[Zoom Meeting Master API] API returning error despite assigning correct API scopes

I have assigned a server to server OAuth application the following scopes: role:master, user:read:admin, group:read:admin. I need to hit the get role information endpoint. I am able to acquire an access token via an “account_credentials” grant type. I can confirm the access token is valid as I can retreive users and groups. But when I try to query the role master endpoint, I get the following error:

{"code":4711,"message":"Invalid access token, does not contain scopes:[role:master, role:write:master, role:read:master]."}

This is unexpected because the access token response object says I have the following scopes:

{"access_token":"[redacted]","token_type":"bearer","expires_in":3599,"scope":"user:read:admin account:read:admin group:read:admin role:master"}

Please advise on how I should go about resolving this issue. I don’t see any “role:read:master” and “role:write:master” on my application, just “role:master”. Thanks.

Additional Context that probably helps: Using a Zoom Pro account and am using the owner user to generate the application.

Hi @vignesh.natarajan

Are you using the owner user to generate the access token as well?

If not, make sure this permission is checked under your Zoom portal:

To confirm, you are expecting to use Master API endpoints?

Yes, I’m using the owner account to generate the credentials, and yes, I’m trying to use the Master API.

Yes, but can you please confirm you are a master account as described in the linked documentation above?

Did this ever get figured out? I’m so confused. I’m the only user in my account. When I refresh the token it says I have all the scopes needed but kicks back this error every time. Is there a magic box I need to check somewhere?

Hi @britgwaltney ,

If you are the only user on your account, it’s unlikely you have Master Account configuration.

Which endpoint are you trying to use?

I ended up figuring this out. I was assuming a master account was any account that had multiple users under it. This is not the case. If it’s a normal zoom account, you can simply use the /v2/users endpoint. No need to pass the account ID.

PS: The error message returned by the API is very misleading. No scopes were actually missing even though it said they were.

Hi @britgwaltney thanks for your feedback and glad you resolved to use the correct endpoint for your account type!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.