Refreshing Access Tokens

Access tokens expire an hour after they are generated. To generate a new access token, use the refresh token you generated earlier.

Note: 

You must use your domain-specific Zoho Accounts URL to refresh your access token.

For US: https://accounts.zoho.com/

For EU: https://accounts.zoho.eu/

For CN: https://accounts.zoho.com.cn/

For IN: https://accounts.zoho.in/

For AU: https://accounts.zoho.com.au/

Make a POST request with the following URL.

{Accounts_URL}/oauth/v2/token?refresh_token={refresh_token}&client_id={client_id}&client_secret={client_secret}&grant_type=refresh_token

If the request is successful, you will receive the following output:

{

"access_token": "{new_access_token}",

"expires_in": 3600,

"api_domain": "https://www.zohoapis.com/",

"token_type": "Bearer"

}

Notes:

1. A user in an organization can have a maximum of 20 refresh tokens and each refresh token can have a maximum of 30 active access tokens (non-expired).
   
2. If a user creates a 31st access token, the system will delete the first access token. Similarly, if the user creates a 21st refresh token, the system will delete the first refresh token.
   
3. You can only generate a maximum of five refresh tokens in a minute.
   
4. We have provided with a sample test OAuth in all the examples, so that you can test any example on your own. You can replace the sample OAuth Token with your actual token to test requests from your Zoho Recruit account

• Related Articles

• Generating Tokens

  OAuth 2.0 requests are usually authenticated with an access token, which is passed as bearer token. To use this access token, you need to construct a normal HTTP request and include it in an authorization header along with the value of bearer. Note:  ...

• Refreshing and deactivating the Sandbox

  When your Sandbox setup is not in sync with the Production setup, any "test" that you conduct in your Sandbox will not be relevant when deployed to production. What worked in Sandbox may go wrong in your production setup as both versions would not be ...

• Initialization - Java SDK

  Now the app is ready to be initialized after defining OAuth configuration file and OAuth persistence handler class for your app. Generating grant tokens For a Single User The developer console has an option to generate grant token for a user ...

• Revoking Tokens

  If you want to revoke your refresh token: Make a POST request with the following URL ​ {Accounts_URL}/oauth/v2/token/revoke?token={refresh_token} Note: You must use your domain-specific Zoho Accounts URL to revoke your refresh token.

• Initialization - Python SDK

  Now the app is ready to be initialized after defining configuration file/dictionary for your app. Generating grant and refresh tokens For a Single User(self-authorized) For self client apps, the self authorized grant token should be generated from ...