I’m working on integrating Zoom’s API into a custom web application where users can authorize their Zoom accounts to schedule and manage meetings from our platform. I’m using the OAuth flow and everything works fine initially—users can authorize successfully and we receive the access and refresh tokens without issue.
However, I’m running into a problem when trying to refresh the access token once it expires. Despite using the correct refresh token and hitting the https://zoom.us/oauth/token endpoint with the right headers and parameters (grant_type=refresh_token, basic auth with client ID and secret), I’m getting a 401 Invalid Token response. I’ve double-checked that the refresh token hasn’t been revoked and that we’re not reusing the same refresh token multiple times.
I’m also storing the new refresh token after each successful refresh, but I’ve read that Zoom rotates them—so I’m wondering if I’m missing a step in securely updating and storing these tokens?
Has anyone experienced similar issues with Zoom’s token refresh flow? Are there best practices to follow to avoid this kind of token expiration issue? Also, could it be related to how long users stay inactive before trying to access Zoom again through our app?
Thanks in advance for any guidance—would love to get this working smoothly!
Hi @Linta
Thanks for reaching out to us!
Happy to help here!
Can you please share with us the request you are sending when refreshing your access tokens?
refresh tokens are valid for 90 days