Token signature invalid


#1

Hi,

Trying to hit https://api.zoom.us/v2/users using an API key and secret that are currently working with v1 API calls and I’m getting the {“code”:124,“message”:“The Token’s Signature resulted invalid when verified using the Algorithm: HmacSHA256”}  result.

 

I’m using the perl API from jwt.io and I’ve confirmed that the expire date is in the future and that the token being generated is the same as what the debugger at jwt.io says it should be.

 

Do I need to obtain a new key a secret to work with v2 of the API?

 

Thanks.

 


#2

Hi Brain,

The keys should be the same, make sure that in your JWT that you have the following

Header 

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "iss": "API-Key",
  "exp": 1536375251
}

Signature

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  API-Secret)

#3

Hi Michael,

 

Thank you. I have confirmed that I’m using the correct client id and secret in the right places when generating the token. Are you sure the older client id/secret will work? Based on another comment in this thread: https://support.zoom.us/hc/en-us/community/posts/360017928426-OAuth-redirect-and-JWT-support  is kind of sounds like I have to get a new client id and secret from the “marketplace”. Is that correct?

 

Thanks.

 


#4

Hi Brian, 

Would you be able to share and email your token at developersupport@zoom.us? Regardless if you are using marketplace or not, if you are using JWT,  the API credentials should be the same.

Correction, from last comment I made previously, instead of client_id it should be API-key and for client_secret, you should use API- secret. 

You should be able to get the API key/secret from here. https://developer.zoom.us/me/#api

 

 


#5

Hi Michael,

 

I literally just now figured out the problem. I was adding a colon right after Bearer in the header. I’ve removed that.

It seems to be working now. Thanks for your help.