Guides
Start typing to search…

Authorization

OAuth Authorization

OAuth 2.0 is an industry-standard authorization framework (defined in RFC 6749) that enables third-party applications to obtain limited access to a service on behalf of a user without exposing the user's credentials. Instead of sharing passwords, OAuth uses access tokens – short-lived, scoped credentials that grant specific permissions to resources. This approach provides several key benefits: enhanced security by eliminating the need to store or transmit user passwords, granular access control through scopes that limit what actions an application can perform, revocable access that allows users or administrators to terminate permissions at any time without changing passwords, and standardized integration patterns that simplify secure API consumption across platforms.

OAuth utilizes bearer tokens to securely transmit the access tokens for authorized users and applications to the resource servers. For additional details on bearer token usage, see RFC 6750.

OAuth Authorization Flows

  • Authorization Code Flow with PKCE
    To integrate an external web server/application with the ZoomInfo APIs, use the Authorization Code Flow with PKCE. This flow utilizes the authorization code grant type to route requests for many authorized users through a single application.
  • Client Credentials Flow
    For cases where a user context is not required, the Client Credentials Flow is useful. In this flow, the client application exchanges its client credentials with the authorization server directly (client_id and client_secret) in exchange for an access token. While this flow does eliminate the need for user intervention, you will need to specify an integration user to run the application
  • Refresh Token Flow
    Use this flow to refresh access tokens obtained using the Authorization Code Flow with PKCE. This flow allows clients to continually refresh authorized user's access tokens without requiring the user to re-enter credentials each time the access token needs to be refreshed.

Additional Authorization Guides

  • Generate Bearer Tokens in DevPortal
    Use this guide to learn how you can easily generate access tokens using the ZoomInfo DevPortal. This can be very useful for testing and exploring new APIs and integrations without having to build the entire OAuth flow in your application from the start
  • ZoomInfo OAuth 2.0 Scopes
    Use this page to see a full list of OAuth 2.0 scopes that can be used to integrate with the ZoomInfo API
  • Recipes
    Use the recipes to see code samples for each of the support OAuth 2.0 authorization flows supported by ZoomInfo's API

Updated 16 days ago

Privacy Policy Terms of Use Contact Us Do Not Sell or Share My Personal Information
© 2026 ZoomInfo Technologies LLC. All rights reserved.