Started getting "Invalid redirect: (4,700)"

Last week everything worked but starting this week our customers report they cannot authorize our Zoom App due to “Invalid redirect error”. An example of such an error for our testing school is “Invalid redirect: (4,700)”.
The redirect URI for our app is “”. The app is
The request that causes that particular error is

No way to authorize the app. It shows error for every user that tries to authorize it. Example: “Invalid redirect: (4,700)”. The invalid redirect URI depends on the school the user belongs to.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth App

Which Endpoint/s?
Knowing the API endpoint/s can help us to identify your issue faster. Please link the ones you need help/have a question with.

How To Reproduce (If applicable)
Steps to reproduce the behavior:

  1. Open in a browser.
  2. The error “Invalid redirect: (4,700)” is shown.

Screenshots (If applicable)

Additional context
I suspect the issue started to happen due to “any” stooped to work as a wildcard for any subdomain within the main domain for multitenant apps like ours.

1 Like

Hey @sergii.iakovyn

Thanks for posting on the Zoom Devforum! I am still learning, but I will try my best to help answer your question. :slightly_smiling_face:

Checkout these related threads that may have the answer you are looking for:

If these threads did not help, please let us know by replying back here and someone from the Developer Relations team will get back to you shortly.


I get one step in investigating the issue. For unknown reason the whitelist URLs are the only ones allowed in the redirect_uri. I have as “Redirect URL for OAuth” and “” as a whitelist URL. Looks like Whitelist URL functionality changed its behavior.

After experimenting a bit more I can say that support for multitenancy as described in is completely broken. Whitelist URLs do not understand any as a placeholder for tenant subdomain nor they allow for any in the “Redirect URL for OAuth”.
Looking forward for an update from Zoom dev team.

Hey @sergii.iakovyn,

Instead of setting as your whitelist, try setting the base domain, and putting as the default production redirect url.

Let me know if that fixes the issue. :slight_smile:


Hi @tommy
Copying from my post:

I have as “Redirect URL for OAuth” and “” as a whitelist URL

So you suggest what I already have and what doesn’t work anymore :frowning:

Hey @sergii.iakovyn,

Does it work if you add the sub domain url ( within the whitelist?

I will see if anything changed or there is a bug on our side. (ZOOM-162618)


Hi @tommy,

Does it work if you add the sub domain url ( ) within the whitelist?

It does not help. The only way to make it accept the redirect_uri is to have it started from one of whitelisted URLs. It asks for a user consent only if I manually make the redirect URI. In my particular case the accepted URL is instead of, thus, drawing the multitenancy unusable.

Hey @sergii.iakovyn,

Other developers are also reporting this issue. Our engineering team is investigating the root cause.

I will share updates with you as I get them.

Apologies for the inconvenience.


Hello, I also have same issue.
In my case, my OAuth app has worked very well.
However, suddenly this issue happened at first two days before (I’m not sure the exact day issue happend).
Other apis using token issued before works well, but only the problem is authorization process.
I think there was no change in my code for a few days… I want to get your help

Here is my App’s info:

Whitelist URL:

Publishable URL:

In real case, we have state query parameter, so this is real error message.
(잘못된 리디렉션 == Invalid redirection)

I hope your check and reply.
Thank you,

Hey @dev9, @sergii.iakovyn,

It should be fixed now! :slight_smile:

Please try and let me know if you see any issue.


Hi, @tommy
I found that my publishable URL works again! Thanks for your effort.

However, as mentioned above, I have used query parameter named state in redirect URL to give some information. Even though publishable URL works, if I add query parameter, it still fails.
Is this change intended? If so, can you tell me why this change happened?
Also, I hope any guideline if you can since I should find another way to deliver data to my server ASAP.

My state parameter has JSON value, using JSON.stringify().
I leave my failed URL for your check. This is URL for test account & test course.

I found that just using query parameter is not the case.
I tried simple parameter such as state=1234 to my redirect URL, and it works!
I think some of URI encoded components in my result of JSON.stringify makes some issue.

Thanks you,

Hey @dev9,

Happy to hear it is fixed now! :slight_smile:

Yes, you will want to use the state query param and a URL safe value for it.


Hi @tommy,

I think there was miscommunication.
In my case, I use state parameter with JSON object, and it DOESN’T FIXED yet.
Please check the url I gave before.


Hey @dev9,

Can you give me a sample JSON object so I can reproduce the issue? Your best bet right now is to use a URL safe state parameter. :slight_smile:


Hi @tommy

I’m sure it is URL-safe value since it have been worked so far… (maybe until 1 week ago)
Anyway, the parameter is like this:

Of course we encode this using encodeURIComponent, so the result becomes:

The full authorization link is below (The value of courseId & uid is for test):{"uid"%3A4644%2C"courseId"%3A4971}

I hope you can get enough information from my reply.
If needs more, please let me know.


Thanks @tommy. I, however, cannot test it now as we reworked our flow to avoid dependency on multitenancy support.

@tommy , I tested it in our test environment and looks like it is really fixed. Thanks again!

1 Like

Happy to hear! :slight_smile:

Let me know if you need anything else!


Hey @dev9,

Checkout my post here which should fix the issue: