Test API call, using JWT, results in a 124 error code

API and Webhooks
1

Description
When I attempt to make an API call, using a JWT token, I’m receiving a response of {“code”:124,“message”:“Invalid access token.”}

I’ve attempted to generate a token using the node library jsonwebtoken and also generating a token from the JWT app tool credentials screen.

I’ve tried both JS code that makes a request and also just a straight curl call as well. I get the same response from the server.

Error
From Curl: {“code”:124,“message”:“Invalid access token.”}
From JS Code:

response:
IncomingMessage {
_readableState:
ReadableState {
objectMode: false,
highWaterMark: 16384,
buffer: BufferList { head: null, tail: null, length: 0 },
length: 0,
pipes: null,
pipesCount: 0,
flowing: true,
ended: true,
endEmitted: true,
reading: false,
sync: true,
needReadable: false,
emittedReadable: false,
readableListening: false,
resumeScheduled: false,
paused: false,
emitClose: true,
autoDestroy: false,
destroyed: false,
defaultEncoding: ‘utf8’,
awaitDrain: 0,
readingMore: true,
decoder: null,
encoding: null },
readable: false,
_events:
[Object: null prototype] {
end: [Array],
close: [Array],
data: [Function],
error: [Function] },
_eventsCount: 4,
_maxListeners: undefined,
socket:
TLSSocket {
_tlsOptions: [Object],
_secureEstablished: true,
_securePending: false,
_newSessionPending: false,
_controlReleased: true,
_SNICallback: null,
servername: ‘api.zoom.us’,
alpnProtocol: false,
authorized: true,
authorizationError: null,
encrypted: true,
_events: [Object],
_eventsCount: 8,
connecting: false,
_hadError: false,
_handle: null,
_parent: null,
_host: ‘api.zoom.us’,
_readableState: [ReadableState],
readable: false,
_maxListeners: undefined,
_writableState: [WritableState],
writable: false,
allowHalfOpen: false,
_sockname: null,
_pendingData: null,
_pendingEncoding: ‘’,
server: undefined,
_server: null,
ssl: null,
_requestCert: true,
_rejectUnauthorized: true,
parser: null,
_httpMessage: [ClientRequest],
write: [Function: writeAfterFIN],
[Symbol(res)]: [TLSWrap],
[Symbol(asyncId)]: 8,
[Symbol(lastWriteQueueSize)]: 0,
[Symbol(timeout)]: null,
[Symbol(kBytesRead)]: 926,
[Symbol(kBytesWritten)]: 379,
[Symbol(connect-options)]: [Object] },
connection:
TLSSocket {
_tlsOptions: [Object],
_secureEstablished: true,
_securePending: false,
_newSessionPending: false,
_controlReleased: true,
_SNICallback: null,
servername: ‘api.zoom.us’,
alpnProtocol: false,
authorized: true,
authorizationError: null,
encrypted: true,
_events: [Object],
_eventsCount: 8,
connecting: false,
_hadError: false,
_handle: null,
_parent: null,
_host: ‘api.zoom.us’,
_readableState: [ReadableState],
readable: false,
_maxListeners: undefined,
_writableState: [WritableState],
writable: false,
allowHalfOpen: false,
_sockname: null,
_pendingData: null,
_pendingEncoding: ‘’,
server: undefined,
_server: null,
ssl: null,
_requestCert: true,
_rejectUnauthorized: true,
parser: null,
_httpMessage: [ClientRequest],
write: [Function: writeAfterFIN],
[Symbol(res)]: [TLSWrap],
[Symbol(asyncId)]: 8,
[Symbol(lastWriteQueueSize)]: 0,
[Symbol(timeout)]: null,
[Symbol(kBytesRead)]: 926,
[Symbol(kBytesWritten)]: 379,
[Symbol(connect-options)]: [Object] },
httpVersionMajor: 1,
httpVersionMinor: 1,
httpVersion: ‘1.1’,
complete: true,
headers:
{ date: ‘Wed, 06 May 2020 14:28:33 GMT’,
‘content-type’: ‘application/json;charset=UTF-8’,
‘transfer-encoding’: ‘chunked’,
connection: ‘close’,
server: ‘ZOOM’,
‘x-zm-trackingid’: ‘WEB_7f072285283cc8416baec81814313cf7’,
‘x-content-type-options’: ‘nosniff’,
‘cache-control’: ‘no-cache, no-store, must-revalidate, no-transform’,
pragma: ‘no-cache’,
expires: ‘Thu, 01 Jan 1970 00:00:00 GMT’,
‘set-cookie’: [Array] },
rawHeaders:
[ ‘Date’,
‘Wed, 06 May 2020 14:28:33 GMT’,
‘Content-Type’,
‘application/json;charset=UTF-8’,
‘Transfer-Encoding’,
‘chunked’,
‘Connection’,
‘close’,
‘Server’,
‘ZOOM’,
‘x-zm-trackingid’,
‘WEB_7f072285283cc8416baec81814313cf7’,
‘X-Content-Type-Options’,
‘nosniff’,
‘Cache-Control’,
‘no-cache, no-store, must-revalidate, no-transform’,
