OAuth

Watch this video or follow the steps below to access Zoho Payments' APIs using OAuth 2.0:

Step 1: Register a new Self Client & Generate an authorization code

First, you must register your application with Zoho's Developer Console to obtain your Client ID and Client Secret.

To register your application:

 1. Visit Zoho's Developer Console at https://accounts.zoho.in/developerconsole

 2. Kindly choose Self Client option.

 3. In the Generate Code tab, Enter the scopes you need to access. Use commas to separate multiple scopes. You can refer above for the required scopes.

 4. Select an expiry time for the authorization code. By default, it is 3 minutes.

 5. Enter a description for the required scopes.

6. Click CREATE. An authorization code will be generated and displayed.

7. Copy or download the authorization code.

Keep these credentials secure, and do not share them.

Step 2: Generate Access and Refresh Tokens

Once you have the code from the previous step, make a POST request to the following URL with the required parameters to generate the access_token :

https://accounts.zoho.in/oauth/v2/token?

Parameter	Description
code*	The code obtained from the previous step.
client_id*	An unique ID displayed under Self Client > Client Secret.
client_secret*	An unique confidential secret displayed under Self Client > Client Secret.
grant_type*	This is authorization_code.

Note : Fields marked with * are mandatory

The response to your request will include both an access_token and a refresh_token :

1. access_token : Expires after a certain period, as indicated by the expires_in parameter in the response.
2. refresh_token : Permanent and can be used to generate a new access_token once the current one expires.

Note : A user can have a maximum of 20 refresh tokens. Exceeding this limit will result in the oldest refresh token being deleted automatically, regardless of whether it is in use.

Step 3: Call an API

When calling an API, the access token must be included in the request header and cannot be passed as a request parameter.

• Header Name : Authorization
• Header Value : Zoho-oauthtoken {access_token}

Step 4: Generate Access Tokens from Refresh Tokens

Access tokens have limited validity, typically expiring in one hour, but can be used without restriction during this time. Once an access token expires, your application must use the refresh token to obtain a new access token.

To generate a new access token, make a POST request to the following URL with the given parameters:

https://accounts.zoho.in/oauth/v2/token?

Parameter	Description
refresh_token	The refresh token obtained from the previous step.
client_id	The Client ID received during client registration.
client_secret	The Client Secret received during client registration.
grant_type	This is refresh_token .