Files and Attachments APIs

Attachments provide more information about a contact or a company, which normally cannot be displayed. You may also need to send images, text files or videos or any other type of files to contacts. The files and attachments API allows a user to get a list of attachments, upload or download a photo or a file.

Get list of Attachments

Purpose

To get the list of attachments.

Request Details

Request URL

https://www.zohoapis.com/crm/v2/{module_api_name}/{record_id}/Attachments

Supported modules

Leads, Accounts, Contacts, Deals, Campaigns, Tasks, Cases, Events, Solutions, Products, Vendors, Price Books, Quotes, Sales Orders, Purchase Orders, Invoices, Custom, and Notes

Header

Authorization: Zoho-oauthtoken d92d4xxxxxxxxxxxxx15f52

Scope

scope=ZohoCRM.modules.ALL
(or)
scope=ZohoCRM.modules.{module_name}.{operation_type}
(and)
scope=ZohoCRM.modules.attachments.{operation_type}

Possible module names

leads, accounts, contacts, deals, campaigns, tasks, cases, events, solutions, products, vendors, pricebooks, quotes, salesorders, purchaseorders, invoices, custom, notes

Possible operation types

ALL - Full access to attachments
READ - Get attachment data

Sample Request

Copiedcurl "https://www.zohoapis.com/crm/v2/Leads/1000000231009/Attachments"
-X GET
-H "Authorization: Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
3.0.08.0
CopiedString moduleAPIName = "Leads";
Long recordId = 3477061000005177002l;

//Get instance of AttachmentsOperations Class that takes moduleAPIName and recordId as parameter
AttachmentsOperations attachmentsOperations = new AttachmentsOperations(moduleAPIName, recordId);

//Get instance of ParameterMap Class
ParameterMap paramInstance = new ParameterMap();

//Possible parameters of Get Attachments operation
paramInstance.add(GetAttachmentsParam.PAGE, 1);

paramInstance.add(GetAttachmentsParam.PER_PAGE, 10);

paramInstance.add(GetAttachmentsParam.FIELDS, "id");

//Call getAttachments method that takes paramInstance as parameters
APIResponse < ResponseHandler > response = attachmentsOperations.getAttachments(paramInstance);
Copiedimport javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
public class FilesandAttachmentsAPIs 
{
	public static void main(String[] args) 
	{
		try
		{
			HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
			SSLContext sslContext = SSLContext.getDefault();
			SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
			CloseableHttpClient httpclient = httpClientBuilder.setSSLSocketFactory(sslConnectionSocketFactory).build();
			URIBuilder uriBuilder = new URIBuilder("https://www.zohoapis.com/crm/v2/Leads/34770617711001/Attachments");
			uriBuilder.addParameter("fields", "Modified_Time");
			uriBuilder.addParameter("page", "1");
			uriBuilder.addParameter("per_page", "1");
			HttpUriRequest requestObj = new HttpGet(uriBuilder.build());
			requestObj.addHeader("Authorization", "Zoho-oauthtoken 1000.xxxxxxx.xxxxxxx");
			HttpResponse response = httpclient.execute(requestObj);
			HttpEntity responseEntity = response.getEntity();
			System.out.println("HTTP Status Code : " + response.getStatusLine().getStatusCode());
			if(responseEntity != null)
			{
				Object responseObject = EntityUtils.toString(responseEntity);
				String responseString = responseObject.toString();
				System.out.println(responseString);
			}
		}
		catch(Exception ex)
		{
			ex.printStackTrace();
		}
	}
}
3.0.07.x
Copied//Get instance of AttachmentsOperations Class that takes recordId and moduleAPIName as parameter
$attachmentOperations = new AttachmentsOperations($moduleAPIName, $recordId);
//Call getAttachments method
$response = $attachmentOperations->getAttachments();
Copied<?php
class GetAttachments{
    
    public function execute(){
        $curl_pointer = curl_init();
        
