Update Share Permissions
Purpose
Using this API, you can:
Update the sharing permissions of a record granted to users as Read-Write, Read-only, or grant full access.
Revoke access given to users to a shared record.
Update the access permission to the related lists of the record that was shared with the user.
Request Details
Request URL
{api-domain}/crm/{version}/{module_api_name}/{record_id}/actions/share
Supported modules
Leads, Accounts, Contacts, Deals, Campaigns, Cases, Solutions, Products, Vendors, Price Books, Quotes, Sales Orders, Purchase Orders, Invoices, and Custom.
Header
Authorization: Zoho-oauthtoken d92d4xxxxxxxxxxxxx15f52
Scope
scope=ZohoCRM.share.{module_name}.{operation_type}
Possible module names
leads, accounts, contacts, deals, campaigns, cases, solutions, products, vendors, pricebooks, quotes, salesorders, purchaseorders, invoices, and custom.
Possible operation types
ALL - Full access to the record
UPDATE - Update the sharing permission
Note
The system automatically revokes access to the record for the users who are not mentioned in the JSON request body. Therefore, give the ID of all the users with whom the record was shared, unless you want to revoke share permissions for them.
Sample Request
Copiedcurl "https://www.zohoapis.com/crm/v2.1/Contacts/4150868000001148347/actions/share"
-X PUT
-H "Authorization: Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
-d "@input.json"3.0.08.0
CopiedString moduleAPIName = "Leads";
Long recordId = 3477061000005177002L;
//Get instance of ShareRecordsOperations Class that takes recordId and moduleAPIName as parameter
ShareRecordsOperations shareRecordsOperations = new ShareRecordsOperations(recordId, moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
BodyWrapper request = new BodyWrapper();
//List of ShareRecord instances
List < ShareRecord > shareList = new ArrayList < ShareRecord > ();
//Get instance of ShareRecord Class
ShareRecord share1 = new ShareRecord();
share1.setShareRelatedRecords(true);
share1.setPermission("full_access");
User user = new User();
user.setId(3477061000005791024 L);
share1.setUser(user);
shareList.add(share1);
request.setShare(shareList);
//Call updateSharePermissions method that takes BodyWrapper instance as parameter
APIResponse < ActionHandler > response = shareRecordsOperations.updateSharePermissions(request);Copiedpackage com.zoho.crm.api.sample.restapi.sharerecords;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpEntityEnclosingRequestBase;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
import org.json.JSONArray;
import org.json.JSONObject;
public class UpdateSharePermissions
{
@SuppressWarnings("deprecation")
public static void main(String[] args)
{
try
{
HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
SSLContext sslContext = SSLContext.getDefault();
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
CloseableHttpClient httpclient = httpClientBuilder.setSSLSocketFactory(sslConnectionSocketFactory).build();
URIBuilder uriBuilder = new URIBuilder("https://www.zohoapis.com/crm/v2.1/Leads/34770617753001/actions/share");
HttpUriRequest requestObj = new HttpPut(uriBuilder.build());
HttpEntityEnclosingRequestBase requestBase = (HttpEntityEnclosingRequestBase) requestObj;
JSONObject requestBody = new JSONObject();
JSONArray recordArray = new JSONArray();
JSONObject recordObject = new JSONObject();
recordObject.put("share_related_records", true);
recordObject.put("permission", "read_only");
JSONObject user = new JSONObject();
user.put("id", "34770615791024");
recordObject.put("user", user);
recordArray.put(recordObject);
recordObject = new JSONObject();
recordObject.put("share_related_records", true);
recordObject.put("permission", "full_access");
user = new JSONObject();
user.put("id", "34770615791024");
recordObject.put("user", user);
