Get practical tips to improve your customer service strategy at Zoho CX Workshop.

Register now!
Skip to product menu
close
  • Sales
    Press Space or Enter to display list of options
EXPLORE ALL PRODUCTS

Sales

 
CRM

Comprehensive CRM platform for customer-facing teams.

CRM
 
Bigin

Simple CRM for small businesses moving from spreadsheets.

Bigin
 
Forms

Build online forms for every business need.

Forms
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Sign

Digital signature app for businesses.

Sign
 
RouteIQ

Comprehensive sales map visualization and optimal route planning solution.

RouteIQ
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Suites
CRM Plus

Unified platform to deliver top-notch customer experience.

CRM Plus

Marketing

 
Social

All-in-one social media management software.

Social
 
Campaigns

Create, send, and track targeted email campaigns that drive sales.

Campaigns
 
Forms

Build online forms for every business need.

Forms
 
Survey

Design surveys to reach and interact with your audience.

Survey
 
Sites

Online website builder with extensive customisation options.

Sites
 
PageSense

Website conversion optimization and personalisation platform.

PageSense
 
Backstage

End-to-end event management software.

Backstage
 
Webinar

Webinar platform for webcasting online webinars.

Webinar
 
Marketing Automation

All-in-one marketing automation software.

Marketing Automation
 
LandingPage

Smart landing page builder to increase conversion rates

LandingPage
 
Publish

Manage all your local business listings on a single platform.

Publish
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Sign

Digital signature app for businesses.

Sign
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
NEW
LeadChain

Sync, manage, and convert leads across channels seamlessly.

LeadChain
 
NEW
CommunitySpaces

Online community platform for individuals and businesses to grow their network and brand.

CommunitySpaces
 
Suites
Marketing Plus

Unified marketing platform for marketing teams.

Marketing Plus

Commerce and POS

 
Commerce

eCommerce platform to manage and market your online store.

Commerce

Service

 
Desk

Helpdesk software to deliver great customer support.

Desk
 
Assist

Remote support and unattended remote access software.

Assist
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
FSM

End-to-end field service management platform for service businesses.

FSM
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Suites
Service Plus

Unified platform for customer service and support teams.

Service Plus

Finance

 
Books

Powerful accounting platform for growing businesses.

Books
 
FREE
Invoice

100% Free invoicing solution.

Invoice
 
Expense

Effortless expense reporting platform.

Expense
 
Inventory

Powerful stock management and inventory control software.

Inventory
 
Billing

End-to-end billing solution for your business.

Billing
 
Checkout

Collect payments online with custom branded pages.

Checkout
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Practice

Practice management software for accounting firms.

Practice
 
Sign

Digital signature app for businesses.

Sign
 
Commerce

eCommerce platform to manage and market your online store.

Commerce
 
Suites
Finance Plus

All-in-one suite to manage your operations and finances.

Finance Plus

Email and Collaboration

 
Mail

Secure email service for teams of all sizes.

Mail
 
Meeting

Online meeting software for all your video conferencing & webinar needs.

Meeting
 
Writer

Word processor for focused writing and discussions.

Writer
 
Sheet

Spreadsheet software for collaborative teams.

Sheet
 
Show

Create, edit, and share slides with a sleek presentation app.

Show
 
Notebook

Beautiful home for all your notes.

Notebook
 
Cliq

Stay in touch with teams no matter where you are.

Cliq
 
Connect

Employee experience platform to communicate, engage, and build positive employee relations.

Connect
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
TeamInbox

Shared inboxes for teams.

TeamInbox
 
WorkDrive

Online file management for teams.

WorkDrive
 
Sign

Digital signature app for businesses.

Sign
 
Office Suite

Powerful collaborative work platform for teams.

Office Suite
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
Calendar

Online business calendar to manage events and schedule appointments.

Calendar
 
Learn

Knowledge and learning management platform.

Learn
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
ToDo

Collaborative task management for individuals and teams.

ToDo
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
FREE
PDF Editor

Collaborative online PDF editing tool.

PDF Editor
 
Suites
Workplace

Application suite built to improve team productivity and collaboration.

Workplace

Human Resources

 
People

Organize, automate, and simplify your HR processes.

People
 
Recruit

Intuitive recruiting platform built to provide hiring solutions.

Recruit
 
Expense

Effortless expense reporting platform.

Expense
 
Workerly

Manage temporary staffing with an employee scheduling solution.

Workerly
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Shifts

Employee scheduling and time tracking app.

Shifts
 
Sign

Digital signature app for businesses.

Sign
 
Suites
People Plus

Comprehensive HR platform for seamless employee experiences.

