Generating the Authorization Code
This method allows the users to authorize the application and obtain the authorization code(grant token) on the address bar of the browser.
Step 1:
After you receive your Client ID, enter the following authorization URL in your browser.
https://accounts.zoho.com/oauth/v2/auth?scope=PhoneBridge.call.log,PhoneBridge.zohoone.search &client_id={client_id}&redirect_uri={redirect_uri}&state={state}&response_type=code&access_type=offline
Parameter (* - Mandatory) Data type Description scope* String Scope for the data that your application wants to access. Example: PhoneBridge.call.log, PhoneBridge.zohoone.search client_id* String Client ID(consumer key) that you obtained after client registration. state* String Provides any state that might be useful to your application upon receipt of the response. The Zoho Authorization Server round-trips this parameter, so your application receives the same value it sent. Possible uses include redirecting the user to the correct resource in your site, and cross-site-request-forgery mitigations. redirect_uri* String Callback URL that you received after client registration. access_type* String The value must always be offline. response_type* String The value must always be code. Step 2:
Once the user has successfully logged into Zoho, if not already, Zoho Accounts displays the Authorization grant page. After the user grants consent, the browser redirects the user to the registered redirect_uri, along with the authorization code in the URL. You will see the below response in the address bar of your browser.
{redirect_uri}&state={state}&code={authorization_code}&location=us&accounts-server=https://accounts.zoho.com
The value of the parameter code is the Authorization Code (grant token). Save this code to generate the access and refresh tokens.
Step-3:
Zoho customer's data are served from multiple DataCenters (DC). The location parameter provides you the DC where the user's data are present.
Based on the DC, you must make the access token request to the respective account's server.
Once you have the authorization code and the location, make a GET/POST request to the below URL.
https://accounts.zoho.com/oauth/serverinfo.
The response will be as follows and gives you the accounts server location and the respective URL. You must use the domain-specific accounts URL to generate the access and refresh tokens from the authorization code.{ "result": "success", "locations": { "eu": "https://accounts.zoho.eu", "au": "https://accounts.zoho.com.au", "in": "https://accounts.zoho.in"," "us": "https://accounts.zoho.com", "cn": "https://accounts.zoho.com.cn", "jp": "https://accounts.zoho.jp" } }
The authorization code is only valid for one minute. You must generate the tokens before this code expires.