Quick start with Zoho Sign's API

Prerequisites

Token generation

Zoho Sign helps you create ad hoc token which can be used for testing and deployment token for your production environment.

Ad hoc tokens for staging environment

If you haven't used APIs before, use our temporary tokens before generating refresh token.

  1. From your Zoho Sign dashboard, hover your cursor on Settings and click Developer settings.
  2. Click API token - development from the left navigation pane.
  3. Click Generate.
  4. Copy the temporary OAuth access token(which will be valid for 60 minutes) and use it to test our API calls. These tokens are meant to be used for staging setup only. Do not use this in your deployment.

Tokens for production environment

Generating token for production environment consists of 6 steps.

Step 1: Register a new client

  1. First, you need to register your application with Zoho’s developer console to get your Client ID and Client Secret.
  2. Log in to https://api-console.zoho.com/ (refer your API console endpoint here) on Add Client ID.
  3. Upon successful authentication, you will be provided with a Client ID and Client Secret. Do not share the Client ID and Client Secret with anyone.

Step 2: Generate grant token

  1. Under the Generate Code tab, enter this scope: ZohoSign.documents.ALL,ZohoSign.templates.ALL
  2. Set the desired time duration and enter the scope description.
  3. Click CREATE.
  4. Copy the generated code.

Learn how to generate grant token through API

Step 3: Generate access and refresh token 

  1. From your Zoho Sign dashboard, hover on Settings and click API tokens.
  2. Click API token - deployment from the left navigation pane.
  3. Click Get started.
  4. Enter the Client ID, Client Secret, and the copied code.
  5. Click Generate refresh token.

Request Example

Copiedhttps://accounts.zoho.com/oauth/v2/token?code=[Code]&client_id=[Client ID]&client_secret=[Client Secret]&redirect_uri=[Redirect URL]&grant_type=authorization_code

Step 4: Generate access token from refresh token 

Access tokens have a limited validity. In most cases, the access tokens will expire in one hour. Until then, the access token has unlimited usage. Once it expires, your application should use the refresh token to request for a new access token. Redirect to the following POST URL with the given parameters to get a new access token.

ARGUMENTS

refresh_token *Refresh Token which is obtained in the above step
client_id *Client ID obtained during Client Registration
client_secret *Client secret obtained during Client Registration
redirect_uri *This param should be same redirect url mentioned while adding Client
grant_type *refresh_token

Request example

Copiedhttps://accounts.zoho.com/oauth/v2/token?refresh_token=[Refresh Token]&client_id=[Client Id]&client_secret=[Client Secret]&redirect_uri=[Redirect URL]&grant_type=refresh_token

Step 5: Revoke refresh token

To revoke a refresh token, call the following POST URL with the given parameters

ARGUMENTS

token *Refresh Token which is obtained in the above step

 

Request Example

Copiedhttps://accounts.zoho.com/oauth/v2/token/revoke?token=[Refresh Token]

Step 6: Calling an API

  • Access token can be passed only in the header and cannot be passed in the request parameter.
  • Header name should be Authorization Header value should be Zoho-oauthtoken {access_token}.