Using Authentication Token

Using Authentication Token

The Version 1.0 of Zoho CRM APIs are in the End-of-Life period and will be deprecated on Dec 31, 2018. We recommend you to check out the new and better API 2.0.

The Zoho CRM API is available in all editions of Zoho CRM. To use the API, you'll require the Zoho CRM Authentication Token from your CRM account. Please make sure that you have the permission to access the API service. If you do not have permission, please contact your CRM administrator.

Generate Auth Token

To generate the Auth Token, you need to send an authentication request to Zoho Accounts using the URL format below. Make sure that you are a confirmed user, else while generating the Auth Token the you might receive an error - "ACCOUNT_REGISTRATION_NOT_CONFIRMED".

URL Format

API Mode:

To generate Auth Token in API mode, do the following:

  1. Log in to Zoho CRM.
  2. Open https://accounts.zoho.com .
  3. In the Zoho Accounts Home page, click Two Factor Authentication.
  4. In the Two Factor Authentication page, click on the Manage Application Specific Passwords.
  5. In the Application Specific Passwords pop-up, do the following:
    1. Enter the Device or App Name
    2. Enter the current password
    3. Click Generate. You will receive the new application-specific password with spaces.
  6. Remove the spaces in password and include in the following API mode URL to generate the Auth Token.

https://accounts.zoho.com/apiauthtoken/nb/create?SCOPE=ZohoCRM/crmapi&EMAIL_ID=[Username/EmailID]&PASSWORD=[Password]&DISPLAY_NAME=[ApplicationName]

Note:

  • Use HTTP POST method to make the request.

Parameters to be passed along with this URL are:

Parameter Description
EMAIL_ID Specify your Zoho CRM Username or Email ID
scope Specify the value as ZohoCRM/crmapi
PASSWORD Specify your Zoho CRM Password
DISPLAY_NAME Specify the Application Name that describes the purpose of using this AuthToken. For example, "MailChimp" or "Google Apps"

For more information, please refer Two factor Authentication help  page.

Sample Response

#
#Wed Feb 29 03:07:33 PST 2012
AUTHTOKEN=bad18eba1ff45jk7858b8ae88a77fa30
RESULT=TRUE

Note:

  • The Auth Token can be used in all your API calls. You can also see the URL format under Setup > Developer Space > APIs.
  • You need to be logged into your CRM account to use the Browser Mode.

Example

Here's an example to fetch records:

https://crm.zoho.com/crm/private/xml/Leads/getRecords?authtoken=7d987658943g4j09h43dd0b167dda34b&scope=crmapi

Revoking Auth Tokens

You can delete the Auth Token generated for your account from the 'My Zoho Account' Page.

  1. Log in to Zoho CRM
  2. Open [Username] > My Account
  3. In your Accounts page, click Active Authtokens.
  4. In the Active Authtokens page, you can Remove(revoke) Auth Tokens.

Note:

  • For Security purposes, you would not be able to view the existing Auth Tokens. Please save the Auth Token as and when it is generated.
  • Removing an Auth Token will delete the token permanently.
  • If you regenerate Auth Token, update your program with the new token.

Points to Remember

  • The Auth Token is user-specific and is a permanent token.
  • On deletion, the existing token will be deleted permanently. The new token has to be replaced in all API calls.
  • The Auth Token of a user's account will become invalid if the user is deactivated.
  • We notify CRM users (Users who generated the Auth Token) if your organization exceeds the API limit.
  • In case, your application requires more than the upper limit, your additional API requests will not be processed. To avoid data transfer issues, please assess your API requirements well in advance. If you need any help, please contact our Support at support@zohocrm.com

    • Related Articles

    • Authentication - Serverless Functions

      Authentication Method A serverless function within your CRM can be invoked from any third-party application or within the CRM. However, commonly not all of the applications support a single authentication method. Keeping that in mind, we have two ...

    • Using Custom Buttons

      How Can I... Create Custom Button Define Button Action Edit Custom Button Delete Custom Button [Related Topics] Customization is the most powerful way to build a flexible CRM system. In Zoho CRM, you can customize modules, fields, pages, links, and a ...

    • Using Custom Buttons

      How Can I... Create Custom Button Define Button Action Edit Custom Button Sort Custom Buttons Delete Custom Button Customization is the most powerful way to build a flexible CRM system. In Zoho CRM, you can customize modules, fields, pages, links, ...

    • Using OAuth2 - Serverless Functions

      Introduction Functions can be made accessible through OAuth2 protocol. OAuth2 method allows you to share specific data with any application while keeping your usernames and passwords private, by having specific scopes which grant access to specfic ...

    • Using API Key - Serverless Functions

      Introduction A severless function within your CRM can be invoked from any third-party application or within the CRM using a webhook. However, generally most of the webhooks do not support OAuth2, save for a few of them. In that case, you can execute ...