Migrating JWT to Server to Server Oauth from 2.6 to 2.7

API Endpoint(s) and/or Zoom API Event(s)
<link type=“text/css” rel=“stylesheet” href=“https://source.zoom.us/2.7.0/css/bootstrap.css” />
<link type=“text/css” rel=“stylesheet” href=“https://source.zoom.us/2.7.0/css/react-select.css” />
<script src=“https://source.zoom.us/2.7.0/lib/vendor/react.min.js”>
<script src=“https://source.zoom.us/2.7.0/lib/vendor/react-dom.min.js”>
<script src=“https://source.zoom.us/2.7.0/lib/vendor/redux.min.js”>
<script src=“https://source.zoom.us/2.7.0/lib/vendor/redux-thunk.min.js”>
<script src=“https://source.zoom.us/2.7.0/lib/vendor/lodash.min.js”>
<script src=“https://source.zoom.us/zoom-meeting-2.7.0.min.js”>

When I tried to migrate the zoom websdk from 2.6.0 to 2.7.0, I have updated the meeting.html and meeting.js (from 2.6.0 to 2.6.7) and changed apiKey to sdkKey.
I am using iFrame to embed the meeting.html, the iFrame src is also updated to pass the sdkKey, instead of apiKey.
Of course, I also updated the JWT api key and secret to Server-to-Server OAuth.
But I still use the old function to generate the signature, not sure if this is the reason causing the error.

The video screen shows:
Joining meeting timeout
invalid parameter

How To Reproduce
Steps to reproduce the behavior:
Here is the generated link for iFrame


Thank you for posting in the Zoom Developer – I am happy to help. See response below:

It looks like you the mn parameter has / appended to the meeting number. Can you removed that / and let us know if the behavior persists ?

Actually, there is no “/” between “mn=” and the meeting ID in the source code, not sure why it shown the “/”. Anyway, I tried again, still same error


Thanks for your response, @nelson.chow! Are you seeing the same issues with our Demo app? Or just with the migrated Zoom Web SDK version of your app? If the former, could you provide the steps to reproduce this with our demo app?

I have not checked your demo app. I just upgrade on my own codes at this stage. Do you mean I need to use your demo app to rewrite all the things?

Can I modify my existing codes in order to upgrade?


You can modify your existing codes in order to upgrade but you may encounter nuances. To help isolate the behavior you are seeing, could you please test with the sample App and let us know if the behavior continues?

Sorry, could you tell me where could I find the sample app?


You can find all of our sample Apps on Github: Zoom · GitHub

I tried the sample, (meetingsdk-web-sample-master.zip). I have updated the index.js with my client ID and secret (Server-To-Server OAuth), then I create the a zoom meeting to try. After entering the meeting ID and password and click join button, it prompts error invalid signature.

This is the generated link for your reference:


Instead of entering your client ID and secret (Server-To-Server OAuth), you want to enter the Meeting SDK marketplace App client ID and secret.

Create a Meeting SDK App


Authorization (Meeting SDK )


Note :

Sorry for the late reply, after changing to use “Meeting SDK” - SDK Key & SDK Secret, we still get “signature is invalid”

Do we need to change the function of generate the signature?

function generate_signature ( $api_key, $api_secret, $meeting_number, $role){
	$time = time() * 1000 - 30000;//time in milliseconds (or close enough)
	$data = base64_encode($api_key . $meeting_number . $time . $role);
	$hash = hash_hmac('sha256', $data, $api_secret, true);
	$_sig = $api_key . "." . $meeting_number . "." . $time . "." . $role . "." . base64_encode($hash);
	//return signature, url safe base64 encoded
	return rtrim(strtr(base64_encode($_sig), '+/', '-_'), '=');

Thank you for the details. To confirm, are you generating the signature with PHP function? If so, here is a helpful developer forum post on generating the signature with PHP:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.