Refresh access token

When the access token expires, your app can get new access token it's own without user intervention, as long as the session is active. However, to do so, the user must have granted permission for your app to refresh the token.

If the session gets terminated, your app will need to make the initial request again, and ask for permission from the user.

Endpoint

CopiedGET	 	{accounts-server-url}/oauth/v2/refresh

Note: The accounts-server-url is specific to the location (i.e., datacenter) where your app is registered.

Query parameters

Parameter	Description
client_id	required The unique ID of your application. You can find this in the API console.
response_type	required Should be sent with the value token.
redirect_uri	required The URI to which the authorization server will redirect the browser back with the access token. It has to be the same URI which is provided when registering the app in the API console. Should start with http:// or https://. For example: https://www.zylker.com/oauthredirect

Request example

Copiedhttps://accounts.zoho.com/oauth/v2/auth
?response_type=token
&client_id=1000.GMB0YULZHJK411284S8I5GZ4CHUEX0
&redirect_uri=https://www.zylker.com/oauthredirect

Response parameters

After verifying your app, the access token will be sent to the redirect_uri.

Parameter	Description
access_token	A token that your app needs to access the resources (as defined by the requested scopes). This token is valid for 1 hour.
api_domain	The domain to which your app needs to make API requests, for accessing the protected resources.
location	Indicates the data center (DC) location of the user (i.e., where their account is stored).
expires_in	Indicates the time (in seconds) in which the access token expires. The lifetime of an access token is 1 hour (3600 seconds).

Response example

Copiedhttps://www.zylker.com/oauthredirect
&access_token=1000.2350e7afbb173426e5fe3e5977db2f69.0cddd2403ee2e6309d44e7007bf21c05
&expires_in=3600
&location=in
&api_domain=https://www.zohoapis.in

Error codes

Error	Description
client_not_granted	User didn't grant permission for the entire session. So, access token can't be refreshed. The session has been terminated.
prompt_required	The refresh token used is already revoked. The scopes included in this request are not included during the initial access token request.
An error occurred/40 bad request	The parameter client_id is spelled incorrectly. The value of the parameter response_type is invalid. The parameter redirect_uri is spelled incorrectly. The HTTP method used is incorrect. It must be GET.
OAuthErrorCode.invalid_client	The parameter client_id is missing or its value is invalid. The parameter response_type is missing or its value is incorrect. It must be token.
OAuthErrorCode.invlid_redirect_uri	The parameter redirect_uri is missing or the entered URI doesn't match with the one configured in the API console.