Welcome to Portal
Redirect
URI is the callback URL of your application to which the user will be
redirected upon successful authorization. The server returns a code
parameter as a query string in the redirect URL. This code is used to
obtain access and refresh tokens.
Example
https://www.zylker.com.
The credentials Client ID and Client Secret are permanent. If it expires or the user fails to make a note, they can recreate it using Register your application in OAuth 2.0 authentication procedure.
The URL to generate tokens (access and refresh) should not be entered directly in the browser since it is not a GET request but POST. It should either be managed via code or using tools like Postman.
Scope for each API is mentioned in their respective modules. The scope is mandatory to access an API.
Syntax
ZohoProjects.<module>.<operation>
Example
ZohoProjects.portals.READ.
A user can have a maximum of twenty refresh tokens. An error (Access Denied) is displayed when you exceed this limit. It is a best practice to revoke the old token before generating a new one.
Each refresh token can have a maximum of thirty active access tokens. When you cross this maximum number, the first access token will be deleted irrespective of whether it is active or not.
A user can generate four authorization codes per minute for a Client ID. After this, the access is temporarily blocked for the next ten minutes.
This occurs when access token expires. If the access_type is offline, both access and refresh token is generated whereas for online access type only access token is generated. In both the cases, the access token is valid only for an hour.
This occurs when the authorization code expires. The authorization code is valid only for 2 mins. However, you can recreate the code using User authorization request in OAuth 2.0 authentication procedure, if required.
Subscribe to receive notifications from this article.