what’s the best/most updated documentation for the Zoom Cloud Recordings API token? We’re seeing very short expiration times of the tokens (multiple times within one day), which leads me to think we probably haven’t found our way to the proper documentation.
refresh token seems to not be working properly to get new access_token as it is supposed to be
I am working with Josh and let me continue this ticket if you don’t mind.
Here is the scenario.
Recently, we’ve developed the zoom app which allows to download the cloud recordings of our account inside our pwa app. We’ve successfully managed to connect the zoom app via OAuth2 and was be able to down the recordings with the given access_token. After a certain period of time, the access_token expires as it is and then the pwa app would try to retrieve the new access_token with the refresh_token and save them into the db. Seems everything works fine till this point.
But the something wrong happened when trying to connect the zoom app again afterwards. The new access_token and refresh token didn’t work to connect to the zoom app and couldn’t get the recordings. All we can do is let the user authenticate the zoom again which is not the best user experience.
Are you specifically referring to the download_access_token?
Yes, I am referring to the access_token for downloading the zoom cloud recordings
Can you please identify which specific endpoints and share your API request/response/screenshots with sensitive information obscured?
Following up here after Aaron’s response. We are working on figuring this out together. Below is a screenshot of our oauth authorize requests and responses.
As Aaron mentioned above, the initial connection works great, but after the access token expires, our app tries to retrieve a new access token with the refresh token which then gets an invalid token/grant error.
Is this a known issue? Or Is it due to our implementation? (if so, what docs should we be referencing)
Ahh I see, thank you for this information. There seems to be an issue with the token tolerance and this is not expected behavior. Can you open a support ticket with the following please?:
Ahh I see it now. I’ll connect with the person who’s handling it so they can follow up with you asap. Apologies for the delay–we recently had a very large queue.
Hi Josh, I’m pasting a link (below) from our server-to-server OAuth docs on the Zoom REST API. I’m from the Zoom Apps team, and can offer a couple ways I’ve debugged issues like this:
Sanity check to make sure you’re calling the token refresh endpoint correctly by testing your implementation with a very fresh/new refresh token
Make sure your app is actually persisting the refresh token (eg: shutting down Docker can cause problems here; at least it often does for our ‘reference’ apps