Using Authentication Token
To use the API, you'll require the Authentication Token from your CRM account. The authentication token should be passed in the request header for every API request. Please make sure that you have the permission to access the API service. If you do not have permission, please contact your CRM Administrator.
Generate Auth Token
To generate the Auth Token, you need to send an authentication request to the Vertical CRM Accounts using the URL format shown below. Make sure that you are a confirmed user, else while generating the Auth Token the you might receive an error - "ACCOUNT_REGISTRATION_NOT_CONFIRMED".
URL Format
API Mode:
http://<APPDOMAIN>/crm/apiauthtoken.do?EMAIL_ID=[Username/EmailID]&PASSWORD=[Password]
APPDOMAIN is the the application URL that you provide at the time of creation of your application. If you have mapped your custom domain to your application, you can still use this application URL and it will automatically be mapped to your domain. If the EMAIL_ID and PASSWORD contain special characters, then they should be encoded.
For example : If "pharmahub.zohoplatform.com" is your application's URL, the the API format will be
http://pharmahub.zohoplatform.com/crm/apiauthtoken.do?EMAIL_ID=[Username/EmailID]&PASSWORD=[Password]
You will the get the required token as response as shown below.
Sample Response
#
#Wed Feb 29 03:07:33 PST 2012
AUTHTOKEN=1000397765.1000414544.ca1f9949f637a8e667e35bd3654bf82e0c70975ee47349dc57aa7967b151a11a9ea419459381cd82e5757e644904df3315a6a729d528538df406f598c9e4f7f2
RESULT=TRUE
Important
- The Auth Token can be used in all your API calls. You can also see the URL format under Setup > Developer Space > Vertical CRM API.
- User Auth Token must be kept confidential.
- Do NOT expose your Auth Token anywhere in public forums, public repositories or on your website's client side code like HTML or JavaScript.
- Exposing it to public may lead to data theft, loss or corruption.
API Request Format
Every API calls made to the application requires the authtoken passed in the request header.
Sample Code snippet for passing authtoken in request header is shown below:
Code Snippet
Java
DefaultHttpClient httpclient = new DefaultHttpClient();
String url = "http://localhost";
HttpPost httpPost = new HttpPost(url);
httpPost.addHeader("Authorization" , "<Generated Auth Token>");
HttpResponse response = httpclient.execute(httpPost);
VB .NET
HttpWebRequest req= HttpWebRequest.Create("myURL");
req.Headers.Add("Authorization", "<Generated Auth Token>");
Example
Here's an example to fetch records:
https://<APPDOMAIN>/crm/private/xml/Leads/getRecords?
Header:
Authorization=1000397765.1000414544.ca1f9949f637a8e667e35bd3654bf82e0c70975ee47349dc57aa7967b151a11a9ea419459381cd82e5757e644904df3315a6a729d528538df406f598c9e4f7f2
Manage Auth Tokens
You can delete the Auth Token generated for your account (See Generate Auth Token section), and call the below URL.
http://<APPDOMAIN>/crm/deleteapiauthtoken.do?crmauthtoken=<Your AuthToken>
Note:
- Removing an Auth Token will delete the token permanently.
- If you regenerate the Auth Token, update your program with the new token.
Points to Remember
- The Auth Token is user-specific and is a permanent token.
- On deletion, the existing token will be deleted permanently. The new token has to be replaced in all API calls.
- The Auth Token of a user's account will become invalid if the user is deactivated.
- In case, your application requires more than the upper limit, your additional API requests will not be processed. To avoid data transfer issues, please assess your API requirements well in advance. If you need any help, please contact our Support at support@zohoplatform.com