Server-to-Server OAuth Invalid access token - Update meeting

API and Webhooks
,
1

Hello wonderful community,

I am trying to set up server-to-server OAuth and I’m stuck. My goal is to use Server-to-server Authentication to update a meeting (PATCH /v2/meetings/[meetingId]).

I can successfully perform the server-to-server Get access token API call, but the token cannot be used by subsequent API calls.

Here’s how I set up my access token request: curl --location --request POST ‘https://zoom.us/oauth/token?token_index=0&grant_type=account_credentials&account_id=’ *
*–header 'Authorization: Basic ’ *
–header 'Cookie: __cf_bm=; _zm_chtaid=476; _zm_ctaid=; _zm_mtk_guid=****’

When I execute the above curl command on Postman, I get an access token.

However, trying to use this token in subsequent calls results in:
{

  • “code”: 124,*
  • “message”: “Invalid access token.”*
    }

If anyone has any ideas on how to resolve this, I would greatly appreciate it. I’ve been stuck for hours, wondering if I’m doing something wrong with the access token or if server-to-server OAuth is just overly complex.

I really appreciate your input.

2

@collo060 is this specific to postman setup or just curl in general?

client_id="QkZ04UroQRizg2ZTj4FURQ"
client_secret="xxxxxxxxxxxxxxxxxxxxxxxxxxx"
account_id="9sS_PB2yR827nmtssg9wgQ"

oauth_url="https://zoom.us/oauth/token?grant_type=account_credentials&account_id=$account_id"


auth_header=$(echo -n "$client_id:$client_secret" | base64)


response=$(curl -s -X POST "$oauth_url" \
  -H "Authorization: Basic $auth_header")

http_code=$(echo "$response" | jq -r '. | if .access_token then 200 else 400 end')
if [ "$http_code" -eq 200 ]; then
  access_token=$(echo "$response" | jq -r '.access_token')
  echo "Access Token: $access_token"
else
  echo "OAuth Request Failed: $response"
fi
3

@collo060 the response should be something like this.

Access Token: eyJzdiI6IjAwMDAwMSIsImFsZyI6IkhTNTEyIiwidiI6IjIuMCIsImtpZCI6IjdkNjNjOTI2LTJhZDMtNDY0Yy1iMWY4LWU0Y2QwODFlNzQyYSJ9.eyxxxxxxxxxxxxxxxxxxxxxxxxLQks4ODVRIiwidmVyIjo5LCJhdWlkIjoiZDI4YWMwNGM5MTQxZmFhOTg3OTc1YTA3NjY0YjlmOGMiLCJuYmxxxxxxxxxxxxxxxxxOiJHbVRLR1ZqRlFSZTlTU256WVlQZzlnblhBQ2c0Mm8xQ3YiLCJpc3MiOiJ6bTpjaWQ6UWtaMDRVcm9RUml6ZzJaVGo0RlVSUSxxxxxxxxxxxxxxxxxxxxxxxxxxx.lI3SDhq-RosvxAjuqsrP-c_nTtXykEgxwX0AUit8_9VPiTxgI6sgabpveVT2zckuyBn_pyQivwvqBS2LuYs5xw

You will want to use only the portion below in the bearer when making your API call . Omit "Access Token: "

eyJzdiI6IjAwMDAwMSIsImFsZyI6IkhTNTEyIiwidiI6IjIuMCIsImtpZCI6IjdkNjNjOTI2LTJhZDMtNDY0Yy1iMWY4LWU0Y2QwODFlNzQyYSJ9.eyxxxxxxxxxxxxxxxxxxxxxxxxLQks4ODVRIiwidmVyIjo5LCJhdWlkIjoiZDI4YWMwNGM5MTQxZmFhOTg3OTc1YTA3NjY0YjlmOGMiLCJuYmxxxxxxxxxxxxxxxxxOiJHbVRLR1ZqRlFSZTlTU256WVlQZzlnblhBQ2c0Mm8xQ3YiLCJpc3MiOiJ6bTpjaWQ6UWtaMDRVcm9RUml6ZzJaVGo0RlVSUSxxxxxxxxxxxxxxxxxxxxxxxxxxx.lI3SDhq-RosvxAjuqsrP-c_nTtXykEgxwX0AUit8_9VPiTxgI6sgabpveVT2zckuyBn_pyQivwvqBS2LuYs5xw
1 Like