Refreshing Access Tokens

Access tokens expire an hour after they are generated. To generate a new access token, use the refresh token you generated earlier.

Note: 

You must use your domain-specific Zoho Accounts URL to refresh your access token.

For US: https://accounts.zoho.com/

For EU: https://accounts.zoho.eu/

For CN: https://accounts.zoho.com.cn/

For IN: https://accounts.zoho.in/

For AU: https://accounts.zoho.com.au/

Make a POST request with the following URL.

{Accounts_URL}/oauth/v2/token?refresh_token={refresh_token}&client_id={client_id}&client_secret={client_secret}&grant_type=refresh_token

If the request is successful, you will receive the following output:

{

"access_token": "{new_access_token}",

"expires_in": 3600,

"api_domain": "https://www.zohoapis.com/",

"token_type": "Bearer"

}

Notes:

1. A user in an organization can have a maximum of 20 refresh tokens and each refresh token can have a maximum of 30 active access tokens (non-expired).
   
2. If a user creates a 31st access token, the system will delete the first access token. Similarly, if the user creates a 21st refresh token, the system will delete the first refresh token.
   
3. You can only generate a maximum of five refresh tokens in a minute.
   
4. We have provided with a sample test OAuth in all the examples, so that you can test any example on your own. You can replace the sample OAuth Token with your actual token to test requests from your Zoho Recruit account

• Related Articles

• Generating Tokens

  OAuth 2.0 requests are usually authenticated with an access token, which is passed as bearer token. To use this access token, you need to construct a normal HTTP request and include it in an authorization header along with the value of bearer. Note:  ...

• Refreshing and deactivating the Sandbox

  When your Sandbox setup is not in sync with the Production setup, any "test" that you conduct in your Sandbox will not be relevant when deployed to production. What worked in Sandbox may go wrong in your production setup as both versions would not be ...

• Revoking Tokens

  If you want to revoke your refresh token: Make a POST request with the following URL ​ {Accounts_URL}/oauth/v2/token/revoke?token={refresh_token} Note: You must use your domain-specific Zoho Accounts URL to revoke your refresh token.

• How to view and access API features

  API provides access to different operations of campaign and list management. One of the most useful features is removing the need to log in every single time. Resellers can use Zoho Campaign's API to integrate our functionalities in their ...

• Access Devices

  Access devices from Zoho Assist website Go to www.assist.zoho.com. Log in to your account using Zoho Assist credentials. Navigate to Unattended Access. Click CONNECT beside the computer you want to connect to.