        $curl_options = array();
        $url = "https://www.zohoapis.com/crm/v2/Leads/35240335495065/Attachments?";
        $parameters = array();
        $parameters["fields"]="id";
        $parameters["page"]="1";
        $parameters["per_page"]="10";
        
        foreach ($parameters as $key=>$value){
            $url =$url.$key."=".$value."&";
        }
        $curl_options[CURLOPT_URL] = $url;
        $curl_options[CURLOPT_RETURNTRANSFER] = true;
        $curl_options[CURLOPT_HEADER] = 1;
        $curl_options[CURLOPT_CUSTOMREQUEST] = "GET";
        $headersArray = array();
        $headersArray[]= "If-Modified-Since".":"."2020-10-12T17:59:50+05:30";
        $headersArray[] = "Authorization". ":" . "Zoho-oauthtoken " ."1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf";
        $curl_options[CURLOPT_HTTPHEADER]=$headersArray;
        
        curl_setopt_array($curl_pointer, $curl_options);
        
        $result = curl_exec($curl_pointer);
        $responseInfo = curl_getinfo($curl_pointer);
        curl_close($curl_pointer);
        list ($headers, $content) = explode("\r\n\r\n", $result, 2);
        if(strpos($headers," 100 Continue")!==false){
            list( $headers, $content) = explode( "\r\n\r\n", $content , 2);
        }
        $headerArray = (explode("\r\n", $headers, 50));
        $headerMap = array();
        foreach ($headerArray as $key) {
            if (strpos($key, ":") != false) {
                $firstHalf = substr($key, 0, strpos($key, ":"));
                $secondHalf = substr($key, strpos($key, ":") + 1);
                $headerMap[$firstHalf] = trim($secondHalf);
            }
        }
        $jsonResponse = json_decode($content, true);
        if ($jsonResponse == null && $responseInfo['http_code'] != 204) {
            list ($headers, $content) = explode("\r\n\r\n", $content, 2);
            $jsonResponse = json_decode($content, true);
        }
        var_dump($headerMap);
        var_dump($jsonResponse);
        var_dump($responseInfo['http_code']);
        
    }
    
}
(new GetAttachments())->execute();
3.0.08.x
Copied//Get instance of AttachmentsOperations Class that takes moduleAPIName and recordId as parameter
AttachmentsOperations attachmentsOperations = new AttachmentsOperations (moduleAPIName, recordId);
//Get instance of ParameterMap Class
ParameterMap paramInstance = new ParameterMap();
paramInstance.Add(GetAttachmentsParam.PAGE, 1);
paramInstance.Add(GetAttachmentsParam.PER_PAGE, 20);
List<string> fields = new List<string>() { "Modified_Time", "File_Name", "Created_By" };
foreach (string name in fields)
{
paramInstance.Add(GetAttachmentsParam.FIELDS, name);
}
//Call GetAttachments method
APIResponse<API.Attachments.ResponseHandler> response = attachmentsOperations.GetAttachments(paramInstance);
Copiedusing System;
using System.IO;
using System.Net;
namespace Com.Zoho.Crm.API.Sample.RestAPI.FilesandAttachments
{
    public class FilesandAttachmentsAPIs
    {
        public static void GetListofAttachments()
        {
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://www.zohoapis.com/crm/v2/Leads/34770617711001/Attachments?fields=Modified_Time&page=1&per_page=5");
            request.Method = "GET";
            request.Headers["Authorization"] = "Zoho-oauthtoken 1000.abfeXXXXXXXXXXX2asw.XXXXXXXXXXXXXXXXXXsdc2";
            request.KeepAlive = true;
            HttpWebResponse response;
            try
            {
                response = (HttpWebResponse)request.GetResponse();
            }
            catch (WebException e)
            {
                if (e.Response == null) { throw; }
                response = (HttpWebResponse)e.Response;
            }
            HttpWebResponse responseEntity = response;
            Console.WriteLine("HTTP Status Code : " + (int)response.StatusCode);
            string responsestring = new StreamReader(responseEntity.GetResponseStream()).ReadToEnd();
            responseEntity.Close();
            Console.WriteLine(responsestring);
        }
    }
}
3.0.03.x.x
Copied# Get instance of AttachmentsOperations Class that takes module_api_name and record_id as parameters
attachments_operations = AttachmentsOperations(module_api_name, record_id)
# Possible parameters for Get Attachments Operation
param_instance = ParameterMap()
param_instance.add(GetAttachmentsParam.fields, "id")
param_instance.add(GetAttachmentsParam.page, 2)
param_instance.add(GetAttachmentsParam.per_page, 10)
# Call get_attachments method that takes ParameterMap instance as parameter
response = attachments_operations.get_attachments(param_instance)
Copieddef get_attachments():
    import requests

