[Phone API] Invalid access token, does not any contain scope

Format Your New Topic as Follows:

API Endpoint(s) and/or Zoom API Event(s)

List phone users (https://api.zoom.us/v2/phone/users)
Zoom Phone API

Description
Above end point returns response

“code”: 124,
“message”: “Invalid access token, does not any contain scope.”

I am using JWT token generated by OAuth through the App

image

App is properly set to have Scopes: phone:read:admin
image

  • I am able to call using same token (e.x /users endpoint)

Does Phone API working properly? or What could be the issue?

Hi @tak try generating a new token directly within the OAuth app or through Postman and see if it works!

Hi Gianni, Thanks for the reply, I have already try regenerating a token but getting same result.

The response is bit strange to me, should it say what scope are missing in message, if there is any?
(e.x [Invalid access token, does not contain scopes: [meeting:read:admin, meeting:write:admin]] )

Hi @tak ,

Thanks for clarifying. Can you confirm that you have admin access with the right permissions? If yes, try the following:

  1. Un-authorize the app by going to “local test” and removing the app.
  2. Remove the phone:read:admin scope and re-add it.
  3. Re-authorize the app in “local test” by adding it back.
  4. Revoke the old OAuth access token and generate a new one.
  5. Make a request to the endpoint.

If this does not work, please create a support ticket, linking this thread with the following information for Service Engineering:

  • Account Id
  • Email of the user making the API requests
  • Full API request/response
  • Application credentials being used to make the API requests
  • The screenshots you attached here

Please let me know what happens.

Gianni

Hi Gianni,

Ok, I will try the “local” test tomorrow.

And back to my question. Is this a expected response?
if not what might be a cause? is that problem on your end?

“code”: 124,
“message”: “Invalid access token, does not any contain scope.”

image

Hi @tak ,

Yes this is intended behavior I believe for security reasons :slight_smile: