Kaizen #79 - OAuth2.0 - A Recap and FAQs
Hello everyone!
Welcome to another week of Kaizen!
Today, we will address a few frequently-asked questions about OAuth2.0 that include token generation, scopes, errors etc,.
If you have any other questions, let us know in the comment section. We will offer solutions and add them to this list.
Before we move on to common errors and their solutions, let us look at generating grant, access and refresh tokens for a client.
1. Creating a client
You must register your client on the API console to request access to users' resources. This client must handle authenticating itself to the authorization server and requesting an access token to access the users' resources.
Here is an example for creating a client for a server-based application.
2. Setting up an environment in Postman
- On the sidebar, click Environments > + icon.
- Enter a name for your environment.
- Create the following variables. We will fill in their values as we go along.
->client-id (obtained after registering the client)
->client-secret (obtained after registering the client)
->redirect-uri (given at the time of registering the client)
->accounts-url
->access-token
->refresh-token
->api-domain
->expiry-time - Select Save to save any environment variables you have added.
3. Generating the authorization code(grant token)
The authorization code flow is often used when the client is a web application running on a server. This flow uses a server-side redirect URI to receive the authorization code and adds a layer of security, rather than relying on a client-side redirect URI.
What do you need?
- client ID - obtained after registering the client.
- scopes - to get consent from the users to use their data. See the available scopes here.
- response_type - the value "code" as we are requesting for an authorization code.
- access_type - online or offline(to get a refresh token along with an access token, later).
What will you get?
- code - a one-time grant token that you will use to generate access and refresh tokens.
- accounts-server - the Zoho accounts URL that you will use to generate access and refresh tokens. This is the variable accounts-url in Postman.
- location - the API domain from which you must make API calls to access data. This is the variable api-domain in Postman.
Tip:
If you do not have an application, yet, but want to test this flow, copy-paste the following URL in your browser with valid values for the various parameters.
You will receive the grant token as a value to the key "code" in the redirect URL you specified while registering the client.
Here is a GIF of this process.
Self-client
Use this option if your application does not have a domain and a redirect URL.
You can also use this when your application is a standalone server-side application performing a back-end job like data sync.
4. Generating access and refresh tokens from the grant token
Access tokens allow the application to access user's data from the resource server. Each access token is valid for an hour, after which, you must use the refresh token to generate a new access token.
Note
Each access token is bound to the scope you specified while generating the grant token, i.e, if the scope while generating the grant token was ZohoCRM.modules.READ, you can only get data from all the modules but not update, create, or delete.
What do you need to generate access and refresh tokens?
- client_id - obtained while registering the client
- client_secret - obtained while registering the client
- redirect_uri - specified while registering the client
- code - the grant token you generated in the previous step
- grant_type - the value authorization_code
What will you get?
- access token - the token to access users' data. Valid for an hour.
- refresh token - the token to generate new access token for the same scope. Does not expire until it is revoked or till the 21st refresh token is created.
- scope - the scope for which these tokens are generated for.
- API domain - the domain to which you must make API calls to access data.
- expiry time in seconds and milliseconds - the time after which the access token expires in seconds and milliseconds. You can use this data to programmatically refresh the access token before it expires for continued access to data.
Here is how it works.
Tip:
When you use our API collection, the request to generate access and refresh tokens comes with a script that automatically updates the values of variables in your environment.
FAQs
1. Validity
- Grant token - Two minutes; one-time use only.
- Access token - One hour.
- Refresh token - does not expire until it is revoked or a 21st refresh token is created.
2. Token Limit
- Grant token - Ten grant tokens in a span of ten minutes.
- Access token - Ten access tokens in a span of ten minutes. When you generate the 11th token, the first-created one will be deleted, automatically.
- Refresh token - Ten refresh tokens in a span of ten minutes. You can have a maximum of 20 refresh tokens. When you create a 21st refresh token, the first-created one will be deleted.
The following are a few common errors you may face while generating tokens.
| Error | Cause | Solution |
invalid_oauth_token | The access token is either invalid or has expired. | Use the right access token or generate a new one from the refresh token. |
invalid_scope | The scope you have used is invalid. | Refer to Scopes for the list of available scopes. |
invalid_code | The authorization code(grant token) is invalid or has expired. | Grant token is valid only for two minutes. Use a grant token to generate access and refresh tokens within this time. Generate a new grant token if you face this error. |
invalid_redirect_uri | The redirect URI you have given in the API console is invalid. | Specify a valid redirect URI to be able to receive a grant token. |
invalid_client | Either the client ID or client secret is invalid. | Specify valid client ID and secret while making authorization calls. The API console has the client ID and secret. |
invalid_response_type | The value of the "response_type" key is invalid. | While generating access and refresh tokens from the grant token, the value of the "response_type" key must always be "code". |
Multi-DC
Zoho CRM is hosted at multiple data centers to comply with the privacy and data protection laws of various countries.
So, if your application is in the US DC but wants to use the data of users in the EU DC, you must enable multi-DC while registering your client.
The various domains and their respective accounts URLs are:
- US: https://accounts.zoho.com
- AU: https://accounts.zoho.com.au
- EU: https://accounts.zoho.eu
- IN: https://accounts.zoho.in
- CN: https://accounts.zoho.com.cn
- JP: https://accounts.zoho.jp
How do you ascertain the domain?
When you generate the grant token, the parameter location gives you the DC that the data is located in.
Similarly, when you generate the access and refresh tokens, the key api_domain gives you the domain-specific API URL.
For example, if you want to get the data of leads from EU, the API URL must be https://www.zohoapis.eu/crm/v4/Leads
We hope you found this post useful. We will meet you next week with another interesting topic.
Let us know your questions in the comment section or write to us at support@zohocrm.com.
Cheers!
Shylaja
Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Shylaja S
David
Claire
Anu Abraham
Sticky Posts
Kaizen #226: Using ZRC in Client Script
Hello everyone! Welcome to another week of Kaizen. In today's post, lets see what is ZRC (Zoho Request Client) and how we can use ZRC methods in Client Script to get inputs from a Salesperson and update the Lead status with a single button click. In thisKaizen #222 - Client Script Support for Notes Related List
Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore howKaizen #217 - Actions APIs : Tasks
Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.Kaizen #216 - Actions APIs : Email Notifications
Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes areKaizen #152 - Client Script Support for the new Canvas Record Forms
Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Creating a Chart from a Report
In Zoho Analytics, is it possible to create a chart from a Pivot View report? We are looking to use Zoho Analytics to replace Excel for Sales reports and would like to be able to show both the table and the chart together.Client Portal ZOHO ONE
Dear Zoho one is fantastic option for companies but it seems to me that it is still an aggregation of aps let me explain I have zoho books with client portal so client access their invoice then I have zoho project with client portal so they can access their project but not their invoice without another URL another LOGIN Are you planning in creating a beautiful UI portal for client so we can control access to client in one location to multiple aps at least unify project and invoice aps that wouldEmail Insights included in Bigin emals are marked as SPAM everywhere
Today I noticed that email recipients who use Office 365 never receive emails sent from Bigin. Further examination showed that all Email Insights links in email headers are marked as spam/phishing by Office 365. Example screen included. The problem isData Import | Zoho Analytics Custom Query Window Size
Please increase the window size for the Custom Query Data Import. It's impossible to work with such a small query window.Name changed in settings for mailbox but still not changed when typed in To field
