Step 2: Generating Grant Tokens
Redirect to the following authorization URL with the given parametereters:
For Admin APIs: https://accounts.zoho.com/oauth/v2/auth?
For Storefront Portal APIs: https://accounts.zohoportal.com/clientoauth/v2//auth?
https://accounts.zohoportal.com/clientoauth/v2//auth?
Parameter | Description |
scope* | SCOPE for which the token is to be generated. Multiple scopes can be mentioned, separated by commas. Ex: ZohoCommerce.salesorders.all |
client_id* | Client ID is obtained during Client Registration. An opaque string that is round-tripped present in the protocol represents client_id. Whatever is the value given to this, it will be passed back to user. |
response_type* | Code value is mandatory to get the access token and is valid for 60 seconds. |
redirect_uri* | One of the redirect URI from the above steps. This parameter should be the same redirect url mentioned while registering the Client. |
access_type | The allowed values are offline and online. The online access_type gives your application only the access_token which is valid for one hour. The offline access_type will give the application an access_token as well as a refresh_token. By default it is taken as online. |
prompt | Prompts are used for user consent each time your app tries to access user credentials. Ex: Permission to access files |
Note: Fields with * are mandatory.
The request will be the URL along with the mentioned parameters. It will have a "user consent page" as the response.
Upon clicking “Accept”, Zoho will redirect to the given redirect_uri with code and state parameter. This code value is mandatory to get the access token in the next step. This code is valid for only 60 seconds.
On clicking “Deny”, the server returns an error.