Access Token Request
The client makes an access token request on behalf of the resource owner to Zoho Accounts via the user-agent (web browser):
URI Endpoint: https://accounts.zoho.com/oauth/v2/auth
HTTP Request Type: GET
Mandatory Parameters:
- client_id - Obtained from registering your client at the Zoho Accounts developer console.
- response_type -Value must be 'token'.
- redirect_uri - The URI endpoint that Zoho Accounts will redirect the web browser to with the access token after authorizing the client.
Note: Make sure the authorized redirect URI is the same as the one provided while registering your client. - scope - Sample scope - "AaaServer.profile.READ"
Access Token Response Parameters:
- access_token - A client-authorized key that lets the client access protected resources from Zoho. The client can make API requests using this access token for up to an hour after the creation of the token.
- expires_in - Time taken for an access token to expire, in seconds.
- location - Determines the user's domain location. Clients must make access token requests to that particular domain URI. Click here to get domain location and URI.
Get user information
Include "email" in your scope parameter in the access token request to get information about a user. The response for the request will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base 64 decryption algorithm to get information about the user.
Sample HTTP Request
Copiedhttps://accounts.zoho.com/oauth/v2/auth?
client_id=1000.GMB0YULZHJK411248S8I5GZ4CHUEX0&
response_type=token&
scope=AaaServer.profile.Read&
redirect_uri=https://www.zylker.com/oauthredirect
Sample HTTP Response
After verifying your JavaScript domain, we will send the access token to the redirect URI.
Copiedhttps://www.zylker.com/oauthredirect#&
access_token=1000.a9a2690d6d5052d3728c6e330bfabad.a8ae8ab5bf3a8d7e08b8d9eafe52ea2d&
expires_in=3600&
location=us
Sample HTTP request to get user info
Copiedhttps://accounts.zoho.com/oauth/v2/auth?
client_id=1000.KXD1J7BIFFTQ75INLV04S245ZZPF0N&
response_type=token&
scope=AaaServer.profile.Read,email&
redirect_uri=https://www.zylker.com/oauthredirect
Sample HTTP Response
Copiedhttps://www.zylker.com/oauthredirect#&
access_token=1000.375038a443fe2442c6fdb53338434aad.c06027334babb41484450745190aaf42&
id_token=eyJrZXlfaWQiOiJmMDk4NjZjMDFhN2E5ZmYyNTcyNWNiNTZlMGM2NDk0NCIsInR5cCI6IkpXUyIsImFsZyI6IlJTMjU2In0=.eyJhdF9oYXNoIjoiUHQ4cWVKb2l0RmZueUx5WGRhMVo3dyIsInN1YiI6IjczMzE4MDE5Mi45NDI0NzIyMjciLCJhdWQiOiIxMDAwLktYRDFKN0JJRkZUUTc1SU5MVjA0UzI0NVpaUEYwTiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhenAiOiIxMDAwLktYRDFKN0JJRkZUUTc1SU5MVjA0UzI0NVpaUEYwTiIsImlzcyI6ImFjY291bnRzLnpvaG8uY29tIiwiZXhwIjoxNjA4MDUyNDA3LCJpYXQiOjE2MDgwNDk1MjcsImVtYWlsIjoib2F1dGh0ZXN0YWNjbnRAZ21haWwuY29tIn0=.I9F67H7/dc2WNJnWfBV5gUd/LuWRtAOuCyHajAHoFSmhYd7WfllYqDZGXcjLTJAHPBDPk0mOhYVf4JXOQmcbe/3WlPcBvcCdxHHFXTVLgx4a146XhnD9TqJMiEPBS3M77LYsXAHN8xzUxFDslYwwqVEmUlLPcrBo24hD/KocaEM6KDKS1LrMm1nCgYbS6Hop/ZOoFLbyF9hdLwweBzEGjSEhVb+jrE4OaNvCVwbXO1xkLy4WFfzYHLz0rzWUer7jnqVQrwcPfJ19ObIavZOYeU0SO2q8kgOVV3nrPP89NpYE4xoxdV5AjawFsbNkyqXR8n/w3nJuJlBNrNvLefMl4A==&
expires_in=3600&
location=us&
api_domain=https%3A%2F%2Fwww.zohoapis.com
Sample output of the decrypted_token
Copied{
"at_hash": "Pt8qeJoitFfnyLyXda1Z7w",
"sub": "733180192.942472227",
"aud": "1000.KXD1J7BIFFTQ75INLV04S245ZZPF0N",
"email_verified": true,
"azp": "1000.KXD1J7BIFFTQ75INLV04S245ZZPF0N",
"iss": "accounts.zoho.com",
"exp": 1608052407,
"iat": 1608049527,
"email": "oauthtestaccnt@gmail.com"
}