The Token's Signature resulted invalid when verified using the Algorithm: HmacSHA256

I am having an issue while calling get API for authentication in the access token.

I have created access token based on but it gives me an error “The Token’s Signature resulted invalid when verified using the Algorithm: HmacSHA256” in Postman

I have also tried with python pyjwt library to get access token but it gives me “Invalid access token” error in postman.

Please let me know where I am going wrong, as I need to authenticate and Configure this immediately.


Hi Murtuza, 

Can you confirm that your exp value is a date in the future? 


Hello Michael,

Thanks, I changed exp value based on the correct timestamp and found 404 error (Page not found) while calling the authenticate method. generated Token

Please let me know where I am going wrong.

Hi Murtuza, 

Please check your api call, you are missing the API endpoint -{endpoint}?accessToken

What API are you trying to call?


Many Thanks, Michael,

It works when I added endpoints.

But when I call List of sub-account (get) method it raises me error {“code”: 124, “message”: “Invalid access token.”}. Newly generated Token.

Hi Murtuza,

If you get an Invalid Access Token, please check to make sure your token has not expired by checking the exp value. 

Hello Michael,

Everything is ok but I think the issue is an accounts API.

Below I have found the same issue.

Hi Murtuza, 

Just to confirm, is your issue resolved? If not, do you have sub accounts under the master account?


Hello Michael,

No, I don’t have sub accounts under the master account but it gives me {“code”: 124, “message”: “Invalid access token.”} error.

Guys, I’m also facing the same issue, my api response giving me
The Token’s Signature resulted invalid when verified using the Algorithm: HmacSHA256
and I’m sure that my Jwt token still not expire, mmmm what should be the reason for this case?

Guys, I solved it and it’s working well now
First I remove the old token which I generated from
and I used the zoom website
under the tab app credentials > View JWT Token
I generated new one and found it working well with me
Thanks to you all

Hi @Astm,

Glad you were able to resolve the issue. Let us know if you need anything else.


Hello All, I am new to zoom API, i am also face same i generated access token but i cant generate jwt token, first i generate to show the error of missing admin scopes then i added and regenerated the accesstoken but show as invalid access token

Hey @bala.aitech,

Can you try calling a different API, like the GET Users API? Let me know if that works, if not then we know the access_token / JWT is not being made correctly and I can help accordingly.

To call the Accounts APIs you need to have special privilege.


Hi, I also tried this, but it doesn’t work for me
I used the credentials in View JWT Token

Hey @acandela,

Are you able to call the API with your test JWT Token?


I’m running into this issue. Spent several minutes trying to post anything but I keep getting errors about new users can’t submit more than two URLs (even though I listed only two) so my entire post is hosted at

Just to make sure progress is possible, I’m posting without any URLs:

  1. I’m able to access the /users endpoint without issue using the test token from the credentials page.

  2. When I try to create my own token using the jwt . io PHP 3.3 library, I get the error:

    [code] => 124
    [message] => The Token’s Signature resulted invalid when verified using the Algorithm: HmacSHA256

  3. Nowhere in the Token generation code can I see any passing of the secret. Based on my reading of your documentation, shouldn’t this be included in the token generation code from In your documentation the secret is part of the signature: https :// marketplace. zoom. us/docs/guides/auth/jwt

  4. Sample Code:

// As per documentation https ://github. com/lcobucci/jwt/tree/3.3
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Key;
use Lcobucci\JWT\Signer\Hmac\Sha256;

class JWT
[ … ]
function genToken() {
$iss = $this->apikey; // (This is the API key for my account)
$signer = new Sha256();
// $jti=rand(1, PHP_INT_MAX);
$time = time() -1;
$this->token = (new Builder())->issuedBy($iss) // Configures the issuer (iss claim)
->permittedFor($iss) // Configures the audience (aud claim)
// doesn’t seem to be used
// ->identifiedBy($jti, true) // Configures the id (jti claim), replicating as a header item
->issuedAt($time) // Configures the time that the token was issue (iat claim)
->canOnlyBeUsedAfter($time /* +60 */) // Configures the time that the token can be used (nbf claim)
->expiresAt($time + 3600) // Configures the expiration time of the token (exp claim)
->withClaim(‘uid’, 1) // Configures a new claim, called “uid”
->getToken($signer); // Retrieves the generated token
return $this->token;
[ … ]


$curl = curl_init();
$token = “” . $JWT->genToken(); // force a string

Note: if I comment this out, $token contains the sample token from your JWT App Credentials page

and this works just fine.

// $token = $apiToken;
curl_setopt_array($curl, array(
CURLOPT_URL => “http ://api. zoom. us/v2/users?status=active&page_size=100&page_number=1”,
“authorization: Bearer $token”, //39ug3j309t8unvmlmslmlkfw853u8",
“content-type: application/json”
$response = curl_exec($curl);
$res = json_decode($response);

Hey @bens1,

Please see our guide and libraries listed here on how to generate a JWT Token: