Authorization Request

The client makes an authorization request on behalf of the resource owner to Zoho Accounts via the user agent (usually a web browser):

  • URI Endpoint:
  • HTTP Request Type: GET
  • Mandatory Parameters:
    • client_id - Obtained from registering your client at the Zoho Accounts developer console.
    • response_type - Value must be 'code'.
    • Authorized Redirect URI - The URI endpoint that Zoho Accounts will redirect the web browser to with the authorization code after authorizing the client.
      Note: Make sure the authorized redirect URI is the same as the one provided while registering your client.
    • Scope - Sample scope - "AaaServer.profile.READ"
  • Optional Parameters:
    • access_type - Value can be 'offline' or 'online'. If the value is offline, you will receive a refresh token along with an access token only the first time you make the request. You can use the access token to make API calls. 
      Note: If you forget your refresh token or cannot access it, use the following parameter to receive a new refresh token.
    • prompt - Value must be 'consent'. If this parameter is included in the query, every time you request an access token using a refresh token, the user's consent approval will be mandatory.
      Note: To receive another refresh token, include access_type=offline and prompt=consent in your authorization request.
  • Authorization Response Parameters:
    • code - A two-minute authorization token which can be exchanged for an access token at Zoho Accounts and the code can be used only once.
    • location - Determines the user's domain location. Clients must make access token requests to that particular domain URI. Click here to get domain location and URI.

Sample HTTP Request

Sample HTTP Response

Zoho Accounts authenticates the user and displays a consent screen for confirming authorization request. Once the end user grants the authorization request, Zoho Accounts sends an authorization grant code to the redirect URI client.