OAuth returning code 124 Invalid Access Token. How to diagnose? Need more info

Using this template helps us debug your issues more effectively :slight_smile:

Description
I used the API to get my authorization code. My refresh token seems to be working. I can get a new access token every hour. However, when I make a call to the API, I get a 401 back with the content {“code”:124,“message”:“Invalid access token.”}

My app’s scope is report:read:admin

Is there any way to get more information? Is the token invalid due to a parse error? scope error? authorization error?

Error
{“code”:124,“message”:“Invalid access token.”}

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Which Endpoint/s?
/metrics/meetings

How To Reproduce (If applicable)
Steps to reproduce the behavior:

  1. Request URL / Headers (without credentials) / Body

GET https://api.zoom.us/v2/metrics/meetings?type=active&from=2021-07-01&to=2021-07-21
Authorization: “bearer eyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.eyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.yXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”

  1. See error

status: 401
content: {“code”:124,“message”:“Invalid access token.”}
string: HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Connection: close
Date: Thu, 22 Jul 2021 17:55:04 GMT
Pragma: no-cache
Content-Type: application/json;charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Client-Date: Thu, 22 Jul 2021 17:55:04 GMT
Client-Peer: XX.XXX.XX.XXX:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
Client-SSL-Cert-Subject: /C=US/ST=California/L=San Jose/O=Zoom Video Communications, Inc./CN=*.zoom.us
Client-SSL-Cipher: ECDHE-RSA-AES256-GCM-SHA384
Client-SSL-Socket-Class: IO::Socket::SSL
Client-Transfer-Encoding: chunked
Client-Warning: Missing Authenticate header
Set-Cookie: zm_aid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly
Set-Cookie: zm_haid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly
Set-Cookie: web_zak=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly
Set-Cookie: cred=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/; Secure; HttpOnly
Set-Cookie: _zm_ctaid=XXXXXXXXXXXXXXXXXXXXXX.XXXXXXXXXXXXX.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; Domain=.zoom.us; Expires=Thu, 22-Jul-2021 19:55:04 GMT; Path=/; Secure; HttpOnly
Set-Cookie: _zm_chtaid=XXX; Domain=.zoom.us; Expires=Thu, 22-Jul-2021 19:55:04 GMT; Path=/; Secure; HttpOnly
X-Content-Type-Options: nosniff
X-Zm-Trackingid: v=2.0;clid=aw1;rid=WEB_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Screenshots (If applicable)
N/A

Additional context
I’m using Perl, if that matters.

Hi @usmtech,

It looks like you’re calling our Dashboard endpoint (/metrics) but are trying to use a Report scope. In your OAuth App, please add the Dashboard read/admin scope and reauthorize the app.

Let me know if it resolves the error, thanks!
Will

Thanks for that information. I had been attempting to get /report/users, and tried a different endpoint out of desperation without updating the scope. The wrong URL ended up in the ticket. My apologies. I know that’s not helpful. Added the new scope, then realized I needed to switch the endpoint back. Still no joy, though. Attempting either endpoint yields the same result.

Replacing scope => ‘report:read:admin’ with ‘dashboard_meetings:read:admin report:read:admin’

===
GET https://api.zoom.us/v2/report/users?type=active&from=2021-07-01&to=2021-07-21
Authorization: "bearer ey… "

status: 401
content: {“code”:124,“message”:“Invalid access token.”}
string: HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, must-revalidate, no-transform
Connection: close
Date: Fri, 23 Jul 2021 16:34:52 GMT
Pragma: no-cache
Content-Type: application/json;charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Client-Date: Fri, 23 Jul 2021 16:34:52 GMT
Client-Peer: 52.202.62.237:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
Client-SSL-Cert-Subject: /C=US/ST=California/L=San Jose/O=Zoom Video Communications, Inc./CN=*.zoom.us
Client-SSL-Cipher: ECDHE-RSA-AES256-GCM-SHA384
Client-SSL-Socket-Class: IO::Socket::SSL
Client-Transfer-Encoding: chunked
Client-Warning: Missing Authenticate header
[… cookies …]
X-Content-Type-Options: nosniff
X-Zm-Trackingid: v=2.0;clid=aw1;rid=WEB_…