    url = 'https://www.zohoapis.com/crm/v2/Leads/3409643000002267003/Attachments'

    headers = {
        'Authorization': 'Zoho-oauthtoken 1000.04be928e4a96XXXXXXXXXXXXX68.0b9eXXXXXXXXXXXX60396e268'
    }

    parameters = {
        'fields': 'id,Modified_Time',
        'page': 1,
        'per_page': 20
    }

    response = requests.get(url=url, headers=headers, params=parameters)

    if response is not None:
        print("HTTP Status Code : " + str(response.status_code))

        print(response.json())

get_attachments()
1.0.010.x
Copied//Get instance of AttachmentsOperations Class that takes recordId and moduleAPIName as parameter
let attachmentsOperations = new AttachmentsOperations(moduleAPIName, recordID);
//Get instance of ParameterMap Class
let paramInstance = new ParameterMap();
//Possible parameters of Get Attachments Operation
paramInstance.add(GetAttachmentsParam.FIELDS, "id");
paramInstance.add(GetAttachmentsParam.PAGE, 1);
paramInstance.add(GetAttachmentsParam.PER_PAGE, 10);
//Call getAttachments method that takes ParameterMap instance as parameter
let response = await attachmentsOperations.getAttachments(paramInstance);
Copiedasync function getAttachments() {
    const got = require("got");

    let url = 'https://www.zohoapis.com/crm/v2/Leads/3409643000002267003/Attachments'

    let headers = {
        Authorization : "Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
    }

    let parameters = {
        fields : 'id,Modified_Time',
        page : 1,
        per_page : 20
    }

    let requestDetails = {
        method : "GET",
        headers : headers,
        searchParams : parameters,
        throwHttpErrors : false
    }
    
    let response = await got(url, requestDetails)
    
    if(response != null) {
        console.log(response.statusCode);
        console.log(response.body);
    }  
}
getAttachments()
2.02.x.x
Copied# Get instance of AttachmentsOperations Class that takes record_id and module_api_name as parameters
ao = Attachments::AttachmentsOperations.new(module_api_name,record_id)

# Get instance of ParameterMap Class
pm = ParameterMap.new
pm.add(Attachments::AttachmentsOperations::GetAttachmentsParam.page, 1)
pm.add(Attachments::AttachmentsOperations::GetAttachmentsParam.per_page, 1)
# Call get_attachments method
response = ao.get_attachments(pm)
Copiedclass GetAttachments 

    def execute
        parameters ={}
        parameters["fields"]="id"
        parameters["page"]="1"
        parameters["per_page"]="10"
        query_string = parameters.to_a.map { |x| "#{x[0]}=#{x[1]}" }.join('&')
        url= "https://www.zohoapis.com/crm/v2/Leads/3524033000005495065/Attachments"
        url += '?' + query_string if !query_string.nil? && (query_string.strip != '')
        url = URI(url)
        req = Net::HTTP::Get.new(url.request_uri)
        http = Net::HTTP.new(url.host, url.port)
        http.use_ssl = true
        headers={}
        headers["Authorization"]="Zoho-oauthtoken 1000.50XXXXXXXXX&77e3a.44XXXXXXXXX8353"
        headers["If-Modified-Since"]="2020-10-12T17:59:50+05:30"
        headers&.each { |key, value| req.add_field(key, value) }
        response=http.request(req)
        status_code = response.code.to_i
        headers = response.each_header.to_h
        print status_code
        print headers
        unless response.body.nil?
            print  response.body
        end
    end
end
GetAttachments.new.execute
1.0.0ES6
Copied//Get instance of AttachmentsOperations Class that takes recordId and moduleAPIName as parameter
let attachmentsOperations = new ZCRM.Attachment.Operations(moduleAPIName, recordID);
//Get instance of ParameterMap Class
let paramInstance = new ParameterMap();
// Possible parameters of Get Attachments Operation
// await paramInstance.add(ZCRM.Attachment.Model.GetAttachmentsParam.FIELDS, "id");
await paramInstance.add(ZCRM.Attachment.Model.GetAttachmentsParam.PAGE, 1);
await paramInstance.add(ZCRM.Attachment.Model.GetAttachmentsParam.PER_PAGE, 10);
//Call getAttachments method that takes ParameterMap instance as parameter
let response = await attachmentsOperations.getAttachments(paramInstance);
Copiedvar listener = 0;
class FilesandAttachmentsAPIs {