People Plus

Security and IT Management

 
Creator

Build custom apps to simplify business processes.

Creator
 
Directory

Workforce identity and access management solution for cloud businesses.

Directory
 
FREE
OneAuth

Secure multi-factor authenticator (MFA) for all your online accounts.

OneAuth
 
Vault

Online password manager for teams.

Vault
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Toolkit

Complete resource for any admin-related lookup queries.

Toolkit
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
Assist

Remote support and unattended remote access software.

Assist
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA

BI and Analytics

 
Analytics

Modern self-service BI and analytics platform.

Analytics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep
 
NEW
IoT

Harnessing IoT analytics for real-time operational intelligence.

IoT

Project Management

 
Projects

Manage, track, and collaborate on projects with teams.

Projects
 
Sprints

Planning and tracking tool for scrum teams.

Sprints
 
BugTracker

Automatic bug tracking software for managing bugs.

BugTracker
 
Solo

The all-in-one toolkit for solopreneurs.

Solo

Developer Platforms

 
Creator

Build custom apps to simplify business processes.

Creator
 
Flow

Automate business workflows by creating smart integrations.

Flow
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA
 
NEW
Apptics

Application analytics for all apps.

Apptics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
NEW
IoT

Build, deploy, and scale IoT solutions for connected businesses.

IoT
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep

IoT

 
NEW
IoT

Low-code IoT platform and solutions for connected businesses.

IoT

Search Result

 
CRM Plus

Unified platform to deliver top-notch customer experience.

Try now
CRM Plus
 
Service Plus

Unified platform for customer service and support teams.

Try now
Service Plus
 
Finance Plus

All-in-one suite to manage your operations and finances.

Try now
Finance Plus
 
People Plus

Comprehensive HR platform for seamless employee experiences.

Try now
People Plus
 
Workplace

Application suite built to improve team productivity and collaboration.

Try now
Workplace
 
Marketing Plus

Unified marketing platform for marketing teams.

Try now
Marketing Plus
 
All-in-one suite

Zoho One

The Operating System for Business

Run your entire business on Zoho with our unified cloud software, designed to help you break down silos between departments and increase organizational efficiency.

TRY ZOHO ONE
Zoho One
Zoho Marketplace

With over 2000 ready-to-use extensions across 40+ categories, connect your favorite business tools with the Zoho products you already use.

EXPLORE MARKETPLACE
Marketplace
Skip to main content

Desk Invoke API (Proxy)

 

Desk's invoke API acts as a proxy between the extension and the External Services or Desk for calling the APIs. Desk invoke api is an authenticated API which can be used to make api calls from external services. Desk invoke API can be used to

  • Access the Zoho Desk's APIs
  • Access the External Service's APIs
  • Access the Extension Data Specific APIs such as storage, And configParam APIs

For Using Desk Invoke API Follow the steps given below

  1. Add secret key in plugin-manifest.json
    eg: "secret":"my_secret_key_234567"
  2. Add Platform Event Callbacks in plugin-manifest.json
        eg:     "callbackListener":{
                       "onZohoAuthorise": "https://zohodeskapp.com/authorized.php",
                       "onConfigParamAdd": "https://zohodeskapp.com/adjustfiler.php",
                       "onUninstall": "https://zohodeskapp.com/revokeWebhook.php"
                   }.
  3. Generate HASH for invoke API.

Using Desk Invoke API

The query parameters such as orgId , securityContext and headerparam HASH are required for calling Invoke API . orgId & securityContext will be provided by desk during the Platform event callbacks. HASH should be generated using the SECRET and the Request URL inputs. Refer Generating Hash for Invoke API.

INVOKE API REQUEST FORMAT

Request URL:

https://desk.zoho.com/api/v1/invoke

Request Method:

POST

QueryParams:

orgId

RequestHeaders:

INVOKE API HASH

QueryParams:

orgId

Content-Type:

application/x-www-form-urlencoded

RequestBody:JSONObject in the INVOKE_API_REQUEST_PAYLOAD format.

INVOKE API RESPONSE FORMAT

ResponseCode

200

Content-Type:

application/json

ResponseJSONObject in the INVOKE_API_RESPONSE_OBJECT format.
 
INVOKE_API_REQUEST_PAYLOAD

 

FieldTypeDescription
securityContextstring
Required
An Extension specific encrypted token that is used for identifying & authenticating the extension while calling the invoke API. SecurityContext can be obtained during Platform event callbacks
requestURLstring
Required
URL to be invoked.
requestTypestring
Required
HTTP method for invoking the requestURL
  • GET
  • POST
  • PATCH
  • PUT
  • DELETE
postBodystring
Required
Payload or body to be sent while invoking the requestURL.
headersstring
Required
Headers to be sent while invoking the requestURL.
queryParamsstring
Required
QueryParams to be sent while invoking the requestURL.
connectionLinkNamestring
Required
If the authorization needs to be applied from the connections while invoking the requestURL, specify the unique connectionname provided by the DRE.

