Generating Token
Refresh Token
Refresh token is used to obtain new access tokens. This token has an unlimited lifetime, it can be revoked manually.
Access Token
A token that is sent to the resource server to access the protected resources of the user. Each access token will be valid only for an hour, and can be used only for the set of operations that is described in the scope.
After generating the code, a POST request has to be made for the following URI, with the params given below, to generate refresh_token and access_token.
https://<ZohoAccounts_Server_URI>/oauth/v2/token
Post
The below URL is used to generate access token and refresh token.
https://accounts.zoho.com/oauth/v2/token?code=<CODE>&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&redirect_uri=<REDIRECT_URI>&grant_type=authorization_code
| Description |
|---|---|
| code* | <code> which is obtained in the above step (Step 2) |
| client_id* | <client_id> obtained during Client Registration (Step 1) |
| client_secret* | <client_secret> obtained during Client Registration (Step 1) |
| redirect_uri | This param should be same redirect url mentioned while adding Client (Step 1). This param is not required when self client application type is choosen during Client Registration (Step 1). |
| grant_type* | authorization_code (provide this literal string as value) |
| scope | (scope is nothing but a permission to access specific API) for which the token to be generated. Multiple scopes can be given, separated by commas. |
| state | An opaque string that is round-tripped in the protocol; that is to say, value will be passed back to the user. |
Note: Fields with * are mandatory
In response, you will get both
<access_token>and<refresh_token>.
{
"refresh_token": "{refresh_token}",
"api_domain": "https://www.zohoapis.com",
"token_type": "Bearer",
"expires_in": 3600
}The <access_token> will expire after an hour.- The
<refresh_token>is permanent and will be used to regenerate new<access_token>, if the current access token expired.