Generating Tokens

OAuth 2.0 requests are usually authenticated with an access token, which is passed as bearer token. To use this access token, you need to construct a normal HTTP request and include it in an authorization header along with the value of bearer.

Note: 

You must use your domain-specific Zoho Accounts URL to generate access and refresh tokens. The domains and their corresponding accounts URLs are listed below:

For US: https://accounts.zoho.com/

For EU: https://accounts.zoho.eu/

For CN: https://accounts.zoho.com.cn/

For IN: https://accounts.zoho.in/

For AU: https://accounts.zoho.com.au/

To generate access and refresh tokens

Make a POST request using the following URL. Replace {Accounts_URL} with your domain-specific Zoho accounts URL when you make the following request.

{Accounts_URL}/oauth/v2/token

Note: For security reasons, pass the below parameters in the body of your request.

Request Parameters

Parameter	Description
grant_type	Enter the value as "authorization_code".
client_id	Enter the client ID obtained from the connected app.
client_secret	Enter the client secret obtained from the connected app.
redirect_uri	Specify the callback URL that you registered during app registration.
code	Enter the grant token generated in the previous step.

If the request is successful, you will receive the following:
{
"access_token": "{access_token}",
"refresh_token": "{refresh_token}",
"api_domain": "https://www.zohoapis.com/",
"token_type": "Bearer",
"expires_in": 3600
}

Response Parameters  

Parameter	Description
access_token	Access token to access Zoho Recruit APIs.
refresh_token	Refresh token to obtain new access tokens.
expires_in	Time in seconds after which the access token expires.
api_domain	Domain name of the API. Use this domain in your requests to make API calls to Zoho Recruit.
token_type	Type of token obtained. "Bearer" indicates this is an access token.

Calling APIs using your Access Token

This completes the authentication. Once your app receives the access token, send the token in your HTTP authorization header to the Zoho Recruit API with the value "Zoho-oauthtoken {access_token}" for each endpoint (for each request).

Note:

1. Each access token is only valid for an hour and can only be used for the operations defined in the scope.
   
2. The refresh token does not expire. Use it to refresh access tokens when they expire.
   
3. You can only generate a maximum of five refresh tokens in a minute.

• Related Articles

• Refreshing Access Tokens

  Access tokens expire an hour after they are generated. To generate a new access token, use the refresh token you generated earlier. Note:  You must use your domain-specific Zoho Accounts URL to refresh your access token. For ...

• Revoking Tokens

  If you want to revoke your refresh token: Make a POST request with the following URL ​ {Accounts_URL}/oauth/v2/token/revoke?token={refresh_token} Note: You must use your domain-specific Zoho Accounts URL to revoke your refresh token.

• Generating Reports

  Introduction You can create new module-specific reports linking some of the other cross-functional modules. For example, you can create a report in the accounts module linking other modules such as Contacts, Job Openings, and others. Types of Report ...

• Generating Invoices

  An Invoice is a document issued to your clients, detailing out the client name, job details, working hours of temps and much more. It lists the individual temp workers, their duration for a job, and the amount payable for each of them.  How do I ...

• Generating Reports

  You can create new module-specific reports linking some of the other cross-functional modules. For example, you can create a report in the Timesheets module linking other modules such as Temps, Jobs, and others. Types of Report Tabular ...