Open meeting using ZAK started today to ask for credentials

In our Internal app, working since 2020, starting from today Sep 20 / 2021, zoom is asking for credentials to start meetings using a link with ZAK.

Our APP generates a new ZAK each time the user what to start a meeting, so no problem of ZAK expiration.

If meetings are scheduled with normal unique Meeting ID, the app works normally and user can start meetings normally, impersonating the account and starting as a meeting HOST.
But using the same code, with meetings scheduled with PMI, is not working any more since today.

Today we saw a change done by zoom two days ago in Saturday 18/2021

maybe some rule changed inside ZOOM and we need to adjust our code, but no info found yet.


If you are the meeting host, sign in to start the meeting(***********)

App Type, JWT.

Just refreshed Key+Secret, create a new meetings, changed the PMI ID number to a new one.
Behaivor keeps the same.

Some info or guidelines will be appreciated.

Hey Dani,

We did make a recent change to our API which meant that some ZAK tokens created less than 30 days ago became invalid. You should be able to call the Get a Meeting API to obtain a new start_url for that meeting.

You mentioned that you’ve created a new meeting. Does that mean that none of the start_urls for any of your meetings are working?


MaxM, Thanks for the answer!

Well, as I said, this behavior only happens with meetings scheduled using PMI.
Meetings with standard unique IDs, works flawlessly.

So, the workaround I’ve found was to write a small function to update the ZAK and call it just after the general call to get the meeting start_url, and then “patch” the gotten start_url with a new ZAK from my own zakupd function.

So, by sures your recent changes on the API is affecting start_url links when using PMI, cause still today, is not working as before September Saturday 18.

my solution :

$newzak = zakupd ($token, '');   //master admin acount with permission to schedule for others accounts.
$url_patched = ''.$myArray->{'pmi'}.'?zak='.$newzak->{'token'};
function zakupd ($token, $email){
    $curl2 = curl_init();
    curl_setopt_array($curl2, array(          
        CURLOPT_URL => "".$email."/token?type=zak",
        CURLOPT_ENCODING => "",
        CURLOPT_MAXREDIRS => 10,
        CURLOPT_TIMEOUT => 30,
        CURLOPT_HTTPHEADER => array(
          "authorization: Bearer $token",
          "content-type: application/json"
    $response2 = curl_exec($curl2);
    $err = curl_error($curl2);
    if ($err) {
        return "Error #:" . $err;
    } else {          
          $myArray2 = json_decode($response2);                 
          return $myArray2;        

Hey @Dani,

Thanks for clarifying. Just to confirm, you’re still seeing that calls to the Get a Meeting API (when using the PMI) have a ZAK token that’s incorrect?

If that’s the case, please send an email to with a link to this thread. In that email, please include the App Name and App Owner Email where you’re seeing this.

I’ll use that information to investigate further.


Yes, the bug is still there…

I’ll do that, thanks a lot for your answers…

Happy to help! We’ll follow up with you in the ticket.