In the email account secretary@ i have updaetd the new staff members details but the old members name still appears when I type secretary@ in the To field. I cant work out where Zoho is finding the old name from. I have deleted the browser cache. If ICannot add my name to my domain name
I want to have My name@mydomain.com and it says my name is linked to another account already. Please fix it since I do not have another account.Invoice status on write-off is "Paid" - how do I change this to "Written off"
HI guys, I want to write off a couple of outstanding invoices, but when I do this, the status of the invoices shows as "Paid". Clearly this is not the case and I need to be able to see that they are written off in the customer's history. Is there a wayEstablishing new Zoho email account on laptop
Good Morning: I am very long time Outlook business user and decided to try your email service last night and had established an account. I am trying to verify my account; how do I establish my Zoho email account on my laptop? I opened the account withunable to send message reason 550 5.4.6 unusual sending activity
My email account can't send message. It shows unable to send message reason 550 5.4.6 unusual sending activity detectedhow to add email to existing organization i w
I am already registered my organization and i have an email id. I need one more email id but i can't find anywhere .i want the cheapest email id . how to add ?e-mail bloqueado
Estou com meu e-mail lucas@peplus.me bloqueado, preciso desbloquear para retorno de usos em minhas atividades.zoho labels api not working
We're using n8n to automte email reply using zoho api. I'm facing issue with label api. I added the required scopes but its not working. i followed zoho api documentation but didn't work. also, where do i find/how do i create zoho oauth token mentioneeedDesk DMARC forwarding failure for some senders
I am not receiving important emails into Desk, because of DMARC errors. Here's what's happening: 1. email is sent from customer e.g. john@doe.com, to my email address, e.g info@acme.com 2. email is delivered successfully to info@acme.com (a shared inboxStreams/Shared email doesn't show up in windows trident app. It works fine on MAC. Is there any difference between 2 install ?
I can see streams/share email boxs on my MAC version of trident app but i can't see them in windows version of trident app. Is there any difference between 2 install? I try to find setting but not able to see any setting to add stream/share email boxes.add zoho account
How to add a zoho mail to previous zoho account? I have twoZoho Desk Mobile App Year-End Roundup - 2025
Dear Zoho Desk users, Greetings! As you gear up for the festive season, we are excited to share a quick journey into all that is released in 2025! Zia's generative AI capabilities Zia insights can be highly beneficial in helping agents manage daily supportNarrative 17: The role of Zia AI in customer support
Behind the scenes of a successful ticketing system: BTS Series Narrative 17: The role of Zia AI in customer support Overview Zia in Zoho Desk is a layered AI assistant that combines generative AI, prediction, and automation to support agents, automateDomain Transaction
I have purchased a domain name called trainedworkforce.co.in I made the payment got the receipt but the domain is still not purchased after successful transaction .Ability to Set a Unified Tab Order/View for All Users in Zoho Projects
Hello Zoho Projects Team, We hope you are doing well. We would like to submit a feature request regarding tab/menu organization in Zoho Projects. Current Behavior: The tab (module) order in Zoho Projects is user-specific. Each user (internal or external)Zohomail - The "All Messages" vs "In Box"
Why do some new email message appear under the all messages view but not in my inbox? That's really annoying but to be fair I've experienced the same with gmail.error while listing mails
I can't access email in any of my folders: Oops, an error occurred - retry produces the second error response: error while listing mails (cannot parse null string). I've signed in and out of Zoho, restarted my iMac.Introducing the Zoho Projects Learning Space
Every product has its learning curve, and sometimes having a guided path makes the learning experience smoother. With that goal, we introduce a dedicated learning space for Zoho Projects, a platform where you can explore lessons, learn at your own pace,Where to show Customization Field ?
