Generating Access Tokens
OAuth2.0 requests are usually authenticated with an access token, which is passed as bearer token. To use this access token, you need to construct a normal HTTP request and include it in an Authorization header along with the value of the Bearer.
To generate access tokens, make a POST request for the following URL with given parameters in the below table.
https://accounts.zoho.com/oauth/v2/token
Parameter | Description |
grant_type | Specify the value as "authorization_code" |
client_id | Client ID obtained from client registration |
client_secret | Client Secret obtained from client registration |
redirect_uri | Specify the same Callback URL that you passed for the client registration |
code | Grant token code obtained from the authorization request |
On success, you will receive the access_token and refresh_token in the following structure:
{ "access_token": "{access_token}", "refresh_token": "{refresh_token}", "api_domain": "https://www.zohoapis.com", "token_type": "Bearer", "expires_in": 3600 }
Note:
- The access_token will expire after a particular period (as given in the expires_in parameter seen above).
- The refresh_token is permanent and will be used to regenerate new access_token, if the current access token is expired.
- Use the api_domain in your requests to make API calls to Zoho Contracts.
- The token_type Bearer indicates that it is an access_token.
- The possible errors are invalid_client and invalid_token. The former indicates an invalid Client ID or Client Secret was passed. The latter indicates the grant token has expired.