recordArray.put(recordObject);
requestBody.put("share", recordArray);
requestBase.setEntity(new StringEntity(requestBody.toString(), HTTP.UTF_8));
requestObj.addHeader("Authorization", "Zoho-oauthtoken 1000.xxxxxxx.xxxxxxx");
HttpResponse response = httpclient.execute(requestObj);
HttpEntity responseEntity = response.getEntity();
System.out.println("HTTP Status Code : " + response.getStatusLine().getStatusCode());
if(responseEntity != null)
{
Object responseObject = EntityUtils.toString(responseEntity);
String responseString = responseObject.toString();
System.out.println(responseString);
}
}
catch(Exception ex)
{
ex.printStackTrace();
}
}
}4.0.04.x
Copied//Get instance of ShareRecordsOperations Class that takes moduleAPIName and recordId as parameter
$shareRecordsOperations = new ShareRecordsOperations($recordId, $moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
$request = new BodyWrapper();
//List of ShareRecord instances
$shareList = array();
//Get instance of ShareRecord Class
$share1 = new ShareRecord();
$share1->setShareRelatedRecords(true);
$share1->setPermission("full_access");
$user = new User();
$user->setId("34770615791024");
$share1->setUser($user);
array_push($shareList, $share1);
$request->setShare($shareList);
//Call updateSharePermissions method that takes BodyWrapper instance as parameter
$response = $shareRecordsOperations->updateSharePermissions($request);Copied<?php
class UpdateSharePermissions
{
public function execute(){
$curl_pointer = curl_init();
$curl_options = array();
$url = "https://www.zohoapis.com/crm/v2.1/Leads/3477061000007753001/actions/share";
$curl_options[CURLOPT_URL] =$url;
$curl_options[CURLOPT_RETURNTRANSFER] = true;
$curl_options[CURLOPT_HEADER] = 1;
$curl_options[CURLOPT_CUSTOMREQUEST] = "PUT";
$requestBody = array();
$recordArray = array();
$recordObject = array();
$user = array();
$user["id"]= "3477061000005791024";
$recordObject["share_related_records"]=true;
$recordObject["permission"]="full_access";
$recordObject["user"]= $user;
$recordArray[] = $recordObject;
$requestBody["share"] =$recordArray;
$curl_options[CURLOPT_POSTFIELDS]= json_encode($requestBody);
$headersArray = array();
$headersArray[] = "Authorization". ":" . "Zoho-oauthtoken " . "1000.30f3a589XXXXXXXXXXXXXXXXXXX4077.dc5XXXXXXXXXXXXXXXXXXXee9e7c171c";
$curl_options[CURLOPT_HTTPHEADER]=$headersArray;
curl_setopt_array($curl_pointer, $curl_options);
$result = curl_exec($curl_pointer);
$responseInfo = curl_getinfo($curl_pointer);
curl_close($curl_pointer);
list ($headers, $content) = explode("\r\n\r\n", $result, 2);
if(strpos($headers," 100 Continue")!==false){
list( $headers, $content) = explode( "\r\n\r\n", $content , 2);
}
$headerArray = (explode("\r\n", $headers, 50));
$headerMap = array();
foreach ($headerArray as $key) {
if (strpos($key, ":") != false) {
$firstHalf = substr($key, 0, strpos($key, ":"));
$secondHalf = substr($key, strpos($key, ":") + 1);
$headerMap[$firstHalf] = trim($secondHalf);
}
}
$jsonResponse = json_decode($content, true);
if ($jsonResponse == null && $responseInfo['http_code'] != 204) {
list ($headers, $content) = explode("\r\n\r\n", $content, 2);
$jsonResponse = json_decode($content, true);
}
var_dump($headerMap);
var_dump($jsonResponse);
var_dump($responseInfo['http_code']);
}
}
(new UpdateSharePermissions())->execute();3.0.08.x
Copied//Get instance of ShareRecordsOperations Class that takes recordId and moduleAPIName as parameter
ShareRecordsOperations shareRecordsOperations = new ShareRecordsOperations(recordId, moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
BodyWrapper request = new BodyWrapper();
//List of ShareRecord instances
List<ShareRecord> shareList = new List<ShareRecord>();
//Get instance of ShareRecord Class
ShareRecord share1 = new ShareRecord();
share1.ShareRelatedRecords = true;
share1.Permission = "full_access";
