Access Token Request

The client makes an access token request by sending the authorization grant code to Zoho Accounts:

  • URI Endpoint: https://accounts.zoho.com/oauth/v2/token
  • HTTP Request Type: POST
  • Mandatory Parameters:
    • client_id - Obtained from registering your client at the Zoho Accounts developer console.
    • grant_type - Value must be 'authorization_code'.
    • client_secret - Obtained from registering your application at the Zoho Accounts developer console.
    • redirect_uri - The URI endpoint that Zoho Accounts will redirect the web browser to. Make sure it is the same URI as the one specified in the authorization request.
    • code -The authorization code you received as a response to the authorization request.
  • Access Token Response Parameters:
    • access_token - A client-authorized key that lets the client access protected resources from Zoho. The client can make API requests using this access token for up to an hour after the creation of the token.
    • refresh_token - Used to obtain a new access token after the old one expires. A refresh token does not expire. The maximum number of allowed refresh tokens per account is 20. The 21st refresh token will replace the first created refresh token.
    • api_domain - Determines the API domain URI which the client must use to make all API requests.
    • token_type - Provides the client with the information required to make an API request.
    • expires_in - Time taken for an access token to expire, in seconds.
Note:
  • Using a refresh token a client can create up to ten access tokens in a span of ten minutes. If the limit is reached, the access token creation will be blocked for the rest of the ten minutes.
  • You can save the refresh and access tokens and reuse them.

Sample HTTP Request

Copiedhttps://accounts.zoho.com/oauth/v2/token?
client_id=1000.GMB0YULZHJK411248S8I5GZ4CHUEX0&
grant_type=authorization_code&
client_secret=122c324d3496d5d777ceeebc129470715fbb856b7&
redirect_uri=https://www.zylker.com/oauthredirect&
code=1000.86a03ca5dbfccb7445b1889b8215efb0.cad9e1ae4989a1196fe05aa729fcb4e1

Sample JSON Response

Zoho Accounts sends the access token and the optional refresh token.

Copied{
    "access_token":"1000.2deaf8d0c268e3c85daa2a013a843b10.703adef2bb337b 8ca36cfc5d7b83cf24",
    "refresh_token":"1000.18e983526f0ca8575ea9c53b0cd5bb58.1bd83a6f2e22c3a7e1309d96ae439cc1",
    "api_domain":"https://api.zoho.com",
    "token_type":"Bearer",
    "expires_in":3600
}