Upload - The remote server returned an error: (403) Forbidden

Description
I am developing an Oauth app and have followed the guidelines to the point. When I pass the authorize token to https://zoom.us/oauth/token, I get an error “The remote server returned an error: (403) Forbidden.”. I am clearly not the only one, having this problem, but all topics resolved regarding this, is solved offline behind the scenes and does not help me.

**Error**
The remote server returned an error: (403) Forbidden.

**Which App Type (OAuth / Chatbot / JWT / Webhook)?**
OAuth

**Which Endpoint/s?**
https://zoom.us/oauth/token

**How To Reproduce (If applicable)**
This is a Visual Studio 2019 MVC application.
The URL is https:// ZooMeeting.azurewebsites.net/Auth?code=*********************
The variable code is the return from a call to https://zoom.us/oauth/authorize directly from the Marketplace definition of my OAuth definition (ZooMeeting)
The function activated in the app is below

        ' GET: Index
        Function Index() As ActionResult

            Dim code As String = Request("code").ToString

            Session("Request") = code
            Log(Session("Møde"), Session("Emne"), "Auth return : " & code)
            Log(Session("Møde"), Session("Emne"), "Token request")

            Dim ZoomTokenRequest As New System.Net.WebClient

            Dim uriData As String = "https://zoom.us/oauth/token"

            Dim formData As System.Collections.Specialized.NameValueCollection = New System.Collections.Specialized.NameValueCollection()
            formData("grant_type") = "authorization_code"
            formData("code") = code
            formData("redirect_uri") = "https://ZooMeeting.azurewebsites.net/Token"

            ZoomTokenRequest.Headers.Set("Authorization", "Basic *************************************")

            Try
                Dim responseBytes As Byte() = ZoomTokenRequest.UploadValues(uriData, "POST", formData)
            Catch ex As Exception
                Log(Session("Møde"), Session("Emne"), "Upload - " & ex.Message)
            End Try

            Return View()

        End Function

Extract from the Log table in my database

Auth return : VhUOUR1H3k_4bu-JrjvTM6rd204-qV6ww
Token request
Upload - The remote server returned an error: (403) Forbidden.

Please advise!

**Screenshots (If applicable)**
If applicable, add screenshots to help explain your problem.

**Additional context**
Add any other context about the problem here.

Hey @kbh,

Thank you for reaching out to the Zoom Developer Forum. Are you able to provide the full response returned or is what you sent all that the server responds with? Also, please make sure that the redirect_uri that you’re using has been whitelisted in the OAuth app.

I also noticed that it seems you are using form data to send the request when this API only supports a JSON payload and Content-Type. Please try setting the Content-Type header to application/json and using a JSON object for the payload.

Let me know if that helps.

Thanks,
Max

Hi Max
I am confused now. In the documentation “https://marketplace.zoom.us/docs/guides/auth/oauth” there is no mention of the payload has to be json, when requesting an access token.
An example from the documentation…

https://zoom.us/oauth/token?grant_type=authorization_code&code=obBEe8ewaL_KdYKjnimT4KPd8KKdQt9FQ&redirect_uri=https://yourapp.com

This is not json!

The redirect-uri is on the whitelist “https://ZooMeeting.azurewebsites.net/Token” and I am perfectly aware, that the response on this uri will be in json.

The only response, when sending request to “https://zoom.us/oauth/token” is “Teh remote server returned an error: (403). Forbidden.”

Thanks
Per

Hey @kbh,

My mistake, I misspoke there. You’re right in that the API expects query parameters, NOT JSON. My main concern is with how the information is being sent. When sending Form Data, typically this would send a POST request body with the Content-Type of multipart/form-data (or application/x-www-form-urlencoded). However, this API expects the values to be part of the query in the URL which is different from how formData is sent and can this API only respond with a Content-Type of application/json, as you confirmed.

What this means is that instead of using formData, you’ll want to build out your uriData variable so that the URL includes the queries as listed in your example the documentation.

Sorry for the confusion and thank you for pointing out my mistake there. Let me know if this new information helps out.

Thanks,
Max