Access Token Request

The client makes an access token request by sending the authorization grant code to Zoho Accounts:

  • URI Endpoint:
  • HTTP Request Type: POST
  • Mandatory Parameters:
    • client_id - Obtained from registering your client at the Zoho Accounts developer console.
    • grant_type - Value must be 'authorization_code'.
    • client_secret - Obtained from registering your application at the Zoho Accounts developer console.
    • Authorized Redirect URI - The URI endpoint that Zoho Accounts will redirect the web browser to. Make sure it is the same URI as the one specified in the authorization request.
    • Authorization Code -The authorization code you received as a response for the authorization request.
  • Access Token Response Parameters:
    • access token - A client-authorized key that lets the client access protected resources from Zoho. The client can make API requests using this access token for up to an hour after the creation of the token.
    • refresh token - Used to obtain a new access token after the old one expires. A refresh token does not expire. The maximum number of allowed refresh tokens per account is 20. The 21st refresh token will replace the first created refresh token.
    • api_domain - Determines the API domain URI which the client must use to make all API requests.
    • token_type - Provides the client with the information required to make an API request.
    • expires_in - Time taken for an access token to expire, in seconds.
  • Using a refresh token a client can create up to ten access tokens in a span of ten minutes. If the limit is reached, the access token creation will be blocked for the rest of the ten minutes.
  • You can save the refresh and access tokens and reuse them.

Sample HTTP Request

Sample JSON Response

Zoho Accounts sends the access token and the optional refresh token.

    "access_token":"1000.2deaf8d0c268e3c85daa2a013a843b10.703adef2bb337b 8ca36cfc5d7b83cf24",