Zoho PhoneBridge REST API supports the OAuth2.0 protocol to enable users access data in a secured way.
Therefore, you must authenticate the PhoneBridge APIs using an OAuth token.


After you register your application as a Provider with Zoho PhoneBridge, Zoho processes the registration and shares your Client ID and Client Secret.

Phonebridge APIs follow the OAuth2.0 Authorization Code Grant Type to provide access to protected resources.
In this type of authorization,

  • The application redirects the user to the OAuth server.

  • The user is prompted to login to Zoho, if not already.

  • After successful login, the user sees the authorization prompt, and approves or rejects the app's request.

  • The user is redirected back to the application with an authorization code in the query string.

  • The application exchanges the authorization code for an access token with the authorization server.

OAuth2.0 requests are usually authenticated with an access token, which is passed as bearer token. To use this access token, you need to construct a normal HTTP request and include it in an Authorization header along with the value of "Bearer". Therefore, you must authorize your application and generate the access and refresh tokens.

Generating tokens involves the following steps.

  1. Generating the Authorization Code

  2. Generating the access and refresh tokens from the authorization code