Skip to content
Advertisement

Code 124 (Invalid access token) received for Zoom API calls using JWT

When using either dynamically created JWT tokens, or even hard-copying the one provided from the App Marketplace for my app, my API requests always fail due to an ‘invalid access token’.

I am currently working on the Meetings endpoint, specifically trying to create a meeting. The endpoint is: https://eu01api-www4local.zoom.us/v2/users/me/meetings (using the GDPR compliant EU base URL).

My cURL request looks like this:

$body = json_encode($body);

$arr = [
    CURLOPT_URL => $url,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => "",
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => $this->timeout,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_HTTPHEADER => [
        "authorization: Bearer " . $this->generate_JWT(),
        "content-type: application/json"
    ],
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $body
];

$ch = curl_init();
curl_setopt_array($ch, $arr);

$response = curl_exec($ch);
$err = curl_error($ch);
curl_close($ch);  

(CURLOPT_SSL_VERIFYPEER is set to false here, as I’m testing from localhost.)

The generate_JWT function looks like this:

private function generate_JWT()
{
    $payload = [
        "iss" => self::ZOOM_API_SECRET,
        "exp" => time() + $this->timeout,
    ];
    return JWT::encode($payload, self::ZOOM_API_KEY, 'HS256');
}

… using the FirebaseJWTJWT class for encoding.

The ‘app’ itself is activated and live on the account, set as JWT type, with no intent to publish, and is ‘Account level’.

Any help appreciated.

Advertisement

Answer

The endpoint described in the Documentation for GDPR compliant EU users is not, in fact, operable – at least for this type of work. The original .us base URL must be used.

User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement