A sorta quick article to note how I can generate refresh tokens and access tokens using Zoho Deluge code (so within Zoho Creator, CRM or Books) without XML calls.
Why?
I find myself using this more and more now that API v1 is on the way out and Zoho Deluge by itself is limited somewhat with regards to functionality and record editing when compared to API v2.
How?
Note that this is using Zoho Deluge and not another server-side script such as PHP to send the requests via API.
Following standard OAuth 2.0 procedures, we will get a Code to generate a Refresh token, once we have a Refresh token we will generate an Access token.
Pre-amble
Quit trying to generate an authtoken v1 (CRM Deprecation Sunset Date: 31st December 2019).
- Go to the Zoho Developer Console
- Create a Zoho Client ID
- Either use self-client for a code or use the below to generate one.
Code
Here you will need your own client ID and client secret generated from the developer console in the following snippet:
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455"; v_RedirectUri = "https://www.zoho.com/books"; // can be any endpoint that does not redirect or reformat the resulting URL // // get Grant Token v_EndPoint = "https://accounts.zoho.com/oauth/v2/auth"; v_Scope = "ZohoBooks.contacts.ALL,ZohoBooks.invoices.ALL,ZohoBooks.purchaseorders.ALL"; v_State = "testing"; v_ResponseType = "code"; v_Access = "offline"; v_Prompt = "consent"; l_Params = List(); l_Params.add("scope=" + v_Scope); l_Params.add("client_id=" + v_ClientID); l_Params.add("state=" + v_State); l_Params.add("response_type=" + v_ResponseType); l_Params.add("redirect_uri=" + v_RedirectUri); l_Params.add("access_type=" + v_Access); l_Params.add("prompt=" + v_Prompt); v_Url = v_EndPoint + "?" + l_Params.toString("&"); info v_Url; openUrl( v_Url , "new window");
- v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
- v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
- v_RedirectUri = "https://www.zoho.com/books";  // can be any endpoint that does not redirect or reformat the resulting URL
- //
- // get Grant Token
- v_EndPoint = "https://accounts.zoho.com/oauth/v2/auth";
- v_Scope = "ZohoBooks.contacts.ALL,ZohoBooks.invoices.ALL,ZohoBooks.purchaseorders.ALL";
- v_State = "testing";
- v_ResponseType = "code";
- v_Access = "offline";
- v_Prompt = "consent";
- l_Params = List();
- l_Params.add("scope=" + v_Scope);
- l_Params.add("client_id=" + v_ClientID);
- l_Params.add("state=" + v_State);
- l_Params.add("response_type=" + v_ResponseType);
- l_Params.add("redirect_uri=" + v_RedirectUri);
- l_Params.add("access_type=" + v_Access);
- l_Params.add("prompt=" + v_Prompt);
- v_Url = v_EndPoint + "?" + l_Params.toString("&");
- info v_Url;
- openUrl( v_Url , "new window");
Refresh Token
With the code you have received via the URL, enter this in the code below to generate a refresh token:
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455"; v_RedirectUri = "https://www.zoho.com/books"; // // enter the code received in the previous step v_Code = "1000.00001111222233334444555566667777888899990000aaaabbbbccccddddeeeef"; v_EndPoint = "https://accounts.zoho.com/oauth/v2/token"; v_GrantType = "authorization_code"; m_Payload = Map(); m_Payload.put("code",v_Code); m_Payload.put("client_id",v_ClientID); m_Payload.put("client_secret",v_ClientSecret); m_Payload.put("redirect_uri",v_RedirectUri); m_Payload.put("grant_type",v_GrantType); r_AuthToken = invokeurl [ url :v_EndPoint type :POST parameters:m_Payload ]; info r_AuthToken;
- v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
- v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
- v_RedirectUri = "https://www.zoho.com/books";
- //
- // enter the code received in the previous step
- v_Code = "1000.00001111222233334444555566667777888899990000aaaabbbbccccddddeeeef";
- v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
- v_GrantType = "authorization_code";
- m_Payload = Map();
- m_Payload.put("code",v_Code);
- m_Payload.put("client_id",v_ClientID);
- m_Payload.put("client_secret",v_ClientSecret);
- m_Payload.put("redirect_uri",v_RedirectUri);
- m_Payload.put("grant_type",v_GrantType);
- r_AuthToken = invokeUrl
- [
- url :v_EndPoint
- type :POST
- parameters:m_Payload
- ];
- info r_AuthToken;
Access Token
This will expire after 1 hour so either you find a way to store the access token for reuse or generate a new one in every request.
