Previous Oauth Token is no more working


We are in the process of migrating JWT to Oauth Server to Server authentication.
Currently we have created one Oauth Server to Server authentication App in the account and we are using it for all the environments (Dev , QA , STG , PROD)

We were able to generate Oauth token and the token is working fine when we use it in the zoom APIs without any issues.

But we have observed that by creating a new Oauth Token(ex: new token created in Post man and previous token created in Application) , it is invalidating the previously created Oauth token. Due to this, Zoom APIs are failing with a 401 error.

Please suggest what should be the best approach for handling in multiple environments?
Also I wanted to know if there is a way to check in Zoom if the token is valid or not?

Please consider it as urgent request and we will be waiting for the response.


Hi @sripada.pallavi
Thanks for reaching out to the Zoom Developer Forum, I am happy to help here!
Sorry to hear that you are having issues implementing the Server to Server Oauth app.
The behavior that you are observing is the expected one, every time you generate a new token, the previous one gets invalidating.

If you have multiple environments, you can set up an application for each environment (we do not have a limit on the number of Server to Server Oauth apps that you can create in your account). We can also help you increase the token_index tolerance that way you can use the same credentials and just generate tokens at different indexes and these ones won’t invalidate the previous tokens. If you decide to go with this last option, feel free to reach out to support here and they will take it from there!

Hope this helps.

Unfortunately, the Server to Server OAuth app isn’t really set up for multiple environments nor clustered services. You have to ask Zoom for an increase to your index count and build your own token rotation system. :cry:

You know what is awesome about this whole thing? You point us to creating a ticket, and when we do, whoever just closes the ticket and tells us to use the developer forums.

Hi @tlewis !
I am sorry to hear that you were redirected to the forum again!
I can personally help you with this.
I will go ahead and send you a Direct Message and we will take it from there

Hi Pallavi,

It sounds like the issue you are facing is related to the way you are generating and using OAuth tokens. It’s important to note that OAuth tokens have a limited lifespan and will become invalid after a certain amount of time or if they are manually revoked.

To handle multiple environments, you should consider creating separate OAuth apps for each environment (Dev, QA, STG, PROD) and use the appropriate OAuth app and token for each environment. This will prevent any conflicts or issues with invalidating previous tokens.

Regarding checking if a token is valid or not, you can use the Zoom API’s “Check Token Validity” endpoint to validate a token. This endpoint will return a response indicating whether the token is valid or not.

I hope this helps! Let me know if you have any further questions.


1 Like