Authorization Request

The client makes an authorization request on behalf of the resource owner to Zoho Accounts via the user agent (usually a web browser):

Example: To receive another refresh token, include access_type=offline and prompt=consent in your authorization request.

  • URI Endpoint: https://accounts.zoho.com/oauth/v2/auth
  • HTTP Request Type: GET
  • Mandatory Parameters:
    • client_id - Obtained from registering your client at the Zoho Accounts developer console.
    • response_type - Value must be 'code'.
    • redirect_uri - The URI endpoint that Zoho Accounts will redirect the web browser to with the authorization code after authorizing the client.
      Note: Make sure the authorized redirect URI is the same as the one provided while registering your client.
    • scope - Sample scope - "AaaServer.profile.READ"
  • Optional Parameters:
    • access_type - Value can be 'offline' or 'online'. If the value is offline, you will receive a refresh token along with an access token for the first time you make the request. Once the access token expires you can use the refresh token to regenerate them. Whereas if the value is online, you will receive only an access token. If you forget your refresh token or cannot access it, use the following parameter along with access_type to receive a new refresh token.
      Note: If the access_type is not mentioned as offline, by default it will be considered as online.
    • prompt - Value must be 'consent'. If this parameter is included in the query, every time you generate an OAuth token, the user's consent approval will be mandatory.

      Example: To receive another refresh token, include access_type=offline and prompt=consent in your authorization request.

  • Authorization Response Parameters:
    • code - A two-minute authorization token that can be exchanged for an access token at Zoho Accounts and the code can be used only once.
    • location - Determines the user's domain location. Clients must make access token requests to that particular domain URI. 
    • server - Click here to get domain location and URI.

Sample HTTP Request

Copiedhttps://accounts.zoho.com/oauth/v2/auth
?response_type=code&
client_id=1000.GMB0YULZHJK411284S8I5GZ4CHUEX0&
scope=AaaServer.profile.Read&
redirect_uri=https://www.zylker.com/oauthredirect&
prompt=consent

Sample HTTP Response

Zoho Accounts authenticates the user and displays a consent screen for confirming authorization request. Once the end user grants the authorization request, Zoho Accounts sends an authorization grant code to the redirect URI client.

Copiedhttps://www.zylker.com/oauthredirect
?code=1000.9c3a2a6a5362125efc9f7666224313b6.d44f4b5b63e71fc682cdf20c771efead
&location=us