	async getListofAttachments()	{
		var url = "https://www.zohoapis.com/crm/v2/Leads/34770617711001/Attachments"
        var parameters = new Map()
        var headers = new Map()
        var token = {
            clientId:"1000.NPY9M1V0XXXXXXXXXXXXXXXXXXXF7H",
            redirectUrl:"http://127.0.0.1:5500/redirect.html",
            scope:"ZohoCRM.users.ALL,ZohoCRM.bulk.read,ZohoCRM.modules.ALL,ZohoCRM.settings.ALL,Aaaserver.profile.Read,ZohoCRM.org.ALL,profile.userphoto.READ,ZohoFiles.files.ALL,ZohoCRM.bulk.ALL,ZohoCRM.settings.variable_groups.ALL"
        }
        var accesstoken = await new FilesandAttachmentsAPIs().getToken(token)
        headers.set("Authorization", "Zoho-oauthtoken " + accesstoken)
        parameters.set("fields", "Modified_Time")
        parameters.set("page", "1")
        parameters.set("per_page", "1")
        var requestMethod = "GET"
        var reqBody = null
        var params = "";
        parameters.forEach(function(value, key) {
            if (parameters.has(key)) {
                if (params) {
                    params = params + key + '=' + value + '&';
                }
                else {
                    params = key + '=' + value + '&';
                }
            }
        });
        var apiHeaders = {};
        if(headers) {
            headers.forEach(function(value, key) {
                apiHeaders[key] = value;
            });
        }
        if (params.length > 0){
            url = url + '?' + params.substring(0, params.length - 1);
        }
        var requestObj = {
            uri : url,
            method : requestMethod,
            headers : apiHeaders,
            body : JSON.stringify(reqBody),
            encoding: "utf8",
            allowGetBody : true,
			throwHttpErrors : false
        };
        var result = await new FilesandAttachmentsAPIs().makeAPICall(requestObj);
        console.log(result.status)
        console.log(result.response)
    }

    async getToken(token) {

        if(listener == 0) {

            window.addEventListener("storage", function(reponse) {
                if(reponse.key === "access_token" && (reponse.oldValue != reponse.newValue || reponse.oldValue == null)){
                    location.reload();
                }
                if(reponse.key === "access_token"){

                    sessionStorage.removeItem("__auth_process");
                }
            }, false);
            listener = 1;
            if(sessionStorage.getItem("__auth_process")) {
                sessionStorage.removeItem("__auth_process");
            }
        }
        ["granted_for_session", "access_token","expires_in","expires_in_sec","location","api_domain","state","__token_init","__auth_process"].forEach(function (k) {
            var isKeyExists = localStorage.hasOwnProperty(k);
            if(isKeyExists) {
                sessionStorage.setItem(k, localStorage[k]);
            }
            localStorage.removeItem(k);
        });
        var valueInStore = sessionStorage.getItem("access_token");
        var tokenInit = sessionStorage.getItem("__token_init");
        if(tokenInit != null && valueInStore != null && Date.now() >= parseInt(tokenInit) + 59 * 60 * 1000){ // check after 59th minute
            valueInStore = null;
            sessionStorage.removeItem("access_token");
        }

