Skip to product menu
close
  • Sales
    Press Space or Enter to display list of options
EXPLORE ALL PRODUCTS

Sales

 
CRM

Comprehensive CRM platform for customer-facing teams.

CRM
 
Bigin

Simple CRM for small businesses moving from spreadsheets.

Bigin
 
Forms

Build online forms for every business need.

Forms
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Sign

Digital signature app for businesses.

Sign
 
RouteIQ

Comprehensive sales map visualization and optimal route planning solution.

RouteIQ
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Suites
CRM Plus

Unified platform to deliver top-notch customer experience.

CRM Plus

Marketing

 
Social

All-in-one social media management software.

Social
 
Campaigns

Create, send, and track targeted email campaigns that drive sales.

Campaigns
 
Forms

Build online forms for every business need.

Forms
 
Survey

Design surveys to reach and interact with your audience.

Survey
 
Sites

Online website builder with extensive customisation options.

Sites
 
PageSense

Website conversion optimization and personalisation platform.

PageSense
 
Backstage

End-to-end event management software.

Backstage
 
Webinar

Webinar platform for webcasting online webinars.

Webinar
 
Marketing Automation

All-in-one marketing automation software.

Marketing Automation
 
LandingPage

Smart landing page builder to increase conversion rates

LandingPage
 
Publish

Manage all your local business listings on a single platform.

Publish
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Sign

Digital signature app for businesses.

Sign
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
NEW
LeadChain

Sync, manage, and convert leads across channels seamlessly.

LeadChain
 
NEW
CommunitySpaces

Online community platform for individuals and businesses to grow their network and brand.

CommunitySpaces
 
Suites
Marketing Plus

Unified marketing platform for marketing teams.

Marketing Plus

Commerce and POS

 
Commerce

eCommerce platform to manage and market your online store.

Commerce

Service

 
Desk

Helpdesk software to deliver great customer support.

Desk
 
Assist

Remote support and unattended remote access software.

Assist
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
FSM

End-to-end field service management platform for service businesses.

FSM
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Suites
Service Plus

Unified platform for customer service and support teams.

Service Plus

Finance

 
Books

Powerful accounting platform for growing businesses.

Books
 
FREE
Invoice

100% Free invoicing solution.

Invoice
 
Expense

Effortless expense reporting platform.

Expense
 
Inventory

Powerful stock management and inventory control software.

Inventory
 
Billing

End-to-end billing solution for your business.

Billing
 
Checkout

Collect payments online with custom branded pages.

Checkout
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Practice

Practice management software for accounting firms.

Practice
 
Sign

Digital signature app for businesses.

Sign
 
Commerce

eCommerce platform to manage and market your online store.

Commerce
 
Suites
Finance Plus

All-in-one suite to manage your operations and finances.

Finance Plus

Email and Collaboration

 
Mail

Secure email service for teams of all sizes.

Mail
 
Meeting

Online meeting software for all your video conferencing & webinar needs.

Meeting
 
Writer

Word processor for focused writing and discussions.

Writer
 
Sheet

Spreadsheet software for collaborative teams.

Sheet
 
Show

Create, edit, and share slides with a sleek presentation app.

Show
 
Notebook

Beautiful home for all your notes.

Notebook
 
Cliq

Stay in touch with teams no matter where you are.

Cliq
 
Connect

Employee experience platform to communicate, engage, and build positive employee relations.

Connect
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
TeamInbox

Shared inboxes for teams.

TeamInbox
 
WorkDrive

Online file management for teams.

WorkDrive
 
Sign

Digital signature app for businesses.

Sign
 
Office Suite

Powerful collaborative work platform for teams.

Office Suite
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
Calendar

Online business calendar to manage events and schedule appointments.

Calendar
 
Learn

Knowledge and learning management platform.

Learn
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
ToDo

Collaborative task management for individuals and teams.

ToDo
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
FREE
PDF Editor

Collaborative online PDF editing tool.

PDF Editor
 
Suites
Workplace

Application suite built to improve team productivity and collaboration.

Workplace

Human Resources

 
People

Organize, automate, and simplify your HR processes.

People
 
Recruit

Intuitive recruiting platform built to provide hiring solutions.

Recruit
 
Expense

Effortless expense reporting platform.

Expense
 
Workerly

Manage temporary staffing with an employee scheduling solution.

Workerly
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Shifts

Employee scheduling and time tracking app.

Shifts
 
Sign

Digital signature app for businesses.

