Generating Code

Once registering as a new client is completed, you can generate <Client_ID> and <Client_Secret>. Now, a grant code has to be generated. Based on the client type the code can be generated in two ways.

Self Client Method

  1. After registration, click the Self Client method available on the Applications list.
  2. Enter a valid scope. (Refer to Scopes for more details.)
  3. Choose Time Duration.
    NOTE:Code value generated in this step will be expired after this period. Refresh Token (Step 3) have to be generated before the code expires.
  4. Enter Scope Description.
  5. Click CREATE to generate code.
  6. Save this code and continue to step 3.

Redirect Method

  1. Make a request to the below URI with the given parameters.

    https://<ZohoAccounts_Server_URI>/oauth/v2/auth

    Get
    Parameter NameDescription
    scope *Scope (scope is nothing but a permission to access specific API) for which the token to be generated. Multiple scopes can be given, separated by commas.
    Example: ZohoAnalytics.data.all,ZohoAnalytics.modeling.create
    Refer: available scopes
    client_id *<client_id> obtained during Client Registration (Step 1).
    stateAn opaque string that is round-tripped in the protocol; ie., whatever value given to this will be passed back to you.
    response_type*code (provide this literal string as the value)
    redirect_uri *One of the redirect URI given in above step. This param should be same redirect url mentioned while registering the Client (Step 1).
    access_typeThe allowed values are offline and online.
    The online access_type gives your application only the access_token which is valid for one hour. The offline access_type will give the application an access_token as well as a refresh_token. By default it is taken as online
    promptConsent (provide this literal string as the value)
    Prompts for user consent each time your app tries to access user credentials.
    If you don't specify this parameter, the user will be prompted only the first time your app requests access.
    Note: Fields with * are mandatory.
  2. On invoking this request,
    • If you have already signed in with Zoho, a user consent page will be shown.
    • If you do not have a login session with Zoho, you will be redirected to the Zoho login page. You need to enter your Zoho credentials to login. After authentication the user consent page will be shown.
  3. Upon clicking Accept, the application gets authorized. The grant code is sent as a parameter in the redirect_uri.
  4. A back-end script from your end needs to store the following details from the above URL.
    • code={grant_token} - This is used to generate access and refresh tokens.
    • location={domain} - This tells you the domain of the user from which you have to make API calls.
    • accounts-server={accounts_URL} - This is your accounts URL which you have to use to generate refresh and access tokens.
Note: This code is valid for only 60 seconds. Next Step have to be done within this time.

When the user clicks Reject, the browser redirects to the redirect URI with the parameter error=access_denied, and your application is denied access to the user's data in Zoho Analytics.