User user = new User();
user.Id = 34770615791024;
share1.User = user;
shareList.Add(share1);
request.Share = shareList;
//Call UpdateSharePermissions method that takes BodyWrapper instance as parameter
APIResponse<ActionHandler> response = shareRecordsOperations.UpdateSharePermissions(request);Copiedusing System;
using System.IO;
using System.Net;
using System.Text;
using Newtonsoft.Json.Linq;
namespace Com.Zoho.Crm.API.Sample.RestAPI.ShareRecords
{
public class UpdateSharePermissions
{
public static void UpdateShare()
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://www.zohoapis.com/crm/v2.1/Leads/3477067753001/actions/share");
request.Method = "PUT";
request.Headers["Authorization"] = "Zoho-oauthtoken 1000.abfeXXXXXXXXXXX2asw.XXXXXXXXXXXXXXXXXXsdc2";
JObject requestBody = new JObject();
JArray recordArray = new JArray();
JObject recordObject = new JObject();
recordObject.Add("share_related_records", true);
recordObject.Add("permission", "read_only");
JObject user = new JObject();
user.Add("id", "3477065791024");
recordObject.Add("user", user);
recordArray.Add(recordObject);
recordObject = new JObject();
recordObject.Add("share_related_records", true);
recordObject.Add("permission", "full_access");
user = new JObject();
user.Add("id", "347706105791024");
recordObject.Add("user", user);
recordArray.Add(recordObject);
requestBody.Add("share", recordArray);
string dataString = requestBody.ToString();
var data = Encoding.UTF8.GetBytes(dataString);
int dataLength = data.Length;
request.ContentLength = dataLength;
using (var writer = request.GetRequestStream())
{
writer.Write(data, 0, dataLength);
}
request.KeepAlive = true;
HttpWebResponse response;
try
{
response = (HttpWebResponse)request.GetResponse();
}
catch (WebException e)
{
if (e.Response == null) { throw; }
response = (HttpWebResponse)e.Response;
}
HttpWebResponse responseEntity = response;
Console.WriteLine("HTTP Status Code : " + (int)response.StatusCode);
string responsestring = new StreamReader(responseEntity.GetResponseStream()).ReadToEnd();
responseEntity.Close();
Console.WriteLine(responsestring);
}
}
}3.0.03.x.x
Copied# Get instance of ShareRecordsOperations Class that takes module_api_name and record_id as parameter
shared_records_operations = ShareRecordsOperations(record_id, module_api_name)
# Get instance of BodyWrapper Class that will contain the request body
request = BodyWrapper()
# List to hold ShareRecord instances
share_record_list = []
# Get instance of ShareRecord Class
share_record = ZCRMShareRecord()
# Set boolean value to share related records
share_record.set_share_related_records(True)
# Set the permission. Possible values - full_access, read_only, read_write
share_record.set_permission('full_access')
# Get instance of User Class
user = User()
# Set User ID
user.set_id(3409643000000302031)
# Set the User instance to user
share_record.set_user(user)
# Add the instance to list
share_record_list.append(share_record)
# Set the list to share of BodyWrapper instance
request.set_share(share_record_list)
# Call update_share_permissions method that takes BodyWrapper instance as parameter
response = shared_records_operations.update_share_permissions(request)Copieddef update_share_permissions():
import requests
import json
url = 'https://www.zohoapis.com/crm/v2.1/Contacts/3409643000002277005/actions/share'
headers = {
'Authorization': 'Zoho-oauthtoken 1000.04be928e4a96XXXXXXXXXXXXX68.0b9eXXXXXXXXXXXX60396e268',
}
request_body = dict()
record_list = list()
record_object = {
'share_related_records': 'true',
'permission': 'read_write',
'user': {
'id': '3409643000000174021'
}
}
record_list.append(record_object)
request_body['share'] = record_list
response = requests.put(url=url, headers=headers, data=json.dumps(request_body).encode('utf-8'))
if response is not None:
