Zoom API Security Update - Removing Access Tokens from URL Query Parameters

As part of the Zoom API Security Update (February 14th, 2023), we are trying to make the changes to send the access tokens, and refresh tokens via body instead of query parameters but the API is failing to accept the parameters via body request.

Please check the following scenarios. I tried to attach the screenshots but it’s not allowing me.

Sending Parameters Via Query Parameters (It’s working fine)


Sending Parameters Via Request Body (Its not working)

URL: https://zoom.us/oauth/token

Request Body:

“redirect_uri”: “localhost:4200”

This problem is happening because it’s pointing to the old API URL that will work with only query parameters.

Do you guys have the latest version of API that will accept the parameters via request body so that we can test our changes and deploy them to production before the deadline?

If we make the changes and deploy, its breaking our code.

Anyone, please help with the latest version API to make the security update changes in our application.

Have you declared the POST method (instead of GET, which is usually the default) and set a Content-Type for your request body?
Our application uses Content-Type: application/x-www-form-urlencoded; charset=utf-8 and submits the body as a query string (not a JSON object).

1 Like

Yes, we mentioned the method as POST only.