Client Credentials Flow

Compared to the flow of creating access tokens in the self-client flow, the client credentials flow can be used to perform one-time tasks like one-time data migration or testing Zoho CRM API calls, etc. We recommend using self client or server-based authorization for integration purposes. The main benefit of the client credentials flow is the simplicity in creating an access token, requiring only your client ID, client secret, scope, and soid.

Generating Access Token

To generate an access token using the client credentials flow, make an API call to the following endpoint with the mandatory parameters as discussed in the following "Parameters" section. The accounts-url is specific to the location (i.e., datacenter) where the client is registered. See all the server-specific URLs.

{accounts-url}/oauth/v2/auth?client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials&scope={scope}&soid={soid}

Parameters

  • client_idstring, mandatory

    Client ID (consumer key) that you obtained during client registration.

  • client_secretstring, mandatory

    Client secret that you obtained during client registration.

  • grant_typestring, mandatory

    Specify the value as "client_credentials".

  • scopestring, mandatory

    The corresponding scope for the resource you want to access from the user's account. Multiple scopes can be given in comma separated format. Refer to the Scopes page for more details.

  • soidstring, mandatory

    This parameter is derived from the unique ServiceOrg or organization or portal ID (zsoid).

    Syntax: ZohoCRM.{zsoid}. Example: ZohoCRM.600xxx46

    You can obtain zsoid from the UI by clicking on your profile picture where you will see the name of your organization. Click on the dropdown to view the name of the organization and the Org ID.

Response JSON

{
    "access_token": "1000.b2caxxxxx3c6",
    "scope": "ZohoCRM.org.ALL ZohoCRM.settings.ALL ZohoCRM.users.ALL ZohoCRM.templates.email.READ ZohoCRM.templates.inventory.READ ZohoCRM.modules.ALL",
    "api_domain": "https://www.zohoapis.com",
    "token_type": "Bearer",
    "expires_in": 3600
}
  • access_token

    Use this access token in the header of the API calls to access data in Zoho CRM. Note that the response does not contain a refresh token. When an access token expires, make an API call to the same endpoint to get a new access token (if required).

  • scope

    The scope for the resource you want to access from the user's account that was provided in the parameters.

  • api_domain

    Domain name of the API. Use this domain in your requests to make API calls to Zoho CRM.

  • token_type

    Type of token obtained. "Bearer" indicates this is an access token.

  • expires_in

    Time in seconds after which the access token expires.