Generate Token
On generating the authorization code, you need to generate the following two tokens:
- Refresh Token: It is used to obtain new access tokens. This token has an unlimited lifetime; it can be revoked manually.
- Access Token: A token that is sent to the resource server to access the protected resources of the user. Each access token will be valid only for an hour and can be used only for the set of operations that is described in the scope.
To generate refresh_token and access_token, make a POST request for the following URI, with the params given below
https://<hostname>:<webclient port>/iam/oauth/v2/token
Post
The below URL is used to generate access token and refresh token.
https://<hostname>:<webclient port>/iam/oauth/v2/token?code=<CODE>&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&redirect_uri=<REDIRECT_URI>&grant_type=authorization_code
| Description |
|---|---|
| code* | <code> Represents the authorization code generated here. |
| client_id* | <client_id> Represents the Client ID generated here. |
| client_secret* | <client_secret> Represents the Client Secret generated here. |
| redirect_uri | Represent the same redirect url mentioned when generating Client ID and Secret. |
| grant_type* | authorization_code (provide this literal string as value) |
| scope | (scope is nothing but a permission to access specific API) for which the token to be generated. Multiple scopes can be given, separated by commas. |
| state | An opaque string that is round-tripped in the protocol; that is to say, value will be passed back to the user. |
Note: Fields with * are mandatory
In response, you will get both <access_token> and <refresh_token>.
{
"refresh_token": "{refresh_token}",
"api_domain": "https://www.zohoapis.com",
"token_type": "Bearer",
"expires_in": 3600
}
Note: The <access_token> will expire after an hour. The <refresh_token> is permanent and will be used to regenerate new <access_token>, if the current access token expired.