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455"; v_RedirectUri = "https://www.zoho.com/books"; // // enter the refresh token received in the previous step v_RefreshToken = "1000.aaaabbbbccccddddeeeeffff11112222.33334444555566667777888899990000"; v_EndPoint = "https://accounts.zoho.com/oauth/v2/token"; v_GrantType = "refresh_token"; m_Payload = Map(); m_Payload.put("refresh_token",v_RefreshToken); m_Payload.put("client_id",v_ClientID); m_Payload.put("client_secret",v_ClientSecret); m_Payload.put("redirect_uri",v_RedirectUri); m_Payload.put("grant_type",v_GrantType); r_AuthToken = invokeurl [ url :v_EndPoint type :POST parameters:m_Payload ]; v_AccessToken = r_AuthToken.get("access_token");
- v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
- v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
- v_RedirectUri = "https://www.zoho.com/books";
- //
- // enter the refresh token received in the previous step
- v_RefreshToken = "1000.aaaabbbbccccddddeeeeffff11112222.33334444555566667777888899990000";
- v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
- v_GrantType = "refresh_token";
- m_Payload = Map();
- m_Payload.put("refresh_token",v_RefreshToken);
- m_Payload.put("client_id",v_ClientID);
- m_Payload.put("client_secret",v_ClientSecret);
- m_Payload.put("redirect_uri",v_RedirectUri);
- m_Payload.put("grant_type",v_GrantType);
- r_AuthToken = invokeUrl
- [
- url :v_EndPoint
- type :POST
- parameters:m_Payload
- ];
- v_AccessToken = r_AuthToken.get("access_token");
Now you have an access token you can build your header and send requests:
m_Header = Map(); m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken); m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8"); // optional m_Data= Map(); m_Data.put("data",m_RecordData.toJSONList()); // NOTE: convert this to a JSON Array r_RecordUpdate = invokeUrl [ url :v_EndPoint type :PUT headers: m_Header parameters:m_Data.toString() ]; // NOTE: convert parameters variable to a string
- m_Header = Map();
- m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
- m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");  // optional
- m_Data= Map();
- m_Data.put("data",m_RecordData.toJSONList());  // NOTE: convert this to a JSON Array
- r_RecordUpdate = invokeUrl
- [
- url :v_EndPoint
- type :PUT
- headers: m_Header
- parameters:m_Data.toString()
- ];
- // NOTE: convert parameters variable to a string
Common Error(s):
- {"error":"invalid_code"}: Happens if you have a wrong CODE or generated another one after the one you're using. You need to use the latest CODE as any new one expires any previously generated ones. A code lasts between 1 to 10 minutes.
- {"code": "AUTHENTICATION_FAILURE","details": [],"message": "Authentication failed","status": "error"}: I have had this error with API v2 when I'm using PHP/cURL and not deluge to get a list of contact records. As I'm listing errors encountered, I'm adding it to this list. If submitting the headers as an array, note that it must NOT be an associative array:copyrawIf you are using the SDK and still get the above error, try setting the currentUserEmail to the email address of the super admin of your system just to check, then set a valid user preferably other than the super-admin.
