Refresh Access Token
Access Tokens have limited validity, which expires in an hour. Once the access_token expires, user (or) the app will have to use the refresh token to request for a new access token. On using an expired access token, the request terminates throwing Invalid Oauthtoken.
Note: A client can create up to ten access tokens in a span of ten minutes, using a refresh token. If the limit is reached, the access token creation will be blocked for the next ten minutes.
The following POST URI with the params given below, generates a new access token.
https://<hostname>:<webclient port>/iam/oauth/v2/token
Post
| Description |
|---|---|
| refresh_token* | <refresh_token> Represents the refresh token generated here. |
| client_id* | <client_id> Represents the Client ID generated here. |
| client_secret* | <client_secret> Represents the Client Secret generated here. |
| redirect_uri | Represent the same redirect url mentioned when generating Client ID and Secret. |
| grant_type* | refresh_token (provide this literal string as value) |
In response, you will get a new <access_token>.
{
"access_token": "{new_access_token}",
"expires_in": 3600,
"api_domain": "https://www.zohoapis.com",
"token_type": "Bearer"
}
Calling an API using OAUTH AUTHENTICATION
Access Token can be passed only in header and cannot be passed in the request param.
- Header name =
Authorization - Header value =
Zoho-oauthtoken<space><access_token> - Sample: Authorization:
Zoho-oauthtoken 1000.abcde12345fgh678.ijk9