How to get an Zoho API Key to use with Postman

Aug 24, 2021 8:50:32 PM / by Vu Long Tran

This is a guide on how to get an Zoho API Key to use with Postman. 

To use the Zoho APIs, the users must authenticate the application to make API calls with an access token.

The access token, in return, must be obtained from a grant token (authorization code). 

So I will show you how you can:

  1. Creating a new client in Zoho API Console
  2. Retrieving your Zoho Access Token
  3. Make Zoho CRM API call with your Zoho Access Token

Creating a new client in Zoho API Console

Go to Zoho - API Console at https://api-console.zoho.com/



Click "Add client".


Review the client types and choose that applicable client type for what you need the API for. I will use the "Self Client".


Select "Self Client".


In the "Create New Client" section, click Create


Confirm that you want to enable self-client, click OK


Take note of the Client Secret details, as you will need that to use in Postman. 


Use Postman to retrieve your Zoho Access Token

Download and install Postman if you have not already.

In Postman, we will download the following file:

We will add this to the following environment variables with their corresponding values:

  • client-id: The consumer key generated from the connected app. You get this value when you register your application.
  • client-secret: The consumer secret generated from the connected app. You get this value when you register your application.
  • redirect-uri: A valid URL of your application to which Zoho Accounts redirects you with a grant token(code) after successful authentication.
  • authorization-code: The grant token.
  • access-token: The access token to access Zoho CRM APIs. The system automatically adds the value to this variable once the access token is generated.
  • refresh-token: The refresh token to obtain new access tokens. The system automatically adds the value to this variable once the refresh token is generated.
  • accounts-url: The domain-specific Zoho Accounts URL.
  • api-domain: The domain name used to make API calls to Zoho CRM.
  • expiry-time: Time in seconds after which the access token expires. The system automatically adds the value to this variable.

Sample values would look like the following:

  • client-id: 1000.B0ZHPCUQ28WYA9LTXX524I096XQ49C
  • client-secret: 574389e6fadef67301a1d1995465d06719f8851e1b
  • redirect-uri: https://www.zoho.com/in/crm
  • authorization-code: We will generate this in our next step. 
  • access-token: Leave blank*
  • refresh-token: Leave blank*
  • accounts-url: https://accounts.zoho.com
  • api-domain: https://www.zohoapis.com
  • expiry-time: Leave blank*

*Leave blank, as it will be generated later when we run an API call for our access token.

Generate authorization-code in Zoho API Console

In Zoho API Console, generate an authorization-code by going to our Self Client.

Click on "Self Client".


Fill in the "Generate Code" tab and click Create.


  • Scope*: ZohoCRM.modules.ALL, ZohoCRM.org.ALL, ZohoCRM.users.ALL
  • Time duration: 10 minutes
  • Scope description: Anything you would like here. e.g. "Org, Users, Modules"

*Additional scopes you can use in the future here - Zoho Available Scopes. 

Select your portal from the "Select Portal" menu.


Select the org, in my example, this is Production> Vu. 


Once you select your org, it will give you a green tick. 


You will now have a code generated in the "Generated Code" pop up window. It will look something like one of the examples below (depending on your scope).

Click Copy or Download.  



Copy and download the authorization-code from Zoho API Console. In my example it is the following:


We will then select one of the "Generate Access Token and Refresh Token" API.


With "Generate Access Token and Refresh Token" API open, populate the following with the generated code.

  • code: 1000.9c80875fefb31993a8e27216e26ff5ae.d128b593348bcc15b303f1774672171a


Specifically, we will add it to the "code" spot.


Once tested, you should get something like this:



If you check your Postman environment, you will now see the access token and refresh token autopopulated there. The system automatically adds values for access-token, refresh-token, and expires-in variables.


You're all set now! You can now testing the Zoho CRM API calls.

Make Zoho CRM API call with your Zoho Access Token

You can now start making Zoho CRM API calls. Here are some examples. 

Using the GET Users from the Zoho CRM Users APIs, we can get these details. 



More details on this GET Users API - https://www.zoho.com/crm/developer/docs/api/v2/get-users.html 



If we ran the following in our Terminal (using the Access Token generated from earlier) then we could also see something similar as well. 


curl "https://www.zohoapis.com/crm/v2/org" -X GET -H "Authorization: Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"



More details on this GET Organisations API - https://www.zoho.com/crm/developer/docs/api/v2/get-org-data.html 

Now you can start testing other Zoho CRM APIs. Have fun! 


Topics: apis

Vu Long Tran

Written by Vu Long Tran

Solutions Engineer APAC. ex-@Forrester consultant. Writing on #cloud #howto guides and #tech tinkering!