Refreshing Access Tokens
Access Tokens have limited validity, which expires in an hour. Once the access_token expires, user (or) the app will have to use the refresh token to request for a new access token. On using an expired access token, the request terminates throwing Invalid Oauthtoken.
Note: A client can create up to ten access tokens in a span of ten minutes, using a refresh token. If the limit is reached, the access token creation will be blocked for the next ten minutes.
The following POST URI with the params given below, generates a new access token.
https://<ZohoAccounts_Server_URI>/oauth/v2/token
Post
| Description |
|---|---|
| refresh_token* | <refresh_token> which is obtained in the above step (Step 3) |
| client_id* | <client_id> obtained during Client Registration (Step 1) |
| client_secret* | <client_secret> obtained during Client Registration (Step 1) |
| redirect_uri | This param should be same redirect url mentioned while registering Client (Step 1). This param is not required when self client application type is choosen during Client Registration (Step 1). |
| grant_type* | refresh_token (provide this literal string as value) |
In response, you will get a new <access_token>.
{
"access_token": "{new_access_token}",
"expires_in": 3600,
"api_domain": "https://www.zohoapis.com",
"token_type": "Bearer"
}
Calling an API using OAUTH AUTHENTICATION
Access Token can be passed only in header and cannot be passed in the request param.
- Header name =
Authorization - Header value =
Zoho-oauthtoken<space><access_token> - Sample: Authorization:
Zoho-oauthtoken 1000.abcde12345fgh678.ijk9