When exactly should we mark a Zoom refresh token as expired or invalid?

Mahammad · July 20, 2025, 11:05am

We are integrating Zoom OAuth and using the refresh token to get a new access token when it expires.

However, I recently received a 400 response during the refresh process, and I’m not sure why. In my function, I currently assume that any 400 response means the refresh token is expired or invalid. So, I mark the Zoom account accordingly.

Later, I found out that everything seemed fine:

The client had connected their Zoom account just a day before.
They didn’t remove or revoke our OAuth app.

So I’m confused why Zoom still returned a 400 response.

My questions:

Is it correct to assume that any 400 response during token refresh means the refresh token is expired or invalid?
Are there other cases where Zoom might return 400 even if the refresh token is valid?
Did my function is correct or please suggest any more in detail

Here’s the function I’m using:

def refresh_zoom_token(zoom_account):
    data = {"grant_type": "refresh_token", "refresh_token": zoom_account.refresh_token}

    auth = (settings.ZOOM_CLIENT_ID, settings.ZOOM_CLIENT_SECRET)
    try:
        response = requests.post(
            "https://zoom.us/oauth/token",
            data=data,
            auth=auth,
            timeout=ZOOM_API_TIMEOUT,
            verify=True,
        )
        response.raise_for_status()
    except requests.exceptions.HTTPError as e:
        if e.response.status_code == 400:
            # Zoom says refresh_token is invalid/expired
            zoom_account.mark_refresh_token_expired()
            raise ZoomOAuthError("Zoom session expired. Please reconnect.")
        raise

    tokens = response.json()
    zoom_account.update_tokens(
        access_token=tokens["access_token"],
        refresh_token=tokens["refresh_token"],
        expires_in_seconds=tokens["expires_in"],
    )

elisa.zoom · July 21, 2025, 2:52pm

Hi @Mahammad
Thanks for reaching out to us and welcome to the Zoom Developer Forum!
Your function looks correct, I doubled it with our docs here:

Is this a recurrent issue that you see on your end? or was this an isolated case?

Mahammad · July 24, 2025, 6:29am

This issue does not occur regularly — it only happens occasionally.

Also, I wanted to confirm: in my function, if I receive a 400 status code response from Zoom, I am marking the refresh token as expired or invalid in my database and informing my users to reconnect Zoom. Is that the correct approach?

elisa.zoom · July 28, 2025, 2:39pm

Thanks @Mahammad
The refresh token expires after its use or after 90 days.
So if you use it, you will get a new access token, along with a new refresh token.

system · July 29, 2025, 2:40pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Trouble Handling Zoom OAuth Token Refresh in Custom Web App Integration API and Webhooks	3	63	April 21, 2025
Refresh token expired API and Webhooks	2	1898	October 25, 2020
OAuth Refresh Response Code API and Webhooks	7	1013	August 21, 2020
Zoom oauth refresh token giving { "reason": "Invalid Token!", "error": "invalid_grant" } Authentication	6	490	April 17, 2024
Can not refresh user access token Authentication oauth	1	1439	October 27, 2022

When exactly should we mark a Zoom refresh token as expired or invalid?

Related topics