ZohoAPI: machine to machine authentication
Using Zoho oAuth authentication for a silent service is something that took us some time to figure out, so here’s what did work for us:
Create a self-client in the developer console
The Zoho oAuth implementation doesnt provide a Client Credentials flow implementation, so the only other option is to get a refresh_token using the Authorization code flow, that’s valid forever ! (unless revoked)
In the Zoho developer console you can register your self client, you will need to set a fixed scope list comma seperated, set the token duration to 10 minutes, and provide a description to scope (takes anything).
After creating the client, you will be provided by an authorization_code, and in the client secret tab, you will find the client_id and client_secret that you will need to get the refresh_token by sending this request:
curl — location — request POST ‘https://accounts.zoho.com/oauth/v2/token?code=<authorization_code>&client_id=<client_id>&client_secret=<client_secret>&grant_type=authorization_code&redirect_uri=localhost:3000'