- Overview
- What's New in V8?
- Changelog
- Open API Specification 3.0.0 (OAS)
- API Directory
- API Collection
- APIs and References
- OAuth
- API Limits and Credits
- Compliance
- Zoho CRM SDKs
- Metadata APIs
- Customization
- Process Automation
- Security control
- Roles
- Profiles
- Territories
- GETTerritories
- POSTTerritories
- PUTTerritories
- DELETETerritories
- POSTTransfer and Delete Territories
- GETChild Territories of a Territory
- GETTerritories Assigned
- GETAssociated User Count
- GETRetrieve User details Associated with a Territory
- PUTAssociate Users with Territory
- POSTRemove Territories of Records
- POSTAssign Territories to Records
- DELETEDisassociate Users from Territory
- Export Audit Log
- Portals
- Data Sharing
- Company Settings
- Zia
- Core APIs
- Records
- Merge Records
- Share Records
- Mail Merge
- Services
- Appointments
- Appointments Rescheduled History
- Fields Attachments
- Meeting Cancel
- Notes
- Mass Actions
- Related Records
- External ID
- Emails
- Subforms
- Linking Modules
- Others
- Bulk APIs
- Composite API
- Query API
- Notification APIs
Token Validity
Grant Token (Authorization code)
- Grant token is a one-time use token and valid for three minutes, by default. If you want to extend the expiry time, choose the required time from the drop-down while generating the token from the API console (applicable only to self-clients).
- You can generate a maximum of 10 grant tokens in a span of 10 minutes per client ID. If the limit is reached, "access_denied" exception will be thrown for the remaining time.
Access Token
- Each access token is valid for one hour.
- A maximum of 15 active access tokens can be stored per refresh token. When the 16th token is requested, the oldest token is invalidated. When an invalid access token is used, "INVALID_OAUTHTOKEN" exception will be thrown.
- You can generate a maximum of 10 access tokens from a refresh token in a span of 10 minutes.
If the 10-minute throttle limit is reached, "Access Denied" error will be thrown. Reuse valid tokens to avoid this exception.
{ "error_description":"You have made too many requests continuously. Please try again after some time.", "error":"Access Denied", "status":"failure" }
Refresh Token
- Refresh tokens do not expire until a user revokes them.
- A maximum of 20 refresh tokens can be stored per user.
- When you generate the 21st refresh token, the first created refresh token gets invalidated.
© 2025, Zoho Corporation Pvt. Ltd. All Rights Reserved.