Sign
 
Suites
People Plus

Comprehensive HR platform for seamless employee experiences.

People Plus

Security and IT Management

 
Creator

Build custom apps to simplify business processes.

Creator
 
Directory

Workforce identity and access management solution for cloud businesses.

Directory
 
FREE
OneAuth

Secure multi-factor authenticator (MFA) for all your online accounts.

OneAuth
 
Vault

Online password manager for teams.

Vault
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Toolkit

Complete resource for any admin-related lookup queries.

Toolkit
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
Assist

Remote support and unattended remote access software.

Assist
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA

BI and Analytics

 
Analytics

Modern self-service BI and analytics platform.

Analytics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep
 
NEW
IoT

Harnessing IoT analytics for real-time operational intelligence.

IoT

Project Management

 
Projects

Manage, track, and collaborate on projects with teams.

Projects
 
Sprints

Planning and tracking tool for scrum teams.

Sprints
 
BugTracker

Automatic bug tracking software for managing bugs.

BugTracker
 
Solo

The all-in-one toolkit for solopreneurs.

Solo

Developer Platforms

 
Creator

Build custom apps to simplify business processes.

Creator
 
Flow

Automate business workflows by creating smart integrations.

Flow
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA
 
NEW
Apptics

Application analytics for all apps.

Apptics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
NEW
IoT

Build, deploy, and scale IoT solutions for connected businesses.

IoT
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep

IoT

 
NEW
IoT

Low-code IoT platform and solutions for connected businesses.

IoT

Search Result

 
CRM Plus

Unified platform to deliver top-notch customer experience.

Try now
CRM Plus
 
Service Plus

Unified platform for customer service and support teams.

Try now
Service Plus
 
Finance Plus

All-in-one suite to manage your operations and finances.

Try now
Finance Plus
 
People Plus

Comprehensive HR platform for seamless employee experiences.

Try now
People Plus
 
Workplace

Application suite built to improve team productivity and collaboration.

Try now
Workplace
 
Marketing Plus

Unified marketing platform for marketing teams.

Try now
Marketing Plus
 
All-in-one suite

Zoho One

The Operating System for Business

Run your entire business on Zoho with our unified cloud software, designed to help you break down silos between departments and increase organizational efficiency.

TRY ZOHO ONE
Zoho One
Zoho Marketplace

With over 2000 ready-to-use extensions across 40+ categories, connect your favorite business tools with the Zoho products you already use.

EXPLORE MARKETPLACE
Marketplace
Skip to main content

OAuth 2.0 Authentication

Overview

OAuth 2.0 is a token based authorization framework that enables limited access to the third-party application. OAuth acts as an intermediary on behalf of the user and provides controlled access, i.e. access only to the resources authenticated by the user and blocking the rest. This strengthens the security and also user data compromise is minimal.

How does it work?

Steve, a client of Zoho, owns a third-party application (say Zylker). Helen, the end user who uses Zylker, wants to gain access to some of the protected data in Zoho. Let's help Helen to access the data.

  1. Steve registers Zylker with Zoho Developer Console. Upon successful registration, a Client ID and a Client Secret is generated.
  2. Helen raises a request to access the protected resources of Zoho via Zylker. 
  3. Helen will be asked for consent so that Zylker can access her data via Zoho Projects API.
  4. If Helen clicks Accept, she will be redirected to the URL (Redirect URL) mentioned while registering the application. 
    • The authorization code is embedded in the URL.
  5. The authorization code is exchanged to obtain Access and Refresh tokens.
  6. Helen can make requests to the API with the access token for the next hour. 
  7. Once the access token expires, it can be regenerated using the refresh token.
  8. The controlled access can be revoked anytime if Helen faces any security breach or if the access is no longer needed.

OAuth2.0 Authentication

Learn the steps to access Zoho Projects' API using OAuth 2.0 authentication.

Register your application with Zoho Developer Console

  1. Go to https://accounts.zoho.com/developerconsole.
  2. Click Add Client ID.

Note: Enter the URL based on your DC.          

EU - accounts.zoho.eu
IN - accounts.zoho.in
AU - accounts.zoho.com.au
CN - accounts.zoho.com.cn
JP - accounts.zoho.jp

  1. Enter the client name, domain, and callback(redirect) URI.
    1. Client Name is the name of your application.
    2. Client Domain is your URL to access the application.
    3. Redirect URI is the callback URL of your application to which the user will be redirected upon successful authorization. The server returns a code parameter as a query string in the redirect URL. This code is used to obtain access and refresh tokens.
  2. Click Create.

