https://www.zoho.com/crm/help/developer/api/access-refresh.html

This page suggests that to get a token you need to submit a json body in the POST. This returns an invalid client error. 

https://www.zoho.com/crm/help/api/v2/#generate-access

This page says you should submit request in the url of the POST. This is successful.

Is there a security issue with submitting in the url? If not, is it possible to update the documenation in the first link?