‘Pragma’,
‘no-cache’,
‘Expires’,
‘Thu, 01 Jan 1970 00:00:00 GMT’,
‘Set-Cookie’,
‘zm_aid=“”; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly’,
‘Set-Cookie’,
‘zm_haid=“”; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly’,
‘Set-Cookie’,
‘_zm_ctaid=2i0HBZuNSkOObk3zaqbFPw.1588775313389.e7e7421dcba4a68b572b6a9b60548d79; Domain=.zoom.us; Expires=Wed, 06-May-2020 16:28:33 GMT; Path=/; Secure; HttpOnly’,
‘Set-Cookie’,
‘_zm_chtaid=357; Domain=.zoom.us; Expires=Wed, 06-May-2020 16:28:33 GMT; Path=/; Secure; HttpOnly’ ],
trailers: {},
rawTrailers: ,
aborted: false,
upgrade: false,
url: ‘’,
method: null,
statusCode: 401,
statusMessage: ‘’,
client:
TLSSocket {
_tlsOptions: [Object],
_secureEstablished: true,
_securePending: false,
_newSessionPending: false,
_controlReleased: true,
_SNICallback: null,
servername: ‘api.zoom.us’,
alpnProtocol: false,
authorized: true,
authorizationError: null,
encrypted: true,
_events: [Object],
_eventsCount: 8,
connecting: false,
_hadError: false,
_handle: null,
_parent: null,
_host: ‘api.zoom.us’,
_readableState: [ReadableState],
readable: false,
_maxListeners: undefined,
_writableState: [WritableState],
writable: false,
allowHalfOpen: false,
_sockname: null,
_pendingData: null,
_pendingEncoding: ‘’,
server: undefined,
_server: null,
ssl: null,
_requestCert: true,
_rejectUnauthorized: true,
parser: null,
_httpMessage: [ClientRequest],
write: [Function: writeAfterFIN],
[Symbol(res)]: [TLSWrap],
[Symbol(asyncId)]: 8,
[Symbol(lastWriteQueueSize)]: 0,
[Symbol(timeout)]: null,
[Symbol(kBytesRead)]: 926,
[Symbol(kBytesWritten)]: 379,
[Symbol(connect-options)]: [Object] },
_consuming: false,
_dumped: false,
req:
ClientRequest {
_events: [Object],
_eventsCount: 5,
_maxListeners: undefined,
output: ,
outputEncodings: ,
outputCallbacks: ,
outputSize: 0,
writable: true,
_last: true,
chunkedEncoding: false,
shouldKeepAlive: false,
useChunkedEncodingByDefault: false,
sendDate: false,
_removedConnection: false,
_removedContLen: false,
_removedTE: false,
_contentLength: 0,
_hasBody: true,
_trailer: ‘’,
finished: true,
_headerSent: true,
socket: [TLSSocket],
connection: [TLSSocket],
_header:
‘GET /v2/users/me/meetings?status=active HTTP/1.1\r\nUser-Agent: Zoom-api-Jwt-Request\r\ncontent-type: application/json\r\nhost: api.zoom.us\r\nauthorization: Bearer MYTOKEN\r\naccept: application/json\r\nConnection: close\r\n\r\n’,
_onPendingData: [Function: noopPendingOutput],
agent: [Agent],
socketPath: undefined,
timeout: undefined,
method: ‘GET’,
path: ‘/v2/users/me/meetings?status=active’,
_ended: true,
res: [Circular],
aborted: undefined,
timeoutCb: null,
upgradeOrConnect: false,
parser: null,
maxHeadersCount: null,
[Symbol(isCorked)]: false,
[Symbol(outHeadersKey)]: [Object] },
request:
Request {
_events: [Object],
_eventsCount: 5,
_maxListeners: undefined,
uri: [Url],
headers: [Object],
readable: true,
writable: true,
_qs: [Querystring],
_auth: [Auth],
_oauth: [OAuth],
_multipart: [Multipart],
_redirect: [Redirect],
_tunnel: [Tunnel],
_rp_resolve: [Function],
_rp_reject: [Function],
_rp_promise: [Promise],
_rp_callbackOrig: undefined,
callback: [Function],
_rp_options: [Object],
setHeader: [Function],
hasHeader: [Function],
getHeader: [Function],
removeHeader: [Function],
method: ‘GET’,
localAddress: undefined,
pool: {},
dests: ,
__isRequestRequest: true,
_callback: [Function: RP$callback],
proxy: null,
tunnel: true,
setHost: true,
originalCookieHeader: undefined,
_disableCookies: true,
_jar: undefined,
port: 443,
host: ‘api.zoom.us’,
url: [Url],
path: ‘/v2/users/me/meetings?status=active’,
_json: true,
httpModule: [Object],
agentClass: [Function],
agent: [Agent],
_started: true,
href: ‘https://api.zoom.us/v2/users/me/meetings?status=active’,
req: [ClientRequest],
ntick: true,
response: [Circular],
originalHost: ‘api.zoom.us’,
originalHostHeaderName: ‘host’,
responseContent: [Circular],
_destdata: true,
_ended: true,
_callbackCalled: true },
toJSON: [Function: responseToJSON],
caseless: Caseless { dict: [Object] },
body: { code: 124, message: ‘Invalid access token.’ } } }

Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT

Which Endpoint/s?
Curl Call: https://api.zoom.us/v2/users?status=active&page_size=30&page_number=1
JS Code: https://api.zoom.us/v2/users/me/meetings

How To Reproduce (If applicable)
Steps for The Curl Call:

  1. The command I’m setting up:
    curl --request GET --url ‘https://api.zoom.us/v2/users?status=active&page_size=30&page_number=1’ --header ‘Authorization: Bearer MYTOKEN’ --header ‘content-type: application/json’

  2. I go to the JWT app credentials page in the marketplace and generate a new token for 1 week (tried all three time frames)

  3. I copy that in place of MYTOKEN and then try and run the curl command in the shell. I get the response above.

Screenshots (If applicable)
For Curl: Dropbox - 2020-05-06_09-36-29_bash.png - Simplify your life
For JS: Dropbox - 2020-05-06_09-38-23_index1.js — zoom-jwt-api.png - Simplify your life

1 Like
2

To add on to this post. I just created a second account (for my client) and configured his user with a pro account, then went to the marketplace and provisioned a JWT app and generated a token and the curl call succeeded. I’m wondering if it’s an issue with the implementation of my accounts JWT app?

3

Hey @freeholdsoftware,

Strange! Please try regenerating the JWT Secret for the account that is not working and try again.

Let me know if that fixes it. :slight_smile:

Thanks,
Tommy

4

Hi Tommy,

I just tried regenerating my secret, but I get the same 124 response from the service. I established the key set right around/before the 1.7.4 release of the Web SDK, so I’m wondering if this is caught up in the fallout of that change over.

Ultimately though, this isn’t a high priority. My client has their own account and the keys work there, so I no need worry about this issue.

Thanks,
Pete

1 Like
5

Thanks for the info @freeholdsoftware.

Let me know if you want me to look into your issue further if you need to use your JWT.

-Tommy