Generate Access Token and Refresh Token

Make a POST request with the below Request URL.  

Accounts URL

Check the URL you use to access Bookings to know which data center (DC) you are. You must use one of the domain-specific Zoho accounts URLs below to generate access and refresh tokens.

For US: https://accounts.zoho.com

For AU: https://accounts.zoho.com.au

For EU: https://accounts.zoho.eu

For IN: https://accounts.zoho.in

For CN: https://accounts.zoho.com.cn

 

Request URL  

<Accounts_url>/oauth/v2/token?grant_type=authorization_code&client_id=<client_id>&client_secret=<client_secret>&redirect_uri=<redirect_uri>&code=<authorization_code>

Request method  

POST

where:

Parameter Name

Description

Accounts_url*

Differs depending on your DC (refer to the above Accounts URL section to see which option to use)

client_id*

Generated upon creating the self client

client_secret*

Generated upon creating the self client

grant_type*

authorization_code

redirect_uri*

https://deluge.zoho.com/delugeauth/callback

code*

The code generated for the client for a given OAuth scope (e.g.,  zohobookings.data.CREATE)

Note: Fields marked * are mandatory.

 

Response type  

JSON

If the request is successful, you will receive the response shown in the sample response. With this, the authentication process is completed. You can use the access token from the response for calling the APIs.

Token validity

  • An access token is valid for only one hour.

  • A refresh token has no expiry. It can only be revoked by the user.

  • After the access token expires, use the refresh token to generate a new access token. Refer to this page to refresh the access token.

 

Possible errors

invalid_client

  • Verify you have used the correct client ID and client secret.

  • Ensure that you are using the right domain in the URL (refer to the Accounts URL section above).

invalid_code

  • The applied authorization code has expired or has already been exchanged for an access token. Generate a new authorization code.

invalid_redirect_uri

  • The redirect URL in the request is different from the one used when registering the client.

 

Sample Request

Copiedhttps://accounts.zoho.com/oauth/v2/token?grant_type=authorization_code&client_id=1000.M678X6QVMUZ1M7U0V41U5BJAIHS4FX&client_secret=eed703092429cb9a1994c286df2c034edb8a708b1b&redirect_uri=https://deluge.zoho.com/delugeauth/callback&code=1000.c3b3a6a85e51f70fb0489e4ce72c98b1.42017a7870f54fb2abb5dca56fd5fc0a

Sample Response

Copied{
    "access_token": "1000.7b3610d1XXXXXXXXXXXXXXXX087cc3.6282226f615637c467bee7209ce1c0a1",
    "refresh_token": "1000.a24d5e6dXXXXXXXXXXXXXXXX3eeb1.0df8a58d58dae3efcd6f0c15c4e88999",
    "api_domain": "https://www.zohoapis.com",
    "token_type": "Bearer",
    "expires_in": 3600
}