Generating Access Token and Refresh Token

OAuth2.0 requests are usually authenticated with an access token, which is passed as bearer token. To use this access token, you need to construct a normal HTTP request and include it in an Authorization header along with the value of "Bearer".

Note

You must use your domain-specific Zoho Accounts URL to generate access and refresh tokens. The following are the various domains and their corresponding accounts URLs.

  • For US: https://accounts.zoho.com

  • For AU: https://accounts.zoho.com.au

  • For EU: https://accounts.zoho.eu

  • For IN: https://accounts.zoho.in

  • For CN: https://accounts.zoho.com.cn

  • For JP: https://accounts.zoho.jp

To generate access and refresh token:

  1. Make a POST request with the following URL. Replace {Accounts_URL} with your domain-specific Zoho accounts URL when you make the request.

    {Accounts_URL}/oauth/v2/token

    Note: For security reasons, pass the below key-value pairs in the body of your request.

    Request Parameters

    ParameterDescription
    grant_typeEnter the value as authorization_code.
    client_idClient ID(consumer key) that you received after client registration.
    client_secretClient Secret that you received after client registration.
    redirect_uriCallback URL that you received after client registration.
    codeEnter the authorization code obtained from the previous step.
  2. If the request is successful, you will receive the following response.

    {
        "access_token": "{access_token}",
        "refresh_token": "{refresh_token}",
        "api_domain": "https://www.zohoapis.com",
        "token_type": "Bearer",
        "expires_in": 3600
    }

    Response Parameters

    ParameterDescription
    access_tokenAccess token to access the Phonebridge APIs.
    refresh_tokenRefresh token to obtain new access tokens.
    expires_inTime in seconds after which the access token expires.
    api_domainDomain name from which you have to make API calls.
    token_typeType of token obtained. "Bearer" indicates this is an access token.
Note
  • The access token is valid only for an hour.

  • The refresh token does not expire.