How to Generate Zoho CRM OAuth 2.0 Credentials: Refresh Token Tutorial (2025)

If you're integrating WordPress (or any app) with Zoho CRM – like with my Zoho CRM Lead Mapping Pro plugin – you need secure OAuth credentials: Client ID, Client Secret, and a long-lived Refresh Token.

Zoho uses OAuth 2.0 for safe access without sharing passwords. The refresh token lets your app auto-renew short-lived access tokens.

This step-by-step guide covers the easiest methods for most users. We'll focus on Self Client (simplest, no redirect needed) and Server-based Application (more flexible).

(Zoho API Console Dashboard – your starting point)

Step 1: Log In to Zoho API Console

1. Go to: https://api-console.zoho.com
2. Sign in with your Zoho account (the one linked to your CRM organization).

You'll see the dashboard with options for client types.

Method 1: Self Client (Easiest & Recommended for Personal/Plugin Use)

Self Client is perfect for backend integrations (like WordPress plugins) where you own the Zoho account. No redirect URI needed – generate tokens directly.

1. In the API Console, choose Self Client → Create Now (or Add Client if you have existing ones).

(Self Client creation form – simple and quick)

1. Enter a Client Name (e.g., "WordPress Lead Plugin").

2. Select scopes:
   
   ZohoCRM.modules.ALL,ZohoCRM.users.READ,ZohoCRM.settings.ALL,ZohoCRM.org.READ
   
   (Copy-paste this – it covers leads, products, attachments, notes).

3. Click Create.

4. On the next screen, click Generate Code (or similar button).

5. Choose scope again if prompted (same as above).

6. Select token duration (default 1 hour is fine – we'll get refresh token).

7. Click Create → An Authorization Code (grant token) appears. Copy it immediately!

8. Now exchange the code for tokens:
   
   Use this URL (replace placeholders):
   

   https://accounts.zoho.com/oauth/v2/token
   ?code=YOUR_AUTHORIZATION_CODE
   &client_id=YOUR_CLIENT_ID
   &client_secret=YOUR_CLIENT_SECRET
   &grant_type=authorization_code
   &redirect_uri=  (leave blank or use dummy)

• For EU: Use https://accounts.zoho.eu/...
• For IN: https://accounts.zoho.in/...

Paste in browser or use Postman/curl. Response includes:

• access_token (short-lived)
• refresh_token (long-lived – this is what you need!)

Example response:
{
"access_token": "1000.12345678190123456789123456789",
"refresh_token": "1000.12345678901234567890123456789",
"scope": "ZohoCRM.modules.ALL ZohoCRM.modules.attachments.ALL",
"api_domain": "https://www.zohoapis.com",
"token_type": "Bearer",
"expires_in": 3600
}

Method 2: Server-based Application (For Production/Multi-User Apps)

Use this if you need a redirect flow or multi-org support.

1. In API Console, choose Server-based Applications → Create Now.

(Server-based app registration form)

1. Fill:

   • Client Name
   • Homepage URL (your site)
   • Authorized Redirect URI (e.g., https://your-site.com/oauth-callback – can be dummy like https://localhost)

2. Click Create → Get Client ID and Client Secret.

3. Generate authorization URL:
   

   https://accounts.zoho.com/oauth/v2/auth
   ?scope=ZohoCRM.modules.ALL,ZohoCRM.users.READ,ZohoCRM.settings.ALL,ZohoCRM.org.READ
   &client_id=YOUR_CLIENT_ID
   &response_type=code
   &redirect_uri=YOUR_REDIRECT_URI
   &access_type=offline  (important for refresh token!)

1. Open in browser, log in, approve → Redirected with ?code=XXXX in URL.

2. Exchange code for tokens (same POST as above, add redirect_uri parameter).

You'll get the refresh_token.

Important Tips

• Data Center Matters: Use correct domain (US: .com, EU: .eu, IN: .in) for accounts and api.zoho...
• Scopes: Use the exact scopes above for full lead/product/file functionality.
• Security: Never expose Client Secret or Refresh Token publicly.
• Multi-DC: Enable in console settings if using multiple regions.
• Testing: Refresh token works forever until revoked.

Final Thoughts

Generating Zoho OAuth credentials is straightforward once you know the steps – Self Client is quickest for most plugin users.

I built the Zoho CRM Lead Mapping Pro plugin to make this integration seamless for WordPress sites. Hope this guide helps you get connected quickly!

If you run into issues, need help with setup, or want custom features/consultation, feel free to email me:

sonde@toolrackly.site or sondeomotayo7@gmail.com

Happy integrating! 🚀