Step 4: Use access tokens in API requests

You've got the complete information for making a resource request to a Bigin API. The application you've registered is authenticated and you've generated an access token. The access token is associated with scopes and must be used to perform operations within the specified scope. As the obtained access token is expiring, you can use it only for an hour. However, you can generate new access tokens using refresh tokens without the user's consent.

With each API request, pass the access token as an authorization header.

Authorization: Zoho-oauthtoken <ACCESS_TOKEN>

For example, the syntax for an API request to retrieve the list of modules available in an organization is given below:

GET {api-domain}/bigin/v2/settings/modules

You can replace {api-domain} with the domain-specific URL based on the data center in which the Bigin account's resources are available.

For US, the {api-domain} is replaced with


Along with this, you need to send the short-lived and scope-specific access token in the authorization header to retrieve the list of modules from an organization.

Sample request

# In this sample request, using API domain for US location (.com)
curl "" \
-X GET \
-H "Authorization: Zoho-oauthtoken 1000.714468337c0xxxxxx.xxxxxab038"

What's next!

Step 5: Get new access token using refresh token ➔