Why does it want to sign in at the User Authorization Request?

Hi.

Why does it want to sign in at the User Authorization Request?
I read it; (https://sheet.zoho.com/help/api/v2/#authorization)

Note: I know for a fact the URL is working. If I copy and paste it in the browser, everything is fine.

I'm trying this on my server (php-curl):

  <?php 
  $uri
   = 
  'http://xxx.com/zoho_return.php'
  ;
  

 

  $scope
   = 
  'ZohoSheet.dataAPI.UPDATE,ZohoSheet.dataAPI.READ'
  ;
  

 

  $clientid
   = 
  '1000.XXXXXXXXXXXXXXX'
  ;
  

 

  $zoho_client_secret
   = 
  'XXXXXXXXXXXXXXXXXXXXX'
  ;
  

 

  $accestype
   = 
  'online'
  ;
  

 

  $ch
   = 
  curl_init
  ();
  

 

  $url
   = 
  'https://accounts.zoho.com/oauth/v2/auth?scope='
   . 
   $scope
   . 
  '&client_id='
   . 
  $clientid
   . 
  '&response_type=code&access_type='
   . 
   $accestype
   . 
  '&redirect_uri='
   . 
  $uri
   . 
  ''
  ;
  

 

  $ch
   = 
  curl_init
  (
  $url
  );
  

 

  curl_setopt
  (
  $ch
  , CURLOPT_HEADER, 
  true
  );
  

 

  curl_setopt
  (
  $ch
  , CURLOPT_USERAGENT,
  'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13'
  );
  

 

  curl_setopt
  (
  $ch
  , CURLOPT_RETURNTRANSFER, 
  true
  );
  

 

  curl_setopt
  (
  $ch
  , CURLOPT_BINARYTRANSFER, 
  true
  );
  

 

  curl_setopt
  (
  $ch
  , CURLOPT_SSL_VERIFYPEER, 
  false
  );
  

 

  curl_setopt
  (
  $ch
  , CURLOPT_FOLLOWLOCATION, 
  true
  );
  

 

  curl_setopt
  (
  $ch
  , CURLOPT_CONNECTTIMEOUT ,
  0
  );
  

 

  curl_setopt
  (
  $ch
  , CURLOPT_TIMEOUT, 
  0
  );
  

 

  $html
   = 
  curl_exec
  (
  $ch
  );
  

 

  $redirectURL
   = 
  curl_getinfo
  (
  $ch
  ,CURLINFO_EFFECTIVE_URL );
  

 

  curl_close
  (
  $ch
  );
  

 

  echo
   
  'redirectURL: '
  .
  $redirectURL
  .
  '<br><br>'
  ;
  

 

  echo
   
  'header: '
  .
  $html
  ;
  

 

Response on chrome:

redirectURL: https://accounts.zoho.com/oauth/v2/auth?scope=ZohoSheet.dataAPI.UPDATE,ZohoSheet.dataAPI.READ&client_id=1000.XXXXXXXXXXXXXXX&response_type=code&access_type=online&redirect_uri=http://xxx.com/zoho_return.php
header: HTTP/1.1 302 Found Server: ZGS Date: Fri, 26 Oct 2018 22:48:43 GMT Content-Length: 0 Connection: keep-alive Set-Cookie: a8c61fa0dc=8db261d30d9c85a68e92e4f91ec8079a; Path=/; Secure; HttpOnly X-Content-Type-Options: nosniff X-XSS-Protection: 1 Set-Cookie: iamcsr=108a1f8a-29cf-4408-bbaf-113f8c42a3d7;path=/;Secure;priority=high Pragma: no-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Frame-Options: SAMEORIGIN Location: https://accounts.zoho.com/signin?servicename=AaaServer&serviceurl=%2Foauth%2Fv2%2Fauth%3Fscope%3DZohoSheet.dataAPI.UPDATE%252CZohoSheet.dataAPI.READ%26client_id%1000.XXXXXXXXXXXXXXX%26response_type%3Dcode%26access_type%3Donline%26redirect_uri%3Dhttp%253A%252F%252Fxxx.com%252Fzoho_return.php Strict-Transport-Security: max-age=15768000

why your api system so hard and your api-documents don't descriptive ?
It's not useful like facebook,twitter,google...

How do I get this token on my server side?
please give me code example(php curl or js)