Skip to main content

Step 3: Generate Access And Refresh Token

After obtaining the code from the previous step, make a POST request to the following URL with the given parameters to generate the access_token :

https://accounts.zoho.com/oauth/v2/token?

ParameterDescription
code *Code obtained in the previous step
client_id *Client ID obtained during Client Registration
client_secret *Client secret obtained during Client Registration
redirect_uri *This param should be the same redirect url mentioned while adding the Client
grant_type *authorization_code
scope

Specific scope for which token is to be generated. Multiple scopes has to be separated by commas.

Ex : zohobackstage.event.CREATE

stateAn opaque string that is round-tripped in the protocol; it's value will be passed back to you.

Note: Fields with Asterisks(*) are mandatory.

In the response, you will get both access_token and refresh_token.

  1. The access_token will expire after a specific period (as indicated in the expires_in parameter of the response).
  2. The refresh_token has no expiry and is used to regenerate a new access_token when current one expires.

Note : Each time a re-consent page is accepted, a new refresh token is generated. The maximum limit is 20 refresh tokens per user. If this limit is exceeded, the first refresh token is automatically deleted to accommodate the latest one, regardless of whether the first token is still in use.

Copied https://accounts.zoho.com/oauth/v2/token?code=1000.dd7exxxxxxxxxxxxxxxxxxxxxxxx9bb8.b6c0xxxxxxxxxxxxxxxxxxxxxxxxdca4&client_id=1000.0SRSxxxxxxxxxxxxxxxxxxxx239V&client_secret=fb01xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8abf&redirect_uri=http://backstage.zoho.com/&grant_type=authorization_code