Step 3: Generate Access And Refresh Token
After obtaining the code from the previous step, make a POST request to the following URL with the given parameters to generate the access_token :
https://accounts.zoho.com/oauth/v2/token?
| Parameter | Description |
|---|---|
| code * | Code obtained in the previous step |
| client_id * | Client ID obtained during Client Registration |
| client_secret * | Client secret obtained during Client Registration |
| redirect_uri * | This param should be the same redirect url mentioned while adding the Client |
| grant_type * | authorization_code |
| scope | Specific scope for which token is to be generated. Multiple scopes has to be separated by commas. Ex : zohobackstage.event.CREATE |
| state | An opaque string that is round-tripped in the protocol; it's value will be passed back to you. |
Note: Fields with Asterisks(*) are mandatory.
In the response, you will get both access_token and refresh_token.
- The access_token will expire after a specific period (as indicated in the expires_in parameter of the response).
- The refresh_token has no expiry and is used to regenerate a new access_token when current one expires.
Note : Each time a re-consent page is accepted, a new refresh token is generated. The maximum limit is 20 refresh tokens per user. If this limit is exceeded, the first refresh token is automatically deleted to accommodate the latest one, regardless of whether the first token is still in use.
Copied https://accounts.zoho.com/oauth/v2/token?code=1000.dd7exxxxxxxxxxxxxxxxxxxxxxxx9bb8.b6c0xxxxxxxxxxxxxxxxxxxxxxxxdca4&client_id=1000.0SRSxxxxxxxxxxxxxxxxxxxx239V&client_secret=fb01xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8abf&redirect_uri=http://backstage.zoho.com/&grant_type=authorization_code