How To Generate Access Token And Refresh Token For Server Based Application In Zoho Using Postman

In this tutorial, We are going to learn about How to get an Access token and Refresh Token Using Postman for ZOHO CRM.

There is a need to create an application to get a Client ID and CLIENT SECRET Key.

Go to Zoho Developer Console.

Here are the options for client type.

  1. Client-based Applications
  2. Server-based Applications
  3. Mobile-based Applications
  4. Non-browser Applications
  5. Self client

You can choose the Client type as per your requirements.

Here I am going to show you Server-based Applications.

1 Register Your Client Application

Step 1: Choose Server-based Applications

 Step 2:  You need to Add Client Name, Homepage URL, and Authorized Redirect URLs.

Step 3: After creating an app you can see Client ID and Client Secret

2 Make the Authorization Request

To generate Authorization code for Server-Based Client Application.

Request URL Format:

https://accounts.zoho.com/oauth/v2/auth?response_type=code&client_id=<client_id>&scope=<scope>&redirect_uri=<redirect_uri>&access_type=offline

Mandatory Field:

client_id: Client ID was generated while registered the client application. Kindly refer to step 3

scope: Use Zoho scope as per the requirement. For example, For CRM ZohoCRM.users.ALL, ZohoCRM.modules.ALL

redirect_uri: Use Redirect URL which has added while registered the client application. Kindly refer to step 2

Optional Field:

access_type: Its value can be “Online” or “Offline”. When you set it as “Offlineyou will able to get the refresh token along with the access token

prompt: Its value must be consent. whenever a user wants to make a request for the access token using refresh token this will be mandatory

Here is the Example request:

https://accounts.zoho.com/oauth/v2/auth?client_id=1000.XXXXXXXXXXXXXXXXXXXXXXX&response_type=code&access_type=offline&scope=ZohoCRM.users.ALL,ZohoCRM.modules.ALL&redirect_uri=https://testing.com/

You should pass this URL in your browser then you can see the access permission.

After accepting the access permission you will be redirected to the redirect URL which you have mentioned in the request.

When you will be redirected you can see Code=” 1000.xxxxxxxxe1a88.xxxxxxxx40a3” location and accounts-server.

This code is your Authorization code.

3 Generate Access Token and Refresh Token

Request URL Format:

https://<base_accounts_url>/oauth/v2/token?grant_type=authorization_code&client_id=<client_id>&client_secret=<client_secret>&redirect_uri=<redirect_uri>&code=<authorization_code>

Request Method: POST

Where, 

base_accounts_url: Base URL of your Zoho Account. Example: accounts.zoho.com

client_id & client_secret: Client ID and Client Secret were generated while registered the client application. Kindly refer to step 3

redirect_uri: Use Redirect URL which has added while registered the client application. Kindly refer to step 2

code: Authorization Code which is generated before.

 

Here is the Example request:

https://accounts.zoho.com/oauth/v2/token?grant_type=authorization_code&client_id= 1000.xxxxxxxxxxHF2C6H&client_secret= 1000.xxxxxxxxxxHF2C6H&redirect_uri=https://testing.com/&code=1000.XXXXXXXXXXXXXXXX5e923.XXXXXXXXXXXX9c824

Response View:

4 Refresh the Access Token

Access Tokens expires in an Hour. You can create an access token using the refresh token which we have created in the previous step.

Request URL Format:

https://<base_accounts_url>/oauth/v2/token?refresh_token=<refresh_token>&client_id=<client_id>&client_secret=<client_secret>&grant_type=refresh_token

Request Method: POST

Where, 

base_accounts_url: Base URL of your Zoho Account. Example: accounts.zoho.com

client_id & client_secret: Client ID and Client Secret were generated while registered the client application. Kindly refer to step 3

refresh_token: Use the refresh token which we have created in the previous step.

Here is the Example request:

https://accounts.zoho.com/oauth/v2/token? refresh_token=1000.XXXXXXXXXXXXXXXX5e923.XXXXXXXXXXXX9c82&client_id= 1000.xxxxxxxxxxHF2C6H&client_secret= 1000.xxxxxxxxxxHF2C6H& grant_type= refresh_token

Hope You have got a better understanding.

Submit a Comment

Your email address will not be published. Required fields are marked *

Footer Logo

Subscribe

Select Categories