How to get Grant Token(code), Access Token, Refresh Access Token using ZOHO CRM api with OAuth 2.0 ?

Jatinder Singh January 17, 2020

How to get Grant Token(code), Access Token, Refresh Access Token using ZOHO CRM api with OAuth 2.0 ?

OAuth 2.0 Token

Zoho REST API gives assistance to the OAuth 2.0 protocol for approving and validating API requests. OAuth 2.0 is the common authentication protocol. It gives 3rd party application developers the permission to grant their users secure access to the server resources without authenticating each time. You’ll need permission to access API service.

Grant Token:

The Zoho CRM API uses the OAuth2.0 protocol for authentication. It uses the Authorization Code Grant Type to obtain the grant token(code). This grant type allows you to share specific data with any application while keeping your usernames and passwords private.

Access Token:

A token that is sent to the resource server to access the protected resources of the user. The Access token provides secure and temporary access to Zoho CRM APIs and is used by the applications to make requests to the connected app.

Refresh Access Token:

Access tokens expire after an hour of generation. To generate a new access token, use the refresh token you generated earlier.

3rd Party App – Get Client ID and Client Secret:

You’ll need to register the app with the Zoho Developer console to get the Client ID and Client Secret.  To register your application, follow the instructions below:

  1. 1. Navigate to the Zoho Developer Console.
  2. 2. In API Credentials page, click on Add Client ID to create a new Client ID and Client Secret.

  1. 3. Mention the Client Name, Client Domain, and the Authorized redirect URIs. (The redirect URI is the callback entry point of the app and is different from the entry point of the app.).

  1. 4. You will get a set of OAuth 2.0 details with the Client ID and Client Secret shared only between Zoho and the application.

Steps of Get Grant Token(code) :

1.After Client ID and Client Secret generated.

 

2. Self Client

3. Scope

4. Add Scope according to your requirement:

5. Grant Token (code) is here:

 

 

 

Generate Access Token and Refresh Token
OAuth2.0 uses access token, which further needs bearer token for passing, to authenticate requests with the former. You’ll need to use standard HTTP requests to call the access token. The access token is then added in an Authorization header along with the value of Bearer token.

To generate access token:

Request Parameters

Parameter Description
grant_type Enter the value as “authorization_code”.
client_id Specify client-id obtained from the connected app.
client_id Specify client-id obtained from the connected app.
client_secret Specify client-secret obtained from the connected app.
redirect_uri Specify the Callback URL that you registered during the app registration.
code Enter the grant token generated from previous step.

parameters for functionality:

{
‘code’ => ‘{code}’,
‘grant_type’ => ‘{authorization_code}’,
‘client_id’ => ‘{client_id}’,
‘client_secret’ => ‘{client_secret}’,
‘redirect_uri’ => ‘{redirect_uri}’,
‘scope’ => ‘{scope}’
}

If the request is successful, you would receive the following:

{
“access_token”: “1000.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx”,
“refresh_token”: “1000.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx”,
“api_domain”: “https://www.zohoapis.com”,
“token_type”: “Bearer”,
“expires_in”: 3600
}

 

To generate refresh token:

Request Parameters

Parameter Description
access_token Access token to access ZohoCRM APIs
refresh_token Refresh token to obtain new access tokens
expires_in Time in seconds after which the access token expires
api_domain Domain name of the API. Use this domain in your requests to make API calls to Zoho CRM.
token_type Type of token obtained. “Bearer” indicates this is an access token.

 

parameters for functionality:

{
‘refresh_token’ => ‘{refresh_token}’,
‘grant_type’ => ‘refresh_token’,
‘client_id’ => ‘{client_id}’,
‘client_secret’ => ‘{client_secret}’,
‘redirect_uri’ => ‘{redirect_uri}”
}

If the request is successful, you would receive the Refresh Token.
** when you receive Refresh Token then you can use anywhere for get, insert, delete , update records with zoho apis with scope.**

If you have any queries or doubts about this topic, please feel free to contact us. We are here to help you!

Lets’s Talk

About your ideas and concept