OAuth for Mail360

Mail360 uses the O-auth (Open Authorization) standard and allows you to authorize your API requests. The Oauth protocol facilitates application owners to securely share their resources with third party applications without having to compromise their credentials.

OAuth overview :

When using OAuth, the client can access the required data using access tokens, without using the user credentials directly. These tokens contain information about the scope of the access, duration of the access and so on. This token is issued by the authorization server after verifying that the request has been made by a legitimate party. The client can then use this token to access the data they need using APIs :

Let us look at an example of how this works :

  1. The application owner, creating an application based on Mail360, signs up for an account.
  2. The owner then generates Client ID, Client Secret.
  3. Next, the owner generates a refresh token. This token can access data that falls under the specific scopes they have selected.
  4. In Mail360's REST API, the Access tokens can be generated based on these Refresh tokens.
  5. The access tokens have a expiry period, after which they need to be regenerated and used. This will ensure that the data is securely accessed using the valid credentials.

Generating Client id and Client secret in Mail360 

You can generate your client id and client secret for your application directly within your Mail360 account.

  1. Login to your Mail360 account.
  2. Navigate to the Authentication section in the left pane. Click the Generate option to generate your client id and client secret.
  3. You will be able to view both the credentials at the top of the section.
  4. These credentials are common for all scope.

Generating refresh token 

The Refresh token can be generated in the UI directly. 

  1. Click the Generate button in the refresh token section.
  2. In the Generate refresh token pop-up, select the scopes you would like to generate the refresh token for. Click Add to include the scopes.
  3. Next, you will be taken to the Zoho accounts page. Click Accept to authorize the action. The refresh token will be generated.
  4. You can generate multiple refresh tokens for different set of scopes depending on your requirement.
  5. A total of 10 refresh tokens can be generated.

Using OAuth to access APIs 

You can generate your access tokens using Refresh token by calling the API given below :

Request URL 

https://mail360.zoho.com/api/access-token

Request body

ParameterTypeDescription
client_idStringClient id generated for the app in Mail360
client_secretStringClient secret associated with the app in Mail360
refresh_tokenStringRefresh token generated previously for which the access token is required.

The access token will be available for a period of 3600 seconds.

Sample request

Copiedcurl "https://mail360.zoho.com/api/access-token" \
-X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
    "refresh_token": "****",
    "client_id": "****",
    "client_secret": "****"
}'

Sample response

Copied{
"status": {
"code":200,
"description":"success"
},
"data": {
"access_token":"73639377.44f1e7513097d484c88750860f9adef7.c9cadb4f21291d6e4ef8a35622a8bec5",
"expires_in_sec":3600
}