  1. On successful registration, you will be provided with Client ID and Client Secret. Note the client credentials to generate authorization code.

 User authorization request

  1. Enter the authorization URL  along with values of the below parameters as a query string.

https://accounts.zoho.com/oauth/v2/auth?scope={scope}&client_id={client_id}&response_type=code&access_type={offline or online}&redirect_uri={redirect_uri}&prompt=consent

Parameters

scopeSpecifies the scope restriction of your application. The scope of each API is mentioned in the particular module (ZohoProjects.<module>.<operation>). Multiple scopes are separated using commas. Example: ZohoProjects.tasks.READ, ZohoProjects.projects.ALL.
client IDEnter the Client ID generated while registering the application.
response_typeSpecify the response_type value as code.
access_typeSpecify as online or offline. Offline access type generates both access and refresh tokens. Online access type provides only access token.
redirect_uriRedirect URI is the callback URL mentioned while registering the application.
promptSpecify the prompt value as consent. The server prompts the user for consent every time before generating an authorization code. If consent is required only once then specify the value as none.
  1. User will be prompted for consent in user authorization page.
  2. Click Accept.

  1. On successful authorization, a code parameter is generated in the redirect URI.
  2. This code is valid for two minutes and it is used to obtain access and refresh token. 

Sample Request

https://accounts.zoho.com/oauth/v2/auth?scope=ZohoProjects.portals.READ,ZohoProjects.projects.ALL,ZohoProjects.tasks.READ&client_id=10*********8G&response_type=code&access_type=offline&redirect_uri=https://www.zylker.com/support&prompt=consent

Sample Response

 Generate access and refresh token

The final step to access Zoho Projects' APIs is to authenticate with an access token. The authorization code can be exchanged to get the access and refresh token.

Note: This code can be exchanged only once. If the code expires then it has to be regenerated.

  1. Make a POST request with the below URL along with the parameters as a query string.

https://accounts.zoho.com/oauth/v2/token?code={grant_token}&redirect_uri={redirect_uri}&client_id={client_id&
client_secret={client_secret}&grant_type=authorization_code

Parameters

codeSpecify the authorization code.
Note: This code is valid only for two mins. Regenerate a fresh code if it expires.
redirect_uriRedirect URI is the callback URL mentioned while registering the application.
client_idSpecify the Client ID generated while registering the application.
client_secretSpecify the Client Secret generated while registering the application.
grant_typeSpecify grant_type value as authorization_code

Sample Request

https://accounts.zoho.com/oauth/v2/token?code=10*******3&redirect_uri=https://www.zylker.com/support&client_id=10****8G&client_secret=67*****f6&grant_type=authorization_code

Sample Response

  1. Use this access token for future requests for the next one hour.
  2. Refresh token is used to fetch new access token when the current one expires.
  3. Refresh token is permanent and can be used to get a new access token.

Note: Creating an access token using a code is typically a one-time process. Use the refresh token to generate the access token to automatically sync your services.

 Regenerate access token

The access token is valid for one hour. As long as the application is authorized, the refresh token can be used to exchange for a new access token.

  1. Make a POST request along with the values of the below parameters as a query string.

https://accounts.zoho.com/oauth/v2/token?refresh_token={refresh_token}&client_id={client_id}&client_secret={client_secret}&grant_type=refresh_token

Parameters

refresh_tokenEnter the refresh token.
client_idEnter the Client ID generated while registering the application.
client_secretEnter the Client Secret generated while registering the application.
grant_typeSpecify grant_type value as refresh_token.

Sample Request

https://accounts.zoho.com/oauth/v2/token?refresh_token=10********db&client_id=10********8G&client_secret=6*******f6&grant_type=refresh_token

Sample Response

 Revoke refresh token

If the end user no longer requires to access the application, they can revoke their access.

  1. Enter the following URL to revoke refresh_token using the POST method

https://accounts.zoho.com/oauth/v2/token/revoke?token={refresh_token}

Sample Request

https://accounts.zoho.com/oauth/v2/token/revoke?token=10**************************************db

Sample Response

Use APIs with the access token

Let us consider an example (Get all portals) API  and make a request with the access token.

  1. Use the GET method and enter the below URL.

https://projectsapi.zoho.com/restapi/portals/

  1. Navigate to Headers section and provide the Key values as below
AuthorizationBearer or Zoho-oauthtoken<space><Access token>.

 

Sample Response:

 

      For common user queries on this topic please refer to the FAQ section.