Skip to product menu
Skip to main content

Generating Access Tokens

OAuth2.0 requests are usually authenticated with an access token, which is passed as bearer token. To use this access token, you need to construct a normal HTTP request and include it in an Authorization header along with the value of the Bearer.

To generate access tokens, make a POST request for the following URL with given parameters in the below table.

https://accounts.zoho.com/oauth/v2/token

Parameter

Description

grant_type

Specify the value as "authorization_code"

client_id

Client ID obtained from client registration

client_secret

Client Secret obtained from client registration

redirect_uri

Specify the same Callback URL that you passed for the client registration

code

Grant token code obtained from the authorization request

 

On success, you will receive the access_token and refresh_token in the following structure:

{ "access_token": "{access_token}", "refresh_token": "{refresh_token}", "api_domain": "https://www.zohoapis.com", "token_type": "Bearer", "expires_in": 3600 }

Note:

  • The access_token will expire after a particular period (as given in the expires_in parameter seen above).
  • The refresh_token is permanent and will be used to regenerate new access_token, if the current access token is expired.
  • Use the api_domain in your requests to make API calls to Zoho Contracts.
  • The token_type Bearer indicates that it is an access_token.
  • The possible errors are invalid_client and invalid_token. The former indicates an invalid Client ID or Client Secret was passed. The latter indicates the grant token has expired.
 Zoho Contracts Developer Community