Dear Sir, I have made some New Field in Item Field Customisation. Now I don't require that field in Estimate, Sales Orders etc. I just wants that field in Sales Invoice to Show/Hide... Is that possible ?Zoho Desk 2025 round-up: Key highlights on feature releases
Hello everyone, As we gear up for 2026, here is a detailed round-up of all feature releases in Zoho Desk web throughout the year. For consolidated information on releases check out the What’s New page You can also watch these webinars. Zia in web ZiaPrint Sales Orders, Purchase Orders or Invoices from API
Hello, Is it possible to use the print option that is available in Sales Orders Purchase Orders and Invoices with the API?. I don't see any information in the docs about this. ThanksHow to show a hided report??
in CRM Report , I clicked Hide incidently , how to show the floder again? Nowhere I can find the hided report floder...Converting Customer Invoice to Purchase Bill
Hi, In my service-based business, I sometimes create the customer invoice first, and later I receive the purchase bill from the vendor for the same job. Is there any option in Zoho Books to: Convert a customer invoice into a purchase bill, or Link/associateEmail tracking inquiry
I am trying to track when my emails are opened and clicked like I previously did in HubSpot. HubSpot pretty much did the entire process automatically. After digging through, I finally found in settings --> emails --> BCC Dropbox there is an email I canMass Update of Lookup Fields not possible
Hello List I've created a custom field for Leads and Contacts 'Current Campaign'. This is very Handy as I can filter leads and then related them to a campaign. Everything ready, but then I realized that mass update doesn't work for lookup fields... aCollapsible Sections & Section Navigation Needed
The flexibility of Zoho CRM has expanded greatly in the last few years, to the point that a leads module is now permissible to contain up to 350 fields. We don't use that many, but we are using 168 fields which are broken apart into 18 different sections.Quick Create needs Client Script support
As per the title. We need client scripts to apply at a Quick Create level. We enforce logic on the form to ensure data quality, automate field values, etc. However, all this is lost when a user attempts a "Quick Create". It is disappointing because, fromDownload Attached Files
Hi everyone, Brand new to Zoho Creator. I have a form with a subform. The subform has a field for "File Upload" I have this in a subform to allow multiple files to be uploaded to the parent form. Once the files are uploaded, how can i download or view them? Is this a setting I am just not seeing? If there isn't a way to download them, could i create another form field that dynamically creates the file's URL? That way a user can click the URL to get to the file? Any help with this would be greatlyTicket layout based on field or contact
Hi! I want to support the following use-case: we are delivering custom IT solutions to different accounts we have, thus our ticket layouts, fields and languages (priority, status field values should be Hungarian) will be different. How should I setupNo funcionan correctamente el calculo de las horas laborales para informe de tickets
Hola, estoy intentando sacar estadísticas de tiempo de primera respuesta y resolución en horario laboral de mis tickets, pero el calculo de horas en horario laboral no funciona correctamente cree los horarios con los feriados : Ajusté los acuerdos deZoho Mail Android app update: Set out of office response exclusively for organization members and external users, response interval
Hello everyone! We have now introduced an option to configure out of office messages exclusively for organization members and external users within the Zoho Mail app. Additionally, now you can also customize response intervals for the Out of office messages.Feature Request: Detailed View - Related Block Links!
Desperately need a view record link option on records displaying in the related blocks on a Detail View. For the love of god, please add this feature. Thank you!Sub-Form Padding in CSV Export
Hi, When you use the Sub-Form, and for example you have a Date Field on the Main Page, then Option 1 and Option 2 fields on the Subform, when you export this to CSV the Date column will only have the Date in 1 row, the first row, it would be nice to padDependent / Dynamic DropDown in ZohoSheets
Has anyone figured out a way to create a Dropdown, the values of which is dependent on Values entered in the other cell ?How do I change the order of fields in the new Task screen?
I have gone into the Task module layout, and moving the fields around does not seem to move them in the Create Task screen. Screenshot below. I have a field (Description) that we want to use frequently, but it is inconveniently placed within the MoreZoho → ShipStation Integration – Sales Order–Driven Fulfilment Workflow
Hello All, I’m reaching out to explore the best way to integrate a shipping tool into our inventory which will speed our process up. We are looking to integrate ShipStation into our existing order-to-fulfilment workflow, as we’re keen to standardise onNext Page