Self Client - Client credentials flow
Step 1: Use the client credentials to get access token
Endpoint
Copied
Note: The accounts-server-url is specific to the location (i.e., datacenter) where the client is registered. See all the server-specific URLs
Query parameters
Parameter | Description |
client_id | required A unique ID displayed under Self Client > Client Secret. |
client_secret | required A unique confidential secret displayed under Self Client > Client Secret. |
grant_type | Should be passed with the value client_credentials. |
scope | required The corresponding scope for the resource you want to access using the access token. Eg: ZohoCRM.settings.READ |
soid | required based on the Zoho app This parameter is required only for certain Zoho apps that allow creating multiple portals/organizations. Refer to the respective app's API documentation to check whether this parameter is required. (Tip: If the request sent without this parameter throws the exception missing_org_info, then this parameter must be sent.)
Syntax: {servicename}.{zsoid}
Example: ZohoCRM.600*****434 |
Request example
Copied
Response parameters
Parameter | Description |
access_token | An authorized key that can be used by your application to access the required resource (mentioned in the scope). Validity: 1 hour. |
api_domain | The domain the app needs to make service API requests to. |
token_type | Indicates the type of access token that is generated. The token type that is used in Zoho's OAuth implementation is Bearer. |
expires_in | Indicates the time (in seconds) in which the access token will expire. |
Response example
Copied
Step 2: Use the access token to make API calls
Make request calls to the service you want to access through the api_domain you get from the response of the access token request. Using an access token, you can access the resource for an hour, after which it will expire. To get a new access token, repeat Step 1.