// this won't work $a_Header['Authorization'] = "Zoho-oauthtoken " . $v_AccessToken; $a_Header['Content-Type'] = "application/x-www-form-urlencoded;charset=UTF-8"; // this will work $a_Header[0] = "Authorization: Zoho-oauthtoken " . $v_AccessToken; $a_Header[1] = "Content-Type: application/x-www-form-urlencoded;charset=UTF-8";
- // this won't work
- $a_Header['Authorization'] = "Zoho-oauthtoken " . $v_AccessToken;
- $a_Header['Content-Type'] = "application/x-www-form-urlencoded;charset=UTF-8";
- // this will work
- $a_Header[0] = "Authorization: Zoho-oauthtoken " . $v_AccessToken;
- $a_Header[1] = "Content-Type: application/x-www-form-urlencoded;charset=UTF-8";
- {"code":"INVALID_DATA","details":{"expected_data_type":"jsonobject"},"message":"body","status":"error"}: Happens if you don't convert the field-value pair dataset to a string:
copyraw
m_RecordData = Map(); m_RecordData.put("Field_To_Update", "Value_To_Put"); m_Data = Map(); m_Data.put("data",m_RecordData.toJSONList()); r_RecordUpdate = invokeUrl [ url :v_EndPoint type :PUT headers: m_Header parameters:m_Data // MISSING .toString() to convert this ensuring it is not a list or map ];
- m_RecordData = Map();
- m_RecordData.put("Field_To_Update", "Value_To_Put");
- m_Data = Map();
- m_Data.put("data",m_RecordData.toJSONList());
- r_RecordUpdate = invokeUrl
- [
- url :v_EndPoint
- type :PUT
- headers: m_Header
- parameters:m_Data  // MISSING .toString() to convert this ensuring it is not a list or map
- ];
- {"code":"AUTHTOKEN_DEPRECATED","details":{},"message":"Authtoken support is deprecated","status":"error"}: Happens when using a CRM connector of type "Zoho". Another type of connector for v2 is called "Zoho OAuth". Re-create the connectors with the latter:
- {"code":4,"message":"Invalid value passed for JSONString"}: Can happen when posting to ZohoBooks and you haven't put JSONString into a map as follows:
copyraw
m_Header = Map(); m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken); m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8"); m_CreateContactPerson = Map(); m_CreateContactPerson.put("contact_id", "1234567890123456"); // the account ID in books m_CreateContactPerson.put("first_name", "Joel"); m_CreateContactPerson.put("last_name", "Lipman"); m_CreateContactPerson.put("email", "This email address is being protected from spambots. You need JavaScript enabled to view it."); m_CreateRecord = Map(); m_CreateRecord.put("JSONString",m_CreateContactPerson); r_Response = invokeUrl [ url: "https://books.zoho.com/api/v3/contacts/contactpersons?organization_id=12345678901" type: POST headers: m_Header parameters: m_CreateRecord ];
- m_Header = Map();
- m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
- m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
- m_CreateContactPerson = Map();
- m_CreateContactPerson.put("contact_id", "1234567890123456");  // the account ID in books
- m_CreateContactPerson.put("first_name", "Joel");
- m_CreateContactPerson.put("last_name", "Lipman");
- m_CreateContactPerson.put("email", "This email address is being protected from spambots. You need JavaScript enabled to view it.");
- m_CreateRecord = Map();
- m_CreateRecord.put("JSONString",m_CreateContactPerson);
- r_Response = invokeUrl [
- url: "https://books.zoho.com/api/v3/contacts/contactpersons?organization_id=12345678901"
- type: POST
- headers: m_Header
- parameters: m_CreateRecord
- ];
- {"code":"MANDATORY_NOT_FOUND","details":{"api_name":"data"},"message":"required field not found","status":"error"}: Happens if you put "JSONstring" instead of "data". Depending on the context of your code (ie. Books API v3=JSONString; CRM API v2=data), you will need to put either. Or your request is missing a field that is required by your CRM (is set to mandatory for users to enter data). Otherwise:
copyraw
m_Data = Map(); m_Data.put("JSONString",m_RecordData.toJSONList()); // change JSONString to data r_RecordUpdate = invokeUrl [ url :v_EndPoint type :PUT headers: m_Header parameters:m_Data.toString() ];
