Serverless Functions - Authentication
A severless function within your CRM can be invoked from any third-party application or within the CRM. However, generally not all of the applications support a single authentication method. Keeping that in mind, we have two methods that you can use to execute the function. One of them would be using the API Key authentication method, which can be used by either you or others to invoke the function from anywhere. The other is the OAuth2 method.
The difference between API Key and OAuth2 lies in the mode of authentication. API Key has to be authenticated in the Request URL and not as a header.
Serverless Functions can be authenticated through the following methods:
| OAuth Authentication | Run your application serverless with the latest and more secure mode of authentication. | Call the function using OAuth2 | Use OAuth to incorporate the serverless function into the CRM by creating Widgets. |
| API Key Authentication | The simplest and the fastest way to enable authentication for your applications. | A Sample | See for yourself how the api key is used through webhooks. |
API Key authentication is used to inform Zoho that the incoming client can access the data from the CRM. However, you can set up permissions to limit the level of access that the service or the developer has over the info. Although the API key is impressively simple, the downside to it is in not keeping up with the current authentication methods.
OAuth authentication is a different in the obvious fact that the level of security is up by a notch with the addition of access and refresh tokens. Each access token may provide access to a specific set of data from your CRM, but with some additional permissions like “read-only”.