blocker with being able to develop for Server-to-Server and master scopes.
Thank you, @gianni.zoom: this is a server-to-server app, so I don’t think “user role” for the person querying for the API is relevant.
Hi @dnelson1 , it is relevant. Can you please respond to the private message with the full details of what we looked into? Thank you!
For the trace scope error the root of the issue is typically the following:
- The mismatch between the app’s scopes and the user’s permissions .
- Attempting to access Sub-accounts APIs using the Master account ID → These APIs, such as:
/v2/accounts/{accountId}/*******
, are specifically designed for Sub-accounts and should not be used with the Account IDs of the master account or Account. For more information, please visit: Master Account API
Given you are the account owner on the master-subaccount structure and have the correct scopes applied, I believe there is another issue, but am experiencing a bit of pushback with the investigation. Hoping to resolve soon. Can you please confirm you are the master account owner and that is the role from which you are calling the API?
Hi Gianni,
Are there any updates on ZSEE-141967? I am attempting to call
GET /accounts/{accountId}/users
with a Zoom marketplace application (server-to-server oauth) that was created about a month ago, and I am getting the following response:
{
“code”: 4711,
“message”: “Invalid access token, does not contain scopes:[user:read:list_users:master].”
}
I have confirmed that the scope of the token being used is “recording:master user:read:list_users:master”, and I have an Admin account.
Thanks for your help,
Aaron Drake
Hi @acdrake are you passing a sub account id in accountId
? You cannot use the master account id.
Hi all, please confirm if you are using a subaccount id or master account id in that request call. These APIs, such as: /v2/accounts/{accountId}/*******
, are specifically designed for Sub-accounts and should not be used with the Account IDs of the master account or Account