Self Client - Client credentials flow

Step 1: Use the client credentials to get access token

Endpoint

CopiedPOST 		{accounts-server-url}/oauth/v2/token

Note: The accounts-server-url is specific to the location (i.e., datacenter) where the client is registered. See all the server-specific URLs

Query parameters
ParameterDescription
client_id

required

A unique ID displayed under Self Client > Client Secret.

client_secret

required

A unique confidential secret displayed under Self Client > Client Secret.

grant_typeShould be passed with the value client_credentials.
scope

required  

The corresponding scope for the resource you want to access using the access token. 

Eg: ZohoCRM.settings.READ

soid

required based on the Zoho app

This parameter is required only for certain Zoho apps that allow creating multiple portals/organizations. Refer to the respective app's API documentation to check whether this parameter is required.

(Tip: If the request sent without this parameter throws the exception "missing_org_info", then this parameter must be sent.)

 

Syntax: {servicename}.{zsoid}

  • servicename: The name of the service the client is making API calls to. All Zoho products have a unique service name such as ZohoCRM, or ZohoRecruit
  • zsoid: The unique ID of the app's instance. It may be referred to as Portal ID or organization ID. You can refer to the respective app's API documentation to get this ID. 

Example: ZohoCRM.600*****434

Request example

Copiedhttps://accounts.zoho.com/oauth/v2/token?
client_id=1000.O1xxxxxxxxxx5Q91NTGH&
client_secret=74xxxxxxxxxxxx180&
grant_type=client_credentials&
scope=ZohoCRM.settings.READ&
soid=ZohoCRM.600*****434
Response parameters
ParameterDescription
access_tokenAn authorized key that can be used by your application to access the required resource (mentioned in the scope). Validity: 1 hour.
api_domainThe domain the app needs to make service API requests to.
token_typeIndicates the type of access token that is generated. The token type that is used in Zoho's OAuth implementation is Bearer.
expires_inIndicates the time (in seconds) in which the access token will expire.

Response example

Copied{
    "access_token": "1000.875cf8ea310ae70c6fb26e25a5a48df0.be3bc88ab282cd58c6fd32f110c53c61",
    "api_domain": "https://www.zohoapis.in",
    "token_type": "Bearer",
    "expires_in": 3600
}

Step 2: Use the access token to make API calls

Make request calls to the service you want to access through the api_domain you get from the response of the access token request. Using an access token, you can access the resource for an hour, after which it will expire. To get a new access token, repeat Step 1.