Get access token

Request for an access token from our authorization server. You will need to mention which scopes you need permission for. We will display the required permissions to the user. If the user grants permission, an access token will be sent to the redirect URL, which is valid for 1 hour.

Endpoint

CopiedGET	 	{accounts-server-url}/oauth/v2/auth

Note: The accounts-server-url is specific to the location (i.e., datacenter) where your app is registered.

Query parameters

Parameter	Description
client_id	required The unique ID of your application. You can find this in the API console.
response_type	required Should be sent with the value token.
redirect_uri	required The URI to which the authorization server will redirect the browser back with the access token. It has to be the same URI that is provided when registering the app in the API console. Should start with http:// or https://. For example: https://www.zylker.com/oauthredirect
scope	required The corresponding scope for the resource you want to access from the user's account. The scopes will be displayed to the user when asking for consent. For example: ZohoCRM.settings.READ

Request example

Copiedhttps://accounts.zoho.com/oauth/v2/auth
?response_type=token
&client_id=1000.GMB0YULZHJK411284S8I5GZ4CHUEX0
&scope=AaaServer.profile.Read
&redirect_uri=https://www.zylker.com/oauthredirect

Response parameters

After authenticating the user, we will display to the user what are all the permissions your app is requesting. Once the user grants permission, the access token will be sent to the redirect_uri.

Parameter	Description
access_token	A token that your app needs to access the resources (as defined by the requested scopes). This token is valid for 1 hour.
api_domain	The domain to which your app needs to make API requests, for accessing the protected resources.
location	Indicates the data center (DC) location of the user (i.e., where their account is stored).
expires_in	Indicates the time (in seconds) in which the access token expires. The lifetime of an access token is 1 hour (3600 seconds).

Response example

Copiedhttps://www.zylker.com/oauthredirect
&access_token=1000.2350e7afbb173426e5fe3e5977db2f69.0cddd2403ee2e6309d44e7007bf21c05
&expires_in=3600
&location=in
&api_domain=https://www.zohoapis.in

Error codes

Error	Description
access_denied	User rejected the request for access.
Invalid Client	The value of the parameter client_id is not valid. The value of the parameter response_type is incorrect. It must be token
Invalid response type	The parameter client_id is missing. The parameter response_type is missing.
Invalid OAuth Scope	The parameter scope is either missing or the entered scope doesn't exist.
Invalid Redirect URI	The parameter redirect_uri is either missing or the entered URI doesn't match with the one configured in the API console.
An error occurred/400 bad request	The value of the parameter response_type is invalid. It must be token.
400 bad request	The HTTP method used is incorrect. It must be GET.