print("HTTP Status Code : " + str(response.status_code))
print(response.json())
update_share_permissions()1.0.010.x
Copied//Get instance of ShareRecordsOperations Class that takes moduleAPIName and recordId as parameter
let sharedRecordsOperations = new ShareRecordsOperations(recordId, moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
let request = new BodyWrapper();
//Array to hold ShareRecord instances
let shareRecordArray = [];
//Get instance of ShareRecord
let shareRecord = new ShareRecord();
//Set the permission
shareRecord.setPermission("full_access");
//Set the boolean value to share related records
shareRecord.setShareRelatedRecords(true);
//Get instance of User Class
let user = new User();
//Set ID to the User
user.setId(3409643000000302031n);
//Set user instance to user in ShareRecord instance
shareRecord.setUser(user);
//Add the instance to array
shareRecordArray.push(shareRecord);
//Set the array to share in BodyWrapper
request.setShare(shareRecordArray);
//Call updateSharePermissions method that takes BodyWrapper instance as parameter
let response = await sharedRecordsOperations.updateSharePermissions(request);Copiedasync function updateSharePermissions() {
const got = require("got");
let url = 'https://www.zohoapis.com/crm/v2.1/Contacts/3409643000002277005/actions/share'
let headers = {
Authorization : "Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
}
let requestBody = {}
let recordArray = []
let recordObject = {
'share_related_records': true,
'permission': 'read_write',
'user': {
'id': '3409643000000174021'
}
}
recordArray.push(recordObject)
requestBody['share'] = recordArray
let requestDetails = {
method : "PUT",
headers : headers,
body : JSON.stringify(requestBody),
encoding: "utf8",
throwHttpErrors : false
};
let response = await got(url, requestDetails)
if(response != null) {
console.log(response.statusCode);
console.log(response.body);
}
}
updateSharePermissions()2.1.0
Copied# List to hold ShareRecord instances
share_records = []
# Get instance of ShareRecordsOperations Class that takes module_api_name and record_id as parameter
sro = ShareRecords::ShareRecordsOperations.new(record_id, module_api_name)
# Get instance of BodyWrapper Class that will contain the request body
bw = ShareRecords::BodyWrapper.new
# Get instance of User Class
user = Users::User.new
# Set User ID
user.id = 3_477_061_000_005_791_024
(0..1).each do |i|
share_record = ShareRecords::ShareRecord.new
# Set boolean value to share related records
share_record.share_related_records = true
# Set the permission. Possible values - full_access, read_only, read_write
share_record.permission = 'full_access'
# Set the User instance to user
share_record.user = user
# Add the instance to list
share_records.push(share_record)
end
# Set the list to share of BodyWrapper instance
bw.share = share_records
response = sro.update_share_permissions(bw)Copiedrequire 'net/http'
require 'json'
class UpdateSharePermissions
def execute
url ="https://www.zohoapis.com/crm/v2.1/Leads/3477061000005623115/actions/share"
url = URI(url)
req = Net::HTTP::Put.new(url.request_uri)
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
headers={}
headers["Authorization"]="Zoho-oauthtoken 1000.dfa7XXXXXXXXXXXXXXXXXX84f9665840.c176aeXXXXXXXXXXXX13f3d37a84d"
headers&.each { |key, value| req.add_field(key, value) }
request_body = {}
record_array = []
record_object = {}
user = {}
user["id"]= "3477061000005791024"
record_object["share_related_records"]=true
record_object["permission"]="full_access"
record_object["user"]= user
record_array = [record_object]
request_body["share"] =record_array;
request_json = request_body.to_json
req.body = request_json.to_s
response=http.request(req)
status_code = response.code.to_i
headers = response.each_header.to_h
print status_code
print headers
unless response.body.nil?
