To use the Official Account API, your application needs the granted access token from Zalo OA. After the first configuration, you can get the access token by authorization code by following our guidelines in this article.
In this way, the authorization code will be returned via the Callback URL, then you can use this code to request API for getting access token and refresh token.
Step 1: Activate your application on Zalo OA
![Zalo OA Tutorial 2025 - Creating Access Token 1 Zalo_access_token1](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token1.png)
- Go to Zalo for Developers site, click on your account and choose your application
- If your application is not available, click the blue plus icon “Thêm ứng dụng mới”
- Fill out the form for creating a new app as below (App Name, App Category, App Description must be between 20 and 500 characters)
- Then click on the Create App ID button
![Zalo OA Tutorial 2025 - Creating Access Token 2 Zalo_access_token2](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token2.png)
Once the app has been created, switch the toggle in the top right corner to activate your new application
![Zalo OA Tutorial 2025 - Creating Access Token 3 Zalo_access_token3](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token3.png)
Step 2: Create API access token request in Postman
- Create a new request in Postman
HTTP request
URL: https://oauth.zaloapp.com/v4/oa/access_token
Method: POST
Content Type: application/x-www-form-urlencoded
![Zalo OA Tutorial 2025 - Creating Access Token 4 Zalo_access_token4](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token4.png)
- In the Headers section, the value for secret_key is your Application Secret Key on Zalo.
![Zalo OA Tutorial 2025 - Creating Access Token 5 Zalo_access_token5](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token5.png)
![Zalo OA Tutorial 2025 - Creating Access Token 6 Zalo_access_token6](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token6.png)
- In Body Structure, fill out the following code for key
![Zalo OA Tutorial 2025 - Creating Access Token 7 Zalo_access_token7](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token7.png)
- app_id (your application ID on Zalo)
![Zalo OA Tutorial 2025 - Creating Access Token 8 Zalo_access_token8](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token8.png)
- grant _type = authorization_code
Step 3: Get authorization code of your application on Zalo
- To get the authorization code for code value in the API request, go to your Zalo OA General settings
![Zalo OA Tutorial 2025 - Creating Access Token 9 Zalo_access_token9](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token9.png)
- Copy and paste your app callback URL in the Official Account Callback URL, then click Update.
![Zalo OA Tutorial 2025 - Creating Access Token 10 Zalo_access_token10](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token10-1.png)
- Open the updated link and grant Zalo access permission to your application
![Zalo OA Tutorial 2025 - Creating Access Token 11 Zalo_access_token11](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token11.png)
![Zalo OA Tutorial 2025 - Creating Access Token 12 Zalo_access_token12](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token12.png)
- Copy the whole code appears and paste to Code Value in Postman.
![Zalo OA Tutorial 2025 - Creating Access Token 13 Zalo_access_token13](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token13.png)
Step 4: Send request and get your access token
After sending the request, the access token and refresh token will be returned as shown below.
![Zalo OA Tutorial 2025 - Creating Access Token 14 Zalo_access_token14](https://www.beehexa.com/wp-content/uploads/2021/12/Zalo_access_token14.png)
- Access token is used to call Official Account API with the validity period of 1 hour
- Each access token created has a corresponding refresh token, which allows you to recreate a new access token when the current one expires. A refresh token can be used only once with a validity period of 3 months.
I have shown you all steps to create an access token with Zalo OA using Postman. If you have any questions please leave a comment below or refer to our Devdocs.
For more detailed instructions, you can watch our tutorial video.