Question
People commonly ask on the Zoom Developer Forum:
Why does the Zoom Meeting SDK return “zoom signature invalid”?
When using the Zoom Meeting SDK, you may encounter the error “zoom signature invalid” (sometimes shown as “invalid signature” with error codes like 3172 or 3712). The message is generic because it represents a failed signature validation, and it can be triggered by several different issues depending on how the SDK is being used.
Below are common scenarios that lead to this error and how to reason about each one. These examples are not exhaustive, but they cover the most frequent causes.
Answer: Why you're getting Zoom Invalid Signature errors
Scenario 1: Generating the signature on the frontend
The signature is created in browser JavaScript (for example, in a CDN or Web SDK sample). The meeting fails to join with an invalid signature error.
Why this fails
Meeting SDK signatures are expected to be generated server-side. Frontend-generated signatures are often malformed, expired, or generated in a way the SDK does not accept.
Correct approach
Always generate the Meeting SDK signature on a backend server and pass it to the client.
Scenario 2: Signing the JWT with OAuth or Server-to-Server credentials
Zoom REST APIs work correctly (meetings can be created). The signature JWT is signed using OAuth or Server-to-Server Client ID and Secret. ZoomMtg.join() fails with an invalid signature error.
Why this fails
OAuth and Server-to-Server credentials are used only for Zoom API requests. The Meeting SDK requires its own SDK Key and SDK Secret to sign the signature.
Correct approach
Use Meeting SDK credentials exclusively when generating the signature. OAuth credentials should never be used for this purpose.
Scenario 3: The signature payload does not match the join request
The signature is generated on the backend using Meeting SDK credentials. The SDK still reports “invalid signature.”
Common causes
- The meeting number in the JWT payload does not match the meeting being joined.
- A meeting UUID is used instead of the numeric meeting ID.
- The signature is expired or not yet valid due to time skew.
- Required fields are missing or inconsistent (such as
sdkKey,appKey, ortokenExp).
Correct approach
Ensure the JWT payload:
- Uses the numeric meeting ID.
- Has valid iat, exp, and tokenExp values.
- Uses the correct Meeting SDK key consistently across all fields.
Related errors that are often confused with “invalid signature”
Some errors appear during the same integration flow but are caused by different issues. For example, errors related to starting a meeting as host are often tied to meeting permissions or authentication requirements rather than signature generation.
The “zoom signature invalid” error is not caused by a single mistake. It’s a validation failure that can occur due to where the signature is generated, which credentials are used, or how the JWT payload is constructed.
While other edge cases exist, checking the scenarios above will resolve the majority of invalid signature errors encountered when integrating the Zoom Meeting SDK.
Zoom Developer Forum Examples
Some examples of this question are:
