URGENT: all API calls returning Invalid token.

Hello. 

We’re experiencing problems with the API on the 6 different accounts we use in our different environments (dev, preproduction, production).

Each call we do to the API it returns “Invalid TOKEN”. 

We’re using v2 of the API.

We’ve checked all the Api Keys and Secrets and everything is looking fine.

No change have been done in our side, last Friday was working. We just realised you have been updated the web and the API last weekend:
https://support.zoom.us/hc/en-us/articles/204758419-New-Updates-for-Web

This is an URGENT issue that is affecting our clients. Please, can you respond ASAP? Thanks

Hi Albert, 

Can you send us your account ID to developersupport@zoom.us? From there we can take a closer look to resolve the issue.

Thanks

Hi, the email you mentioned is not working:developerssupport@zoom.us

The email account that you tried to reach does not exist. Please try double-checking the recipient’s email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/?p=NoSuchUser p194-v6sor5096355iod.355 - gsmtp

I sent it again to developersupport@zoom.us, please can you confirm that you received it?

Hi Albert, 

Yes we have received it, the correct email was developersupport@zoom.us. We will get back to your shortly. 

Thanks

Michael

Do  you have any update on this?

We are experiencing the same problem. It is urgent for us to have a solution for this. Do you have an ETA for having this solved?

The same here, have you any update of this?

By our side we have tested different solutions we found in the forums, but no one is working.

• Adding the origin header with “https://developers.zoom.us”
• Sending the token in the querystring instead of the header.

They had an update this weekend so I think they have a serious issue there… Anyway, I miss some feedback from them with an explanation and ETA.

Albert

We already fixed the problem in our side, our token was generated using HS512, we changed it to use HS256 and now it’s working.

But all last week it was working perfectly, maybe they made some change on that part.

Hi Everyone,

We have received your feedback. Our Engineering team is currently looking into the issue to resolve this urgent issue. 

We were generating it using HS256 before the issue.

Albert, can you share the code you are using to generate the JWT? 

Here is the code:

private string GenerateToken()
{
JwtSecurityTokenHandler jwtSecurityTokenHandler = new JwtSecurityTokenHandler();

//we build the security key using the secret key
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(UZGlobal.constants.ZoomApiSecret));

//we generate the credentials using the security key and the documented algorithm for Zoom API
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);

//we create the claims, for Zoom API iss (Issuer) and exp (Expiration) are needed
List<Claim> claims = new List<Claim>();
claims.Add(new Claim(“iss”, UZGlobal.constants.ZoomApiKey));

//timestamp for token expiration date. If we switch to .NET4.6 we can use a native function of Datetime
long epochTicks = new DateTime(1970, 1, 1).Ticks;
long unixTime = ((DateTime.UtcNow.AddHours(1).Ticks - epochTicks) / TimeSpan.TicksPerMillisecond);

claims.Add(new Claim(“exp”, unixTime.ToString()));

//we build the payload data with the previous claims, the header and the security token needed for getting the token
JwtPayload payload = new JwtPayload(claims.AsEnumerable<Claim>());
var header = new JwtHeader(signingCredentials);
var securityToken = new JwtSecurityToken(header, payload);

//we get the token
return jwtSecurityTokenHandler.WriteToken(securityToken);
}

Can you try using the JWT.io library? We have had much greater success with this with all of our clients. It is very easy to implement. Can you try this and let me know if this resolves the problem? 

You can find the libraries at jwt.io

Hi Tim,

I am out of the office right now.

I think there’s no problem to use the jwt library, but it’s not possible to do it right now.

Anyway this is something that we should know before the update! This change let our clients more than 10 ours without service!

Is there any way to solve it by your side?

I don’t think so. We do not see a problem with the API on our end. If we could get on a call we could probably root cause this but at the moment we don’t have complete data and in our testing all of our generated JWTs work. 

If you want to get on a call you can respond to Michael’s email. 

Hi Tim,

We are using the official JWT library to generate the token. Something has changed on your side verifying the signature of the JWT.

sJfKxnwoDt817lAn_Jf-xg.png860×314

Interesting. Are you on v5.1.5? Can you try the latest version? I am trying to triage the best I can through an internet forum. Being on a call would be much more efficient. 

With full disclosure, we did update the JWT library so it could be an issue with older versions of the JWT library but without knowing for sure we can’t rollback. Being the only known report of this issue we have to be sure what the problem is before we make any changes. 

Are you generating short-lived tokens or are you using a token that has a chance to be expired?

Hi Tim,

I am having the same problem using v5.2.1 of that System.IdentityModel.Tokens.Jwt library. I sent an email this morning to developersupport but have not received a response.

Our tokens are set to expire in 10 mins and everything was working last week.

The tokens seem to validate fine in the jwt.io debugger.

Thanks,

Tony