The zoom phone recording download fails with an "invalid access token" error

An OAuth app has been created in the Zoom Marketplace with the necessary permissions and scope to receive “recording completed” events. The OAuth redirect URL is set to a local application, tunneled through an ngrok endpoint. The initial OAuth flow works correctly, with the callback received and the access token saved. When initiating a call and recording session through the Zoom app, the “recording completed” event is successfully triggered and received. The event response includes a download URL for the recording. However, accessing this URL requires appending an access token as a query string parameter. When attempting to use the previously obtained access token for this purpose, the download fails with an “invalid access token” error

Hi @krishna.parthsarthi
Thanks for reaching out to us and welcome to the Zoom Developer Forum!
For the issue you are seeing, make sure to use the download_token, received in the response payload of the webhook event

Here is a helpful guide on this topic:

Hi Elisa, thanks for the reply. My implementation is for zoom phone and I followed the documentation in

{
  "event": "phone.recording_completed",
  "event_ts": 1,
  "payload": {
    "account_id": "…",
    "object": {
      "recordings": [
        {
          "id": "…",
          "caller_number": "…",
          "caller_number_type": 1,
          "caller_name": "…",
          "caller_did_number": "…",
          "callee_number": "…",
          "callee_number_type": 1,
          "callee_name": "…",
          "callee_did_number": "…",
          "duration": 1,
          "download_url": "…",
          "date_time": "2025-01-21T21:11:07.869Z",
          "user_id": "…",
          "call_id": "…",
          "call_log_id": "…",
          "call_history_id": "…",
          "end_time": "2025-01-21T21:11:07.869Z",
          "recording_type": "…",
          "site": {
            "id": "…"
          },
          "owner": {
            "type": "…",
            "id": "…",
            "name": "…",
            "extension_number": 1,
            "has_access_permission": true
          },
          "direction": "inbound",
          "outgoing_by": {
            "name": "…",
            "extension_number": "…"
          },
          "accepted_by": {
            "name": "…",
            "extension_number": "…"
          }
        }
      ]
    }
  }
}

I do not see any reference for download_token in the schema.

Hey @krishna.parthsarthi
Thanks for your reply … are you still facing this issue when downloading phone recordings using the recording.completed webhook?

Yes, Following are more details, in case its helpful

  1. The General App in zoom marketplace is development, not yet published to production.
  2. I have following scopes defined
Phone

phone:read:call_recording, phone:read:call, phone:read:audio, phone:read:list_recordings, phone:read:list_audios
  1. I generate an access token and refresh token from authorization URL for development testing. Persist the access token and append it to download url.

When downloading I get the error that access token invalid.

My use case is VOIP integration in an existing project.

Thanks,

Thanks for sharing those details @krishna.parthsarthi
Let me run some tests on my end with this workflow you just shared and will get back to you

@elisa.zoom Its been a long time, I posted this query, unfortunately this zoom integration was not a priority, but now its again back to priority. Any suggestions or comments would be appreciated.

Hi @krishna.parthsarthi
Thanks for reengaing here. I will get back to you later today with an update

Hi @krishna.parthsarthi
I was able to download the phone recording using the download_url received in the webhook’s payload.
I used a GET request to the download URL and passed my access token as a Bearer token for authorization:

curl --location 'https://zoom.us/v2/phone/recording/download/-t_csT5XQTyGgvewnLpA' \
--header 'Authorization: Bearer {access_token}' \

@elisa.zoom I suspect the “invalid token” exception when attempting to download files from the Zoom API is due to the fact that the API responds to the request with a HTTP 307 response and modern HTTP clients (like curl and Microsoft’s HTTP client for example) strip out credentials when following the redirect to avoid leaking tokens and passwords. This is what is causing the Zoom API to error out with a token related error message. This problem seems to be similar this one and this other one.

thanks @desautelsj this is great!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.