WEB SDK CDN 1.7.10 - Signature is invalid

I am trying to join an pro account opened meeting w trough the web sdk, and im always getting the error code “Signature is invalid”.
The signature is generated on node.

I really need your help because i don#t know whats wrong :confused:

Thanks for your help!

Signature Code:

const router = require(‘express’).Router();
const crypto = require(‘crypto’);
router.post(’/signature’, async function (req, res, /* next */)
if (typeof req.body.meetingNumber === ‘undefined’ || typeof req.body.role === ‘undefined’)
const apiKey = ‘{XXX}’;
const secretKey = ‘{XXX}’;
const timestamp = new Date().getTime() - 30000;
const message = Buffer.from(apiKey + req.body.meetingNumber + timestamp + req.body.role).toString(‘base64’);
const hash = crypto.createHmac(‘sha256’, secretKey).update(message).digest(‘base64’);
const signature = Buffer.from(${apiKey}.${req.body.meetingNumber}.${timestamp}.${req.body.role}.${hash}).toString(‘base64’);
const responseData =
signature: signature

Client Code:

zoomConfig = {
apiKey: API_KEY,
meetingNumber: ***********,
userName: displayname,
passWord: “378704”,
leaveUrl: “”,
role: 0

zoomConfigSignature =
“meetingNumber”: ***********,
“role”: 0

function initZoom(){
fetch(https://gda-jurysitzung.eventvote.de:8080/crypt/signature, {
method: ‘POST’,
‘Content-Type’: ‘application/json’
body: JSON.stringify(zoomConfigSignature)
.then(result => result.text())
.then(response => {
zoomSignature = JSON.parse(response);
leaveUrl: ‘http://www.zoom.us’,
isSupportAV: true,
success: function () {
signature: zoomSignature.signature,
meetingNumber: zoomConfig.meetingNumber,
userName: zoomConfig.userName,
apiKey: zoomConfig.apiKey,
userEmail: “test@web.de”,
passWord: zoomConfig.passWord,
success: function(success){
console.log(‘join meeting success’);
error: function(error) {
error: function(res) {


  1. Object
  2. errorCode: 3712
  3. errorMessage: “Signature is invalid.”
  4. method: “join”
  5. result: “Invalid signature.”
  6. status: false
  7. proto: Object

It always shows me the same error.

Which version?
WEB SDK CDN 1.7.10

Smartphone (please complete the following information):

  • Browser:[e.g. Chrome]

*This post has been edited to remove any meeting / webinar IDs

We are getting a correct signature i think : signature: “”

And the right credentails are included into the signature generator

Hey @j.kassner,

Please see the solution to your question here:


I keep getting “Signature is Invalid”.

The signature generated:

I am sure using JWT Credentials and NOT OAUTH.

This is frustrating.

Help please!

Now it works if the Web SDK Application is accessed via
It keeps throwing “Signature is Invalid” when accessed via the ngrok.io exposed url.

Hey @preciousfocus,

How are you generating your signature? A few things to double check:

  • Ensure that the JWT credentials you’re using belong to your account
  • Ensure you’re generating the timestamp correctly
  • Verify that the meeting ID you’re passing is for a valid, already scheduled meeting

You may also find it helpful to use our signature generator tool hosted on heroku to make sure this is all being handled correctly:

Let me know if this helps!


Hey @will.zoom,
As provided by Zoom, here’s how I generate signature:

function generate_signature ( $api_key, $api_secret, $meeting_number, $role){

	$time = time() * 1000 - 30000;//time in milliseconds (or close enough)
	$data = base64_encode($api_key . $meeting_number . $time . $role);
	$hash = hash_hmac('sha256', $data, $api_secret, true);
	$_sig = $api_key . "." . $meeting_number . "." . $time . "." . $role . "." . base64_encode($hash);
	//return signature, url safe base64 encoded
	return rtrim(strtr(base64_encode($_sig), '+/', '-_'), '=');

Yes, the JWT credentials belong to same account as the meeting.

The meeting ID is correct and works fine on Zoom.

Hey @preciousfocus,

Thanks for sharing that. Are you on a Pro or higher Zoom plan? If you’re on a Basic plan, this could be causing the issue.


*** Ensure that the JWT credentials you’re using belong to your account**
Does this mean that on the JWT App, other users cannot join meetings they have created externally even when they have provided the right meeting credentials?

Hey @preciousfocus,

No, sorry for any confusion—other users can join a meeting via the Web SDK. However, in order to start the meeting as host via the Web SDK, you must ensure that you the credentials you’re using are associated with your own account.

I hope this helps to clarify!