Hello, I am attempting to update to the OAuth from the JWT and ran into a problem. I have created a server-to-server-oauth app and have the keys. I can retrieve a token but when I try to use the token, it returns the error, “This API does not support client credentials for authorization.”
From what I can find in the forums, I need to change the grant type from “client_credentials” to “account_credentials”. However, that returns “invalid request”
This is in PHP, and I am using the package “league/oauth2-client” to get the token.
I am attempting to salvage the existing code base which uses Guzzle, and get a token and attach that to the Guzzle requests.
The code is rather simple,
$provider = new \League\OAuth2\Client\Provider\GenericProvider(
‘clientId’ => ‘…’, // The client ID assigned to you by the provider
‘clientSecret’ => ‘…’, // The client password assigned to you by the provider
‘redirectUri’ => ‘’,
‘urlAccessToken’ => ‘https://zoom.us/oauth/token’,
$accessToken = $provider->getAccessToken('client_credentials');
This does work as I do receive a token, but I can’t seem to access the endpoints with it.
An example endpoint, users/[email]/webinars, to just receive a list of webinars.
Am I missing something?
Can you try using a tool like postman to see if you are able to receive a token with the same credentials?
I wasn’t able to get postman to make a successful token request. It just keeps giving an error, "Invalid redirect: https://oauth.pstmn.io/v1/callback (4,700) " that I was not able to find a solution for.
whats the base url that you are using?
it should be something like:
To request the token, ‘https://zoom.us/oauth/token’, then, ‘https://api.zoom.us/v2/’ as the base for the client request.
I just tried postman with the bearer token I got and I received the same error message about not being authorized.
Is https://api.zoom.us/v2/users/me/webinars a valid API path?
the link you provided returns a error, " Invalid response received from Authorization Server."
I was not able to get it to work with Guzzle, because of some kind of header bug.
I used this command as a basis for this request.
curl -X POST https://zoom.us/oauth/token -d 'grant_type=account_credentials' -d 'account_id=#ID#' -H 'Host: zoom.us' -H 'Authorization: Basic ##base64_string##'
taken from, Server-to-Server OAuth
Once I had the correct keys in that command, I was able to get a token and then use Postman to test a request. Everything worked.
I posted a bug report on Guzzle, Host Header · Issue #3176 · guzzle/guzzle · GitHub if you want to see the Guzzle code.
I was able to make it work using Curl,
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://zoom.us/oauth/token');
curl_setopt($curl, CURLOPT_POST, true);
$data = array(
'grant_type' => 'account_credentials',
'account_id' => $account_id
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
// $r is base_64encode string... I was not able to make it work If I actually put an array for the
authorization header it would fail but if it did it like this it worked
$headers = array(
'Host' => 'zoom.us',
"Authorization: Basic $r"
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($curl);
Anyway, hope this helps someone in the future.