Multiple access tokens for zoom api


We are using web and android sdk for hosing webinars in our application. Currently, we are making api calls to zoom using the endpoint for token generation. The issue we are facing is whenever a new access token is generated, the old one gets invalidated, due to which we are facing unauthorized access quite frequently. Therefore, I request you to provide us multiple access tokens and guide me on how to acquire the same.

Please look into this on priority as this is affecting our business.

Hi @gaurav.gupta1
Thanks for reaching out to the Zoom Developer Forum, I am happy to help here!
Could you please confirm what app type are you using to generate the tokens so I can understand your issue better?


Hi elisa,
I am using server to server app with event notifications enabled.

Hi @gaurav.gupta1
Thanks for confirming that with me.
I just want to confirm that the issue that you are seeing is expected. When generating a token with the Server-to-Server Oauth app, this will be valid for 1 hour, but if you generate a new one, the previous one will be invalidated and this is the expected behavior.

Okay, but can I be provided multiple access tokens to manage this?

Hi @gaurav.gupta1
We do have a workaround for this and it is to increase the token_index tolerance for your application.
So you can generate tokens at different indexes.

For example, you request a token_index 1 and then another one at token_index 2, so the token generated at token_index 2 won’t invalidate the token_ index 1.

If you would like to get this token_index increase in your Server to Server OAuth app, feel free to reach out to our support team with a link to this thread and they will help you from there:


Is there any documention on how this token_index works? Do you request per specific app? How do you guarantee one environment uses token_index 1, 2nd enrvironment uses token_index 2?

Hi @cgoh1
This is an app-level increase, so if you want to request this for more than one app this is done per app.
you will have to programmatically make sure that you are assigning the tokens correctly in your different environments.

How this works is that you generate acces_token at different indexes and the creation of them won’t invalidate the previous one.
When you generate the first token_index=0 and right after that token_index=1, the first token will be valid even though you have generated a second one

And we’d request via a support ticket referencing the app by name? or client_id? or url?

My ticket is

Hey @cgoh1
Make sure to share the app name and client ID of your app

Will do. I thought the URL would be enough.

1 Like

The zoom ticket took a while to percolate, but they finally got it so we can use token_index.

Glad that work out! @cgoh1