My understanding is the authorization code is one-use. You need to exchange that for an access token for something that can be reused; for details, see “Step 2: Request Access Token” in OAuth with Zoom.
While you’re there, note that the intention is to eventually make Proof Key for Code Exchange (PKCE) a requirement, but it is currently on hold due to interoperability concerns.