Generating the Authorization Code

This method allows the users to authorize the application and obtain the authorization code(grant token) on the address bar of the browser.

  • Step 1:

    After you receive your Client ID, enter the following authorization URL in your browser.

    https://accounts.zoho.com/oauth/v2/auth?scope=PhoneBridge.call.log,PhoneBridge.zohoone.search
&client_id={client_id}&redirect_uri={redirect_uri}&state={state}&response_type=code&access_type=offline
    Parameter (* - Mandatory)Data typeDescription
    scope*StringScope for the data that your application wants to access. Example: PhoneBridge.call.log, PhoneBridge.zohoone.search
    client_id*StringClient ID(consumer key) that you obtained after client registration.
    state*StringProvides any state that might be useful to your application upon receipt of the response. The Zoho Authorization Server round-trips this parameter, so your application receives the same value it sent. Possible uses include redirecting the user to the correct resource in your site, and cross-site-request-forgery mitigations.
    redirect_uri*StringCallback URL that you received after client registration.
    access_type*StringThe value must always be offline.
    response_type*StringThe value must always be code.

  • Step 2:

    Once the user has successfully logged into Zoho, if not already, Zoho Accounts displays the Authorization grant page. After the user grants consent, the browser redirects the user to the registered redirect_uri, along with the authorization code in the URL. You will see the below response in the address bar of your browser.

    {redirect_uri}&state={state}&code={authorization_code}&location=us&accounts-server=https://accounts.zoho.com

    The value of the parameter code is the Authorization Code (grant token). Save this code to generate the access and refresh tokens.

  • Step-3:

    Zoho customer's data are served from multiple DataCenters (DC). The location parameter provides you the DC where the user's data are present.
    Based on the DC, you must make the access token request to the respective account's server.
    Once you have the authorization code and the location, make a GET/POST request to the below URL.
    https://accounts.zoho.com/oauth/serverinfo.
    The response will be as follows and gives you the accounts server location and the respective URL. You must use the domain-specific accounts URL to generate the access and refresh tokens from the authorization code.

    {
    "result": "success",
    "locations": {
        "eu": "https://accounts.zoho.eu",
        "au": "https://accounts.zoho.com.au",
        "in": "https://accounts.zoho.in","
        "us": "https://accounts.zoho.com",
        "cn": "https://accounts.zoho.com.cn",
        "jp": "https://accounts.zoho.jp"
    }
}
Note

The authorization code is only valid for one minute. You must generate the tokens before this code expires.