OAuth 2.0 Token

Zoho REST API gives assistance to the OAuth 2.0 protocol for approving and validating API requests. OAuth 2.0 is the common authentication protocol. It gives 3rd party application developers the permission to grant their users secure access to the server resources without authenticating each time. You’ll need permission to access API service.

Grant Token:

The Zoho CRM API uses the OAuth2.0 protocol for authentication. It uses the Authorization Code Grant Type to obtain the grant token(code). This grant type allows you to share specific data with any application while keeping your usernames and passwords private.

Access Token:

A token that is sent to the resource server to access the protected resources of the user. The Access token provides secure and temporary access to Zoho CRM APIs and is used by the applications to make requests to the connected app.

Refresh Access Token:

Access tokens expire after an hour of generation. To generate a new access token, use the refresh token you generated earlier.

3rd Party App – Get Client ID and Client Secret:

You’ll need to register the app with the Zoho Developer console to get the Client ID and Client Secret.  To register your application, follow the instructions below:

1. 1. Navigate to the Zoho Developer Console.
2. 2. In API Credentials page, click on Add Client ID to create a new Client ID and Client Secret.

1. 3. Mention the Client Name, Client Domain, and the Authorized redirect URIs. (The redirect URI is the callback entry point of the app and is different from the entry point of the app.).

1. 4. You will get a set of OAuth 2.0 details with the Client ID and Client Secret shared only between Zoho and the application.

Steps of Get Grant Token(code) :

1.After Client ID and Client Secret generated.

2. Self Client

3. Scope

4. Add Scope according to your requirement:

5. Grant Token (code) is here:

Generate Access Token and Refresh Token
OAuth2.0 uses access token, which further needs bearer token for passing, to authenticate requests with the former. You’ll need to use standard HTTP requests to call the access token. The access token is then added in an Authorization header along with the value of Bearer token.

To generate access token:

Request Parameters

parameters for functionality:

{
‘code’ => ‘{code}’,
‘grant_type’ => ‘{authorization_code}’,
‘client_id’ => ‘{client_id}’,
‘client_secret’ => ‘{client_secret}’,
‘redirect_uri’ => ‘{redirect_uri}’,
‘scope’ => ‘{scope}’
}

If the request is successful, you would receive the following:

{
“access_token”: “1000.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx”,
“refresh_token”: “1000.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx”,
“api_domain”: “https://www.zohoapis.com”,
“token_type”: “Bearer”,
“expires_in”: 3600
}

To generate refresh token:

Request Parameters

parameters for functionality:

{
‘refresh_token’ => ‘{refresh_token}’,
‘grant_type’ => ‘refresh_token’,
‘client_id’ => ‘{client_id}’,
‘client_secret’ => ‘{client_secret}’,
‘redirect_uri’ => ‘{redirect_uri}”
}

If the request is successful, you would receive the Refresh Token.
** when you receive Refresh Token then you can use anywhere for get, insert, delete , update records with zoho apis with scope.**

If you have any queries or doubts about this topic, please feel free to contact us. We are here to help you!