Access Token Expiry

Once the access token expires, the client uses the refresh token to generate another access token with the same scope.

  • URI Endpoint: https://accounts.zoho.com/oauth/v2/token
  • HTTP Request Type: POST
  • Mandatory Parameters:
    • client_id - Obtained from registering your client at the Zoho Accounts developer console.
    • grant_type - Value must be 'refresh_token'.
    • client_secret - Obtained from registering your application at the Zoho Accounts developer console.
    • refresh_token - A refresh token is used to obtain a new access token after the old one expires.
  • Response Parameters:
    • access_token - A client-authorized key that lets the client access protected resources from Zoho. The client can make API requests using this access token for up to an hour after the creation of the  token.
    • api_domain - Determines the API domain URI the client must use to make all API requests.
    • token_type - Provides the client with the information required to make an API request.
    • expires_in - Time taken for an access token to expire, in seconds.

 

Sending the request parameters   

The parameters can be sent in one of the following formats:

(1) Query String

All parameters can be sent in the form of query string in the request URL.

Example:

https://accounts.zoho.com/oauth/v2/token?
client_id=1000.QVF8O5MXFUYATAQGJKEWUXJKZH7OOE
&grant_type=refresh_token
&client_secret=31a99ae27deff7fr34e419fe321b712a02cdedted7
&refresh_token=1000.3421ad0e1a6fe44663ea112b8b1c4fdf.cd38e645e3d7423651d17368855bc1c5

(2) Request Body

All parameters can be sent in the request body using the data type "form-data" or "x-www-form-urlencoded".

Example:

client_id: "1000.QVF8O5MXFUYATAQGJKEWUXJKZH7OOE"
client_secret: "31a99ae27deff7fr34e419fe321b712a02cdedted7"
grant_type: "refresh_token"
refresh_token: "1000.3421ad0e1a6fe44663ea112b8b1c4fdf.cd38e645e3d7423651d17368855bc1c5"

(3) Basic Auth Header

Only the client_id and client_secret can be sent using this method. The credentials will have to be base64 encoded and sent.

Encoding format:

Base64encode(client_id:client_secret)

Header format:

Authorization: Basic {Base64 encoded credentials}

Example:

Authorization: Basic MTAwMC5RVkY4TzVNWEZVWUFUQVFHSktFV1VYSktaSDdPT0U6MzFhOTlhZTI3ZGVmZjdmcjM0ZTQxOWZlMzIxYjcxMmEwMmNkZWR0ZWQ3

Sample HTTP Request

Copiedhttps://accounts.zoho.com/oauth/v2/token?
client_id=1000.GMB0YULZHJK411248S8I5GZ4CHUEX0&
grant_type=refresh_token&
client_secret=122c324d3496d5d777ceeebc129470715fbb856b7&
refresh_token=1000.18e983526f0ca8575ea9c53b0cd5bb58.1bd83a6f2e22c3a7e1309d96ae439cc1

Sample JSON Response

Copied{
    "access_token":"1000.2deaf8d0c268e3c85daa2a013a843b10.703adef2bb337b 8ca36cfc5d7b83cf24",
    "api_domain":"https://api.zoho.com",
    "token_type":"Bearer",
    "expires_in":3600
}