        var auth_process = sessionStorage.getItem("__auth_process");
        if ((valueInStore == null && auth_process == null) || (valueInStore == 'undefined' && (auth_process == null || auth_process == "true"))) {
            var accountsUrl = "https://accounts.zoho.com/oauth/v2/auth"
            var clientId;
            var scope;
            var redirectUrl;
            if(token != null) {
                clientId = token.clientId;
                scope = token.scope;
                redirectUrl = token.redirectUrl;
            }

            var fullGrant = sessionStorage.getItem("full_grant");
            var grantedForSession = sessionStorage.getItem("granted_for_session");
            if(sessionStorage.getItem("__token_init") != null && ((fullGrant != null && "true" == full_grant) || (grantedForSession != null && "true" == grantedForSession))) {
                accountsUrl += '/refresh';
            }
            if (clientId && scope) {
                sessionStorage.setItem("__token_init", Date.now());
                sessionStorage.removeItem("access_token");
                sessionStorage.setItem("__auth_process", "true");
                window.open(accountsUrl + "?" + "scope" + "=" + scope + "&"+ "client_id" +"=" + clientId + "&response_type=token&state=zohocrmclient&redirect_uri=" + redirectUrl);
                ["granted_for_session", "access_token","expires_in","expires_in_sec","location","api_domain","state","__token_init","__auth_process"].forEach(function (k) {
                    var isKeyExists = localStorage.hasOwnProperty(k);
                    if(isKeyExists){
                        sessionStorage.setItem(k, localStorage[k]);
                    }
                    localStorage.removeItem(k);
                });
                valueInStore = sessionStorage.getItem("access_token");
            }
        }
        if(token != null && valueInStore != 'undefined'){
            token.accessToken = valueInStore;
        }
        return token.accessToken;
    }

    async makeAPICall(requestDetails) {
        return new Promise(function (resolve, reject) {
            var body, xhr, i;
            body = requestDetails.body || null;
            xhr = new XMLHttpRequest();
            xhr.withCredentials = true;
            xhr.open(requestDetails.method, requestDetails.uri, true);
            for (i in requestDetails.headers) {
                xhr.setRequestHeader(i, requestDetails.headers[i]);
            }
            xhr.send(body);
            xhr.onreadystatechange = function() {
                if(xhr.readyState == 4) {
                    resolve(xhr);
                }
            }
        })
    }
}
Copiedresponse = invokeurl
[
	url: "https://www.zohoapis.com/crm/v2/Leads/1000000231009/Attachments"
	type: GET
	connection:"crm_oauth_connection"
];
info response;
1.0.14.x.x
Copied//Get instance of AttachmentsOperations Class that takes recordId and moduleAPIName as parameter
let attachmentsOperations: AttachmentsOperations = new AttachmentsOperations(moduleAPIName, recordID);

        //Get instance of ParameterMap Class
        let paramInstance: ParameterMap = new ParameterMap();

        //Possible parameters of Get Attachments Operation
        // await paramInstance.add(GetAttachmentsParam.FIELDS, 'id');

        await paramInstance.add(GetAttachmentsParam.PAGE, 1);

        await paramInstance.add(GetAttachmentsParam.PER_PAGE, 10);

        //Call getAttachments method that takes ParameterMap instance as parameter
        let response: APIResponse<ResponseHandler> = await attachmentsOperations.getAttachments(paramInstance);
Copiedimport got from 'got';
class FilesandAttachmentsAPIs {
	public async main()  {
		var apiHeaders: {[key: string]: string} = {};
		var apiParameters: {[key: string]: string} = {};
		var modifiedRequestBody: any;
		apiHeaders["Authorization"] = "Zoho-oauthtoken 1000.xxxxxxx.xxxxxx"
		apiParameters["fields"]= "Modified_Time"
		apiParameters["page"]= "1"
		apiParameters["per_page"]= "1"
		var requestDetails: {[key: string]: any} = {
			method : "GET",
			headers : apiHeaders,
			searchParams : apiParameters,
			body : modifiedRequestBody,
 			encoding: "utf8",
			allowGetBody : true,
			throwHttpErrors : false
		};
		var response = await got("https://www.zohoapis.com/crm/v2/Leads/34770617711001/Attachments", requestDetails);
		console.log(response.statusCode)
		console.log(JSON.parse(response.body));
	}

}
var v = new FilesandAttachmentsAPIs()

v.main()

Response JSON Keys

  • OwnerJSON object

    Represents the name, ID, and email of the record owner.