 

 
INVOKE_API_RESPONSE_OBJECT 

Description

statusCode

integer

Status Code from the requestURL by the invoke API request.

response

string

Response from the requestURL by the invoke API request.

responseHeaders

string

Response headers sent by the requestURL.

 

Sample Response:

 {
  "responseHeaders" : {
    "Cache-Control" : "private,no-cache,no-store,max-age=0,must-revalidate",
    "Set-Cookie" : "drecn=9e1f7200-bcdf-426d-9628-79ff4e9241c8; Path=/; Secure",
    "Vary" : "Accept-Encoding",
    "Expires" : "Thu, 01 Jan 1970 00:00:00 GMT",
    "X-XSS-Protection" : "1",
    "Content-Type" : "application/json;charset=utf-8"
  },
  "response" : "{\"data\":[{\"ticketNumber\":\"176\",\"customerResponseTime\":\"2014-03-22T05:05:08.471Z\",\"productId\":null,\"contactId\":\"1892000000045028\",\"subject\":\"from forum\",\"dueDate\":\"2016-06-01T14:04:07.000Z\",\"departmentId\":\"1892000000006907\",\"channel\":\"Forums\",\"threadCount\":\"72\",\"priority\":\"High\",\"assigneeId\":\"1892000000056007\",\"closedTime\":null,\"commentCount\":\"0\",\"phone\":null,\"contact\":{\"firstName\":\"\",\"lastName\":\"as\",\"phone\":null,\"id\":\"1892000000045028\",\"type\":null,\"email\":\"manojkumar.s+4444@zohocorp.com\",\"account\":{\"website\":\"qwe.com\",\"accountName\":\"Man_Account\",\"id\":\"1892000000980421\"}},\"createdTime\":\"2014-03-06T09:49:50.000Z\",\"id\":\"1892000000094004\",\"email\":\"example@example.com\",\"status\":\"Open\"}]}",
  "statusCode" : "200"
} 


Generate Hash for Invoke API 

To call invoke API, HASH is mandatory. Hash is used to verify the invoke API call was originally made by the extension developer. HASH is an HMAC sha256 encrypted string with the key as app's secret (manifest.secret) provided in the manifest and the input as invokeAPI's payload.

Desk also will generate the HASH with the shared app's secret with the provided payload in the invoke API and will match the provided HASH in the desk invoke API's header. If the HASH does not match with the desk generated HASH, then the invoke API will not be processed.

The same process of authentication can be used by the extension during the extension callback events to verify the callback was originally sent by the desk. A HASH will be sent in the Header of the callback event, developer can generate HASH using payload and secret and allow requests only if HASH is matched.
 

Sample of Invoke API HASH Generation  

Let  Secret (Given in plugin-manifest.json) => "my_secret_key_238392"

Sample Invoke API Inputs =>
requestURL             = https://api.google.com/test
requestType            = POST
queryParams            = {"ticket":"649276000021131197"}
postBody               = {"author": {"name": "jhone Doe","email": "jhondoe@test.com"}}
headers                = {"orgId":376723}
connectionLinkName     = myConnectionLinkName

let stringToHash =
'requestURL=https://api.google.com/test&requestType=POST&queryParams={"ticket":"649276000021131197"}&postBody={"author": {"name": "jhone Doe","email": "jhondoe@test.com"}}&headers={"orgId":376723}&connectionLinkName=myConnectionLinkName'

then, generated HASH = hmac_sha256 ( stringToHash, "my_secret_key_238392" ); //Using HMAC SHA256

Notes: 

  1. While generating HASH, only include the parameters which will be used in the invoke API.

  2. Order of the fields while generating hash should be exactly 
    1.requestURL, 2.requestType, 3.queryParams, 4.postBody,  5.headers, 6.connectionLinkName
    and you can ignore the fields which you don't send.

  3. While generating stringToHash use compactJSON format.

  4. While generating HASH for Callbacks only consider the payload in string format.

Specifying Placeholders in Invoke API

You can specify configParams, authentication details as placeholders while calling the desk invoke API. The placeholders will be replaced with the original values before sending the request to requestURL.

Supported placeholders

Placeholder

Syntax

Location(s)

Description

InstallationId

{{PROPERTY}}

requestURL,
queryParams,
requestHeaders

InstallationId of the extension eg: https://desk.zoho.com
/api/v1/installations/
{{installationId}}/storage

Config
Params

{{PROPERTY}}

requestURL,
queryParams,
requestHeaders

Name of Config Param
eg : {{jiraAuthKey}}

resourceName

{{RESOURCETYPE.RESOURCENAME.ID}}

requestURL,
queryParams,
postBody,
requestHeaders

Get Field
eg : https://desk.zoho.com/api/v1/
organizationFields/{{fields.field1.id}}

resourceName

{{RESOURCETYPE.RESOURCENAME.APINAME}}

requestURL,
queryParams,
postBody,
requestHeaders

Set Field
eg : "cf": {
"{{fields.field1.apiName}}": "Testing"
}

 

Specifying Authentication Details in Invoke API  

Invoke API applies the authentication details specified while calling the API, find the below table for specifying the authentication details while calling the invoke API.

 

Auth TypeWhere to specify(Parameter Name)

Description

connections

payload (connectionLinkName)

Name of the connectionLinkName has to be given in the query parameter
connectionLinkName while calling the invoke API.

 

Platform Event Callbacks   

Marketplace supports callbacks for extension's events. Developer can subscribe to the supported events and when the extension event is triggered, callbacks are invoked.

Supported Platform Event Callback's are

  • onInstall
  • onZohoAuthorise
  • onTPAAuthorise
  • onTPARevoke
  • onUpdate
  • onConfigParamAdd
  • onConfigParamDelete
  • onUninstall
Subscribing to the Events

Extension manifest's callbackListener property is used for declaring the callbacks for the extension's events. To subscribe to an event, specify the callback URL in the manifest for the callbackListener's respective event.

Event Callback Request

Whenever the extension event occurs, the callback URL is triggered with security parameters which can be used to call the authenticated APIs

Event Call back Response Format

 EVENT_CALLBACK_HEADERS
      {
        "HASH"            : "xxxxxxxxx"
      }

EVENT_CALLBACK_PAYLOAD_FORMAT
    {
        "event"            : "onZohoAuthorise",
        "orgId"            : 387238,
        "securityContext"  : "2398deio3qwnx3c9xwi3nc3njkh9jfico"
    }


Example:
{ hash:19924d47bc7e673baae4c1234524486481035ba1da5ceb15c4e11829493d7c4a0 }

{ "securityContext": "edbsnc82d97ed649f59f226b2a7872123444fbc0bb0fc108c4e545f38e52783fffb099c3154c0648af856d26d0d9d82cd", "event": "onInstall", "orgId": "761336011", "dc": "US" } 

 
EVENT_CALLBACK_PAYLOAD_FORMAT

Field

Description

event

Name of the event triggered the callback.

Possible values are,

  • onInstall

  • onZohoAuthorise

  • onTPAAuthorise

  • onTPARevoke

  • onUpdate

  • onConfigParamAdd

  • onConfigParamDelete

  • onUninstall

orgId

orgId of the user's organization.

securityContext

securityContext which can be used for calling Desk Invoke API

 

Events Supported

The events supported in Platform event Callbacks are listed below:

onInstall  

onInstall will be triggered when the customer installs an extension. The developer can subscribe to the event with the URL and perform his logic.  

Example usage  

Creating a Third party resource once the customer installs the extension.

onZohoAuthorise  

Once the end user installs the extension, he needs to authorize the desk & TPA (say jira). onZohoAuthorise will be triggered when the customer authorize the DESK. The developer can subscribe to the event with the URL and perform his logic.  

Example usecase  

Creating a Zoho Desk webhook once the desk authorization is completed.

onTPAAuthorise  

The event will be triggered once the user authorize the Third party app.  

Example usecase  

Subscribing or creating a webhook in third party service.

onTPARevoke  

The event will be triggered once the user revoke the Third party app authorization.

Example usecase  

Revoking or deleting the added webhooks in the third party services.

onUpdate  

The event will be triggered when the user upgrade the extension.

Example usecase  

Adding or Updating config params.

onConfigParamAdd  

The event will be triggered when the customer adds configuration params in the extension.  

Example usecase  

In jira extension, when customer adds configuration params such as domain, jiraAuthKey , developer shall create a jira webhook against the jira account.

onConfigParamDelete  

The event will be triggered when the customer adds configuration params in the extension.  

Example usecase  

In jira extension, when customer deletes configuration params such as domain, jiraAuthKey , developer shall delete jira webhook in the jira account.

onUninstall  

The event is triggered when customer uninstall the extension.

Example usecase  

Operations to be performed during un-installation such as deleting webhooks