Authorization Request

The client makes an authorization request on behalf of the resource owner to Zoho Accounts via the user agent (usually a web browser):

  • URI Endpoint:
  • HTTP Request Type:GET
  • Mandatory Parameters:
    • client_id - Obtained from registering your client at the Zoho Accounts developer console.
    • response_type - Value must be 'code'.
    • Authorized Redirect URI - The URI endpoint that Zoho Accounts will redirect the web browser to with the authorization code after authorizing the client.
      Note: Make sure the authorized redirect URI is the same as the one provided while registering your client.
    • Scope - Sample scope - "AaaServer.profile.READ"
  • Optional Parameters:
    • access_type -Value can be 'offline' or 'online'. If the value is offline, you will receive a refresh token along with an access token only the first time you make the request. You can use the access token to make API calls. 
      Note: If you forget your refresh token or cannot access it, use the following parameter to receive a new refresh token.
    • prompt - Value must be 'consent'. If this parameter is included in the query, every time you request an access token using a refresh token, the user's consent approval will be mandatory.
      Note: To receive another refresh token, include access_type=offline and prompt=consent in your authorization request.

Sample HTTP Request

Sample HTTP Response

Zoho Accounts authenticates the user and displays a consent screen for confirming authorization request. Once the end user grants the authorization request, Zoho Accounts sends an authorization grant code to the redirect URI client.