- m_Data = Map();
- m_Data.put("JSONString",m_RecordData.toJSONList());  // change JSONString to data
- r_RecordUpdate = invokeUrl
- [
- url :v_EndPoint
- type :PUT
- headers: m_Header
- parameters:m_Data.toString()
- ];
- {"code":"INVALID_DATA","details":{"expected_data_type":"jsonarray","api_name":"data"},"message":"invalid data","status":"error"}: Happens if you submit "data" as something other than a JSON Array:
copyraw
m_Data = Map(); m_Data.put("data",m_RecordData); // MISSING .toJSONList() to convert m_RecordData to a JSON Array r_RecordUpdate = invokeUrl [ url :v_EndPoint type :PUT headers: m_Header parameters:m_Data.toString() ];
- m_Data = Map();
- m_Data.put("data",m_RecordData);  // MISSING .toJSONList() to convert m_RecordData to a JSON Array
- r_RecordUpdate = invokeUrl
- [
- url :v_EndPoint
- type :PUT
- headers: m_Header
- parameters:m_Data.toString()
- ];
- {"code":"INVALID_TOKEN","details":{},"message":"invalid oauth token","status":"error"}: Can happen if the request is out of scope but also if your endpoint is going to .COM instead of .EU (or vice-versa). You can check this by logging into your Zoho product (eg. CRM) and looking at the top level domain
copyraw
// If your CRM is accessed by visiting https://www.zoho.com/eu or https://crm.zoho.eu then v_Endpoint = "https://accounts.zoho.eu/oauth/v2/auth"; // for EU servers v_Endpoint = "https://accounts.zoho.eu/oauth/v2/token"; // for EU servers v_Endpoint = "https://www.zohoapis.eu/crm/v2/<module_name>"; // for EU servers // If your CRM is accessed by visiting https://www.zoho.com/crm or https://crm.zoho.com then v_Endpoint = "https://accounts.zoho.com/oauth/v2/auth"; // for US servers v_Endpoint = "https://accounts.zoho.com/oauth/v2/token"; // for US servers v_Endpoint = "https://www.zohoapis.com/crm/v2/<module_name>"; // for US servers // If your CRM is accessed by visiting https://www.zoho.com.cn/crm or https://crm.zoho.com.cn then v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/auth"; // for China servers v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/token"; // for China servers v_Endpoint = "https://www.zohoapis.com.cn/crm/v2/<module_name>"; // for China servers
- // If your CRM is accessed by visiting https://www.zoho.com/eu or https://crm.zoho.eu then
- v_Endpoint = "https://accounts.zoho.eu/oauth/v2/auth";  // for EU servers
- v_Endpoint = "https://accounts.zoho.eu/oauth/v2/token";  // for EU servers
- v_Endpoint = "https://www.zohoapis.eu/crm/v2/<module_name>";  // for EU servers
- // If your CRM is accessed by visiting https://www.zoho.com/crm or https://crm.zoho.com then
- v_Endpoint = "https://accounts.zoho.com/oauth/v2/auth";  // for US servers
- v_Endpoint = "https://accounts.zoho.com/oauth/v2/token";  // for US servers
- v_Endpoint = "https://www.zohoapis.com/crm/v2/<module_name>";  // for US servers
- // If your CRM is accessed by visiting https://www.zoho.com.cn/crm or https://crm.zoho.com.cn then
- v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/auth";  // for China servers
- v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/token";  // for China servers
- v_Endpoint = "https://www.zohoapis.com.cn/crm/v2/<module_name>";  // for China servers
Scope(s) to include ALL modules:
- Books: ZohoBooks.fullaccess.all
- CRM: ZohoCRM.modules.ALL,ZohoCRM.settings.ALL
Zoho Books API v3 Limits 2019:
- Free Organization - 1000 API calls/day and 100 API calls/minute
- Paid Organization - 2500 API calls/day and 100 API calls/minute
Zoho CRM API v2 Limits 2019:
- Free Edition: 5000 API calls/day
- Standard/Starter Edition: 5000 + (Number of User licenses x 250) API calls/day [Maximum 100,000]
- Professional Edition: 10000 + (Number of User licenses x 500) API calls/day [Maxiumum 500,000]
- Enterprise/Zoho One/CRM Plus: 15000 + (Number of User licenses x 1000) API calls/day [Maximum 1,000,000]
- Ultimate Edition: 15000 + (Number of User licenses x 2000) API calls/day [Maximum 2,000,000]
Source(s):