Generate Refresh Token For ZOHO

Access Token is used for Authentication in ZOHO Applications. Access Token is Expire Every 1 hour so we need to generate a new access token from the the Refresh code and refresh has an unlimited lifetime until it is revoked by the end-user.

We can Generate Refresh Token Using two Method : 

Method-1: Using Postman

 To generate Access token we need to follow below steps:

Step-1 : To  register client use below URL,

Step-2 : Enter the following details:

  • Client Name: The name of your application which you want to register in you zoho application.
  • Homepage URL:  Your site’s home page e.g. http or https://{ Your domain name}.com
  • Authorized Redirect URIs: This is the URL of application to which Zoho Accounts redirects you with a grant token(code) after successful authentication. e.g: http://localhost/zoho/generate_access_token.php

Step-3 : After click on enter “Create Button“, You will receive Client ID and Client Secret Credentials,


Step-4 : Enter below authorization URL in postman,{scope}&client_id={client_id}&response_type=code&access_type={access_type} &redirect_uri={redirect_uri}

Pass below parameters with postman to get grant token( code )

  • Scope                   : Data that your application wants to access.
  • client_id             : Client Id that you get after register application
  • redirect_uri      : Callback URL that you specified during client registration.
  • response_type : code
  • access_type       : offline and online. If you want to generate the refresh token, set this value as offline.

Step-5 : Copy above URL from “postman” and paste into browser to get grant token( code ).

Copy code as given below image,


Step-6 : Now we make POST request using below URL:{grant_token}&client_id={client_id}&client_secret={client_secret}&grant_type=authorization_code&redirect_uri={redirect_uri}

  Pass below pameters with postman to Access Token and Refresh Token

  • code                    : Which you get from above step and code valid for just one minute after that it will be expire.
  • client_id           : Client Id that you get after register application
  • redirect_uri    : Callback URL that you specified during client registration.
  • grant_type       : authorization_code
  • client_secret   : Client secret that you get after register application

Now we get refresh code and access code in response
Here access_token will be expired in an hour.
refresh_token will be valid for life time.

Step-7 : After access_token is expired, create new token using the refresh_token. You need to POST request using below URL:{client_id}&client_secret={client_secret}&grant_type=refresh_token&refresh_token={refresh_token}

Method-2 : Using Function file

You can generate refresh token dynamically using two ways,
1) Using Curl Method :
class functions {
  function getAuthorizationCode() {
    global $authorize_url, $client_id, $scope, $redirect_uri, $scope;
    $authorize_url = "".$scope."&client_id=".$client_id."&response_type=code&access_type=offline&redirect_uri=".$redirect_uri."&prompt=consent";
    header("Location: " . $authorize_url); 
    return redirect($authorize_url);
  function generate_refresh_token( $client_id, $client_secret, $grant_type, $refresh_token ) {
    $url = "";
    $param = "refresh_token=".$refresh_token."&client_id=".$client_id."&client_secret=".$client_secret."&grant_type=".$grant_type;
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $param);
    $result = curl_exec($ch);
    $err = curl_error($ch);
    if ($err) {
      echo $err;
    } else {
      $token_path = "token.json";
      $tokens = array(
        'access_token' => $response_data['access_token'],
        "created_at" => date('Y-m-d H:i:s')
      if ( !file_exists( dirname( $token_path ) ) ) {
          mkdir( dirname( $token_path ), 0777, true );
      file_put_contents( $token_path, json_encode( $tokens ) );
      return $response_data['access_token'];			
2) Using  ZOHO SDK in php,

Create config.php and add below code,


return array (
  'userIdentifier'	   => '',
  'refreshToken'   	   => '1000.f6876feeb933ee200cd04c9aaf33c388.bca3e1eef1bd607e5b45f215dcb177d7',
  'client_id'		   => '1000.IUDYQTEROO1024839NQXWAEK2C3Y5H',
  'client_secret'    	   => '3a0cc0d0a4fb74a808f6f4fdb75391645131765bbd',
  'redirect_uri'	   => '',
  'token_persistence_path' => 'zcrm_oauthtokens.txt',
  'scope'		   => 'ZohoCRM.modules.ALL',
  'refresh_code'	   => '1000.76576b86fd625c202486cdade38692c8.6dc79d9d56a5c0eaf10cd925ea235538',

Create function.php file and add below code,

namespace zcrmsdk\oauth;
require 'vendor/autoload.php';

use zcrmsdk\oauth\exception\ZohoOAuthException;
use zcrmsdk\oauth\utility\OAuthLogger;
use zcrmsdk\oauth\utility\ZohoOAuthConstants;
use zcrmsdk\oauth\utility\ZohoOAuthHTTPConnector;
use zcrmsdk\oauth\utility\ZohoOAuthTokens;
use zcrmsdk\crm\setup\restclient\ZCRMRestClient;

$configs = include("config.php");
$client_id     = $configs['client_id'];
$client_secret = $configs['client_secret'];
$redirect_uri  = $configs['redirect_uri'];
$identifier    = $configs['userIdentifier'];
$scope 	       = $configs['scope'];
$token_persistence_path = $configs['token_persistence_path'];
$refresh_code  = $configs['refresh_code'];

if ($_GET["code"]) {
  $access_token = generate_access_token( $refresh_code, $identifier );
} else {

/* generate Grant code */
function getAuthorizationCode() {
  global $authorize_url, $client_id, $scope, $redirect_uri;
  $authorize_url = "".$client_id."&response_type=code&access_type=offline&redirect_uri=".$redirect_uri."&prompt=consent";
  header("Location: " . $authorize_url); 
  return redirect($authorize_url);

/* get access code */
function generate_access_token( $refresh_code, $identifier ) {
  Global $client_id, $client_secret, $redirect_uri, $identifier, $token_persistence_path;
  $configuration = array(
              "client_id"              => $client_id,
              "client_secret"          => $client_secret,
              "redirect_uri"           => $redirect_uri,
              "currentUserEmail"       => $identifier,
              "token_persistence_path" => $token_persistence_path,
  $oAuthClient = ZohoOAuth::getClientInstance(); 
  $refreshToken = $refresh_code; 
  $userIdentifier = $identifier; 
  $oAuthTokens = $oAuthClient->generateAccessTokenFromRefreshToken($refreshToken,$userIdentifier);
    $d = json_decode($oAuthTokens);

Submit a Comment

Your email address will not be published. Required fields are marked *


Select Categories