Generating Access Tokens

OAuth2.0 requests are usually authenticated with an access token, which is passed as bearer token. To use this access token, you need to construct a normal HTTP request and include it in an Authorization header along with the value of the Bearer.

To generate access tokens, make a POST request for the following URL with given parameters in the below table.

https://accounts.zoho.com/oauth/v2/token

Parameter

Description

grant_type

Specify the value as "authorization_code"

client_id

Client ID obtained from client registration

client_secret

Client Secret obtained from client registration

redirect_uri

Specify the same Callback URL that you passed for the client registration

code

Grant token code obtained from the authorization request

 

On success, you will receive the access_token and refresh_token in the following structure:

{ "access_token": "{access_token}", "refresh_token": "{refresh_token}", "api_domain": "https://www.zohoapis.com", "token_type": "Bearer", "expires_in": 3600 }

Note:

  • The access_token will expire after a particular period (as given in the expires_in parameter seen above).
  • The refresh_token is permanent and will be used to regenerate new access_token, if the current access token is expired.
  • Use the api_domain in your requests to make API calls to Zoho Contracts.
  • The token_type Bearer indicates that it is an access_token.
  • The possible errors are invalid_client and invalid_token. The former indicates an invalid Client ID or Client Secret was passed. The latter indicates the grant token has expired.