Logo
Zoom Public API Documentation

API Authorization & Authentication-Unified Build Flow Application-OAuth App Authorization & Authentication-Easy OAuth 2.0 (Using Qodex Authorization Tab)

Number of APIs: 2


1. Refresh access token

POST https://zoom.us/oauth/token

Refreshing an Access Token

Access tokens expire after one hour. Once expired, you will have to refresh a user's access token.

Take the refresh_token value you received from your POST request access token response and paste it in the refresh_token field in Body.

Navigate to the Auth tab and under Basic Auth and fill in the following:

* Username: [ClientID] * Password: [ClientSecret]

Remember, you can always use the [collection variables] feature and syntax within Qodex or directly paste those values in the respective form fields if you do not wish to edit/use the global variables feature.

Alternatively, you can clear the Auth tab fields, and use the Headers tab per our Zoom documentation.

If you go this route, make sure to re-check the Headers key-value field boxes and Base64-encode your Client_ID:Client_Secret (with the colon between the two and no spaces) before pasting in the Authorization value field.

Once you're done, send the POST request to https://zoom.us/oauth/token (already pre-populated in this request for you).

Here's an example request for a refresh token:

POST /oauth/token HTTP/1.1
Host: zoom.us
Authorization: Basic base64Encode(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded
refresh_token=[REFRESH TOKEN]&grant_type=refresh_token

If successful, the response body will be a JSON representation of your user's refreshed access token like this:

{
  "access_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ3Mzk0LCJleHAiOjE1ODAxNTA5OTQsInRva2VuVHlwZSI6ImFjY2Vzc190b2tlbiIsImlhdCI6MTU4MDE0NzM5NCwianRpIjoiPEpUST4iLCJ0b2xlcmFuY2VJZCI6MjZ9.5c58p0PflZJdlz4Y7PgMIVCrQpHDnbM565iCKlrtajZ5HHmy00P5FCcoMwHb9LxjsUgbJ7653EfdeX5NEm6RoA",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJIUzUxMiIsInYiOiIyLjAiLCJraWQiOiI8S0lEPiJ9.eyJ2ZXIiOiI2IiwiY2xpZW50SWQiOiI8Q2xpZW50X0lEPiIsImNvZGUiOiI8Q29kZT4iLCJpc3MiOiJ1cm46em9vbTpjb25uZWN0OmNsaWVudGlkOjxDbGllbnRfSUQ-IiwiYXV0aGVudGljYXRpb25JZCI6IjxBdXRoZW50aWNhdGlvbl9JRD4iLCJ1c2VySWQiOiI8VXNlcl9JRD4iLCJncm91cE51bWJlciI6MCwiYXVkIjoiaHR0cHM6Ly9vYXV0aC56b29tLnVzIiwiYWNjb3VudElkIjoiPEFjY291bnRfSUQ-IiwibmJmIjoxNTgwMTQ3Mzk0LCJleHAiOjIwNTMxODczOTQsInRva2VuVHlwZSI6InJlZnJlc2hfdG9rZW4iLCJpYXQiOjE1ODAxNDczOTQsImp0aSI6IjxKVEk-IiwidG9sZXJhbmNlSWQiOjI2fQ.DwuqOzywRrQO2a6yp0K_6V-hR_i_mOB62flkr0_NfFdYsSqahIRRGk1GlUTQnFzHd896XDKf_FnSSvoJg_tzuQ",
  "expires_in": 3599,
  "scope": "user:read"
}


Marketplace Documentation:

* Refreshing an access token



2. Revoke an access token

POST https://zoom.us/oauth/revoke

Revoking an Access Token

Supply the access_token you wish to revoke to the Body params.

Navigate to the Auth tab and under Basic Auth fill in the following:

* Username: [ClientID] * Password: [ClientSecret]

Remember, you can always use the [global variables] feature and syntax within Qodex or directly paste those values in the respective form fields if you do not wish to edit/use the global variables feature.

Alternatively, you can clear the Auth tab fields, and use the Headers tab per our Zoom documentation.

If you go this route, make sure to re-check the Headers key-value field boxes and Base64-encode the Client_ID:Client_Secret (with the colon between the two and no spaces) before pasting in the Authorization value field.

Once you're done, send the POST request to https://zoom.us/oauth/revoke (already pre-populated in this request for you).

Here's an example request to revoke an access token:

POST /oauth/revoke HTTP/1.1
Host: zoom.us
Authorization: Basic base64Encode(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 4
token=[ACCESS TOKEN]

If successful, the response body will be a JSON representation of your user's refreshed access token like this:

{
  "status": "success"
}


Marketplace Documentation:

* Revoking an access token



ENDPOINTS