Access Tokens

Quick Links

Marketing Automation API - Version 1

Marketing Automation API uses access and refresh tokens for authentication purpose. Access tokens are viable for a limited time and provide access to requested resources only. There is also permission levels for each module like read, write, create, delete and update using which user action in a module can be restricted.

The authentication process is briefly explained below.

Authentication

You should get authorization from the resource owner before getting the access token. Only valid tokens are eligible to access the resource.

Generate Access and Refresh tokens

This is the most important step in using version 1. You must generate access and refresh tokens before you can start using this version of API.

  1. You must have a client registered in Zoho Accounts. You need the client ID and client secret to request an access token.

  2. Make a request for access for the defined scope.

  3. The Zoho Marketing Automation account owner will look at the request and can accept or deny your request (if you are the owner of the account, you will need to provide access).

  4. Once the request is accepted, code is generated and sent back to the client. If access is denied, the client is informed of this.

  5. Using the code generated in the previous step, the client requests access and refresh tokens from Zoho Accounts.

  6. Access and refresh tokens are generated and sent to the client. The client can now use version 1. APIs.

You need to follow this cycle every time you need an access and refresh token.

Scope

Marketing Automation gives resource access based on the scope We have a module specific scopes. Users can access resources under authorized scopes only. Resources under unauthorized scopes are restricted to the user. If you need to access a resource under the unauthorized scope you should get authorization from the owner.

Module

Scope Name

Description

Campaigns

ZohoMarketingAutomation.campaign.CREATE

To create a campaign.

ZohoMarketingAutomation.campaign.READ

To view report/details of a campaign.

ZohoMarketingAutomation.campaign.UPDATE

To update a campaign

ZohoMarketingAutomation.campaign.DELETE

To delete a campaign

LeadsZohoMarketingAutomation.lead.CREATE

 

To create leads/mailing lists

ZohoMarketingAutomation.lead.READ

To view details/report of leads/mailing lists .

ZohoMarketingAutomation.lead.UPDATE

To update the leads/mailing lists.

ZohoMarketingAutomation.lead.DELETE

To delete mailing lists

Journeys

ZohoMarketingAutomation.journey.READ

To view reports/details of a journey .

ZohoMarketingAutomation.journey.CREATE

To create a journey. 
Web Assistants

ZohoMarketingAutomation.wa.READ

To view reports/details of a web assistant.

 

 

Other additional scopes

  • ZohoMarketingAutomation.campaign.CREATE-UPDATE - To create, clone, and edit a campaign. (CREATE,UPDATE)
  • ZohoMarketingAutomation.campaign.WRITE - To create, modify, and delete campaigns. (CREATE,UPDATE, DELETE)
  • ZohoMarketingAutomation.campaign.ALL - To view, create, modify, and delete campaigns. (READ, CREATE, UPDATE, DELETE)
  • ZohoMarketingAutomation.lead.CREATE-UPDATE - To create and edit leads or mailing lists.(CREATE,UPDATE)
  • ZohoMarketingAutomation.lead.WRITE - To create, edit, and delete leads or mailing lists.(CREATE,UPDATE, DELETE)
  • ZohoMarketingAutomation.lead.ALL - To create, edit, view, and delete leads or mailing lists. (READ, CREATE, UPDATE, DELETE)

How to use APIs

  1. Create a API Client in Accounts, with the required scope.

  2. Obtain access and refresh tokens as mentioned in "Generate Access and Refresh token."

  3. Make an API request with access token obtained in step 2.

Sample request

Let us see a sample request for create campaign API in version 1.

Header: Authorization: Zoho-oauthtoken <token>

XML/JSON

https://marketingautomation.zoho.com/api/v1/createCampaign?campaignname=<provide_campaignname>&from_email=<provide_email>&subject=<providesubject>&resfmt=JSON&list_details=<provide_list_key>