  • Modified_Timestring

    Represents the date and time at which the attachment was last modified.

  • File_Namestring

    Represents the name of the attachment.

  • Created_Timestring

    Represents the date and time at which the attachment was added to the record.

  • Sizeinteger

    Represents the size of the attachment.

  • Parent_IdJSON object

    Represents the name and ID of the parent record.

  • $editableboolean

    Represents if the user can edit the attachment.
    true: The user can edit the attachment.
    false: The user cannot edit the attachment.

  • $file_idstring

    Represents the unique file ID of the file in the ZFS.

  • $se_modulestring

    Represents the API name of the parent module.

  • Modified_ByJSON object

    Represents the name, ID, and email of the user who last modified the attachment.

  • idstring

    Represents the unique ID of the related record.

  • Created_ByJSON object

    Represents the name, ID, and email of the user who added the attachment to the record.

Possible Errors

  • INVALID_MODULEHTTP 400

    The module name given seems to be invalid
    Resolution: You have specified an invalid module name or there is no tab permission, or the module could have been removed from the available modules. Specify a valid module API name.

  • INVALID_MODULEHTTP 400

    The given module is not supported in API
    Resolution: The modules such as Documents and Projects are not supported in the current API. (This error will not be shown, once these modules are been supported). Specify a valid module API name.

  • INVALID_URL_PATTERNHTTP 404

    Please check if the URL trying to access is a correct one
    Resolution: The request URL specified is incorrect. Specify a valid request URL. Refer to request URL section above.

  • OAUTH_SCOPE_MISMATCHHTTP 401

    Unauthorized
    Resolution: Client does not have ZohoCRM.modules.attachments.READ scope. Create a new client with valid scope. Refer to scope section above.

  • NO_PERMISSIONHTTP 403

    Permission denied to read attachment details
    Resolution: The user does not have permission to read attachment details. Contact your system administrator.

  • INTERNAL_ERRORHTTP 500

    Internal Server Error
    Resolution: Unexpected and unhandled exception in Server. Contact support team.

  • INVALID_REQUEST_METHODHTTP 400

    The http request method type is not a valid one
    Resolution: You have specified an invalid HTTP method to access the API URL. Specify a valid request method. Refer to endpoints section above.

  • AUTHORIZATION_FAILEDHTTP 400

    User does not have sufficient privilege to read attachments
    Resolution: The user does not have the permission to read attachment details. Contact your system administrator.

Sample Response

Copied{
    "data": [
        {
            "Owner": {
                "name": "Patricia Boyle",
                "id": "4150868000000225013",
                "email": "patricia.b@zylker.com"
            },
            "Modified_Time": "2020-07-24T18:12:43+05:30",
            "File_Name": "Screen Shot 2020-07-21 at 11.27.04 PM.png",
            "Created_Time": "2020-07-24T18:12:43+05:30",
            "Size": "362207",
            "Parent_Id": {
                "name": "related records",
                "id": "4150868000002728001"
            },
            "$editable": true,
            "$file_id": "iewimc754be98ef89473fbf474139d65f758a",
            "$type": "Attachment",
            "$se_module": "Leads",
            "Modified_By": {
                "name": "Patricia Boyle",
                "id": "4150868000000225013",
                "email": "patricia@zylker.com"
            },
            "$state": "save",
            "id": "4150868000002728012",
            "Created_By": {
                "name": "Patricia Boyle",
                "id": "4150868000000225013",
                "email": "patricia@zylker.com"
            },
            "$link_url": null
        }
    ],
    "info": {
        "per_page": 200,
        "count": 1,
        "page": 1,
        "more_records": false
    }
}