Quick start with Zoho Sign's API
Prerequisites
- Zoho Sign - Enterprise/API plan
- Sufficient API credits (5 Zoho Sign credits will be consumed for every envelope submission)
Token generation
Zoho Sign helps you create ad hoc token which can be used for testing and deployment token for your production environment.
Ad hoc tokens for staging environment
If you haven't used APIs before, use our temporary tokens before generating refresh token.
- From your Zoho Sign dashboard, hover your cursor on Settings and click Developer settings.
- Click API token - development from the left navigation pane.
- Click Generate.
- Copy the temporary OAuth access token(which will be valid for 60 minutes) and use it to test our API calls. These tokens are meant to be used for staging setup only. Do not use this in your deployment.
Tokens for production environment
Generating token for production environment consists of 6 steps.
Step 1: Register a new client
- First, you need to register your application with Zoho’s developer console to get your Client ID and Client Secret.
- Log in to https://api-console.zoho.com/ (refer your API console endpoint here) on Add Client ID.
- Upon successful authentication, you will be provided with a Client ID and Client Secret. Do not share the Client ID and Client Secret with anyone.
Step 2: Generate grant token
- Under the Generate Code tab, enter this scope: ZohoSign.documents.ALL,ZohoSign.templates.ALL
- Set the desired time duration and enter the scope description.
- Click CREATE.
- Copy the generated code.
Step 3: Generate access and refresh token
- From your Zoho Sign dashboard, hover on Settings and click API tokens.
- Click API token - deployment from the left navigation pane.
- Click Get started.
- Enter the Client ID, Client Secret, and the copied code.
- Click Generate refresh token.
Note: Refresh token has unlimited usage until revoked.
Request Example
CopiedPOST https://accounts.zoho.com/oauth/v2/token?code=[Code]&client_id=[Client ID]&client_secret=[Client Secret]&redirect_uri=[Redirect URL]&grant_type=authorization_code
Step 4: Generate access token from refresh token
Access tokens have a limited validity. In most cases, the access tokens will expire in one hour. Until then, the access token has unlimited usage. Once it expires, your application should use the refresh token to request for a new access token. Redirect to the following POST URL with the given parameters to get a new access token.
ARGUMENTS
refresh_token * | Refresh Token which is obtained in the above step |
client_id * | Client ID obtained during Client Registration |
client_secret * | Client secret obtained during Client Registration |
redirect_uri * | This param should be same redirect url mentioned while adding Client |
grant_type * | refresh_token |
Request example
CopiedPOST https://accounts.zoho.com/oauth/v2/token?refresh_token=[Refresh Token]&client_id=[Client Id]&client_secret=[Client Secret]&redirect_uri=[Redirect URL]&grant_type=refresh_token
Step 5: Revoke refresh token
To revoke a refresh token, call the following POST URL with the given parameters
ARGUMENTS
token * | Refresh Token which is obtained in the above step |
Request Example
Copiedhttps://accounts.zoho.com/oauth/v2/token/revoke?token=[Refresh Token]
Step 6: Calling an API
- Access token can be passed only in the header and cannot be passed in the request parameter.
- Header name should be Authorization Header value should be Zoho-oauthtoken {access_token}.