print response.body
end
end
end
UpdateSharePermissions.new.executeCopieduser1 = Map();
user1.put("user", {"id":"4150868000001174048"});
user1.put("share_related_records", true);
user1.put("permission", "full_access");
user2 = Map();
user2.put("user", {"id":"4150868000001199001"});
user2.put("share_related_records", true);
user2.put("permission", "read_only");
usersList = List();
usersList.add(user1);
usersList.add(user2);
params = Map();
params.put("share", usersList);
response = invokeurl
[
url :"https://www.zohoapis.com/crm/v2.1/Leads/692969000000981055/actions/share"
type :PUT
parameters: params.toString()
connection:"crm_oauth_connection"
];
info response;In the request, "@input.json" contains the sample input data.
Request JSON
- shareJSON array, mandatory
The JSON object represents the set of users with whom you want to share the record. Each object in the array represents a user.
share Properties
- userJSON object, mandatory
Represents the ID of the user with whom you want to share the record.
- share_related_recordsboolean, optional
Represents if you want to share the related records also with the user.
Possible values:
true - share related records along with the record.
false - Do not share related records. This is the default value. - permissionstring, optional
Represents the access permission you want to give the user for that record.
Possible values:
full_access- Allow the user full access to the record. This is the default value.
read_only - Allow the user to only view the record.
read_write - Allow the user to view and edit the record.
Sample Input
Copied{
"share": [
{
"user": {
"id": "4150868000001199001"
},
"share_related_records": true,
"permission": "read_only"
},
{
"user": {
"id": "4150868000001174048"
},
"share_related_records": false,
"permission": "full_access"
}
]
}Possible Errors
- OAUTH_SCOPE_MISMATCHHTTP 401
invalid oauth scope to access this URL
Resolution: The client does not have the scope to ZohoCRM.share.{module_name}.UPDATE
(or)
The module name given in the URL is either Events, Calls, Tasks or any Linking module.
(or)
The module name given in the URL is invalid. - INVALID_URL_PATTERNHTTP 404
Please check if the URL trying to access is a correct one.
Resolution: The URL given has syntactical errors. - INVALID_DATAHTTP 400
ENTITY_ID_INVALID
Resolution: The record ID given in the URL is either invalid
(or)
does not belong to the module mentioned. - INVALID_DATAHTTP 400
Permission is invalid
Resolution: The value given in permission is not one of: full_access, read_only, or read_write.
(or)
The user does not have permission to access that particular module. - SHARE_LIMIT_EXCEEDEDHTTP 400
Cannot share a record to more than 10 users.
Resolution: The record you are trying to share has already been shared with 10 users. - NO_PERMISSIONHTTP 403
Permission denied to update records
Resolution: The user does not have permission to update the sharing permissions of a record. Contact your system administrator. - INTERNAL_ERRORHTTP 500
Internal Server Error
Resolution: Unexpected and unhandled exception in Server. Contact support team. - INVALID_REQUEST_METHODHTTP 400
The http request method type is not a valid one
Resolution: You have specified an invalid HTTP method to access the API URL. Specify a valid request method. Refer to endpoints section above. - AUTHORIZATION_FAILEDHTTP 400
User does not have sufficient privilege to update records
Resolution: The user does not have the permission to update the sharing permissions of a record. Contact your system administrator. - INVALID_MODULEHTTP 400
The module name given seems to be invalid
Resolution: You have specified an invalid module name or there is no tab permission, or the module could have been removed from the available modules. Specify a valid module API name. - INVALID_MODULEHTTP 400
The given module is not supported in API
Resolution: The modules such as Documents and Projects are not supported in the current API. (This error will not be shown, once these modules are been supported). Specify a valid module API name.
Sample Response
Copied{
"share": [
{
"code": "SUCCESS",
"details": {},
"message": "record will be shared successfully",
"status": "success"
},
{
"code": "SUCCESS",
"details": {},
"message": "record will be shared successfully",
"status": "success"
}
]
}