For Zoho Services only:


I'm actually part of a bigger team at Ascent Business Solutions where we have support technicians and project consultants. Support is for smaller technical fixes but this can include developments, reports or integrations; depending on the size of the task. Projects are for more time-consuming developments such as revamps of the Zoho Suite of apps or on-site training. The advantage of a team is that if I am out-of-office for a day or so, there is always someone at Ascent Business Solutions who can deal with any queries/issues you may have.

Our support rates can be found and purchased at http://ascentbusiness.co.uk/zoho-support-2. A support bundle doesn't have an expiry date. So whether we can do what you want within the bundle and a year later need further support, if there are minutes left on the bundle then there is no additional charge.

Our project rates for bigger developments can be found at http://ascentbusiness.co.uk/crm-solutions/zoho-crm-packages-prices and will involve a dedicated project consultant along with developers who will hold your hand through the development process.

If you want help building a solution for one of the Zoho Apps in the Zoho Suite, contact us on 0121 293 8140 (UK) or by email at info@ascentbusiness.co.uk. You can also visit our website at http://ascentbusiness.co.uk.

I regularly build and specialize in 2-way API integrations for Xero, Shopify and eBay.

Zoho Deluge - Get Refresh/Access Token API v2

What?
A sorta quick article to note how I can generate refresh tokens and access tokens using Zoho Deluge code (so within Zoho Creator, CRM or Books) without XML calls.

Why?
I find myself using this more and more now that API v1 is on the way out and Zoho Deluge by itself is limited somewhat with regards to functionality and record editing when compared to API v2.

How?
Note that this is using Zoho Deluge and not another server-side script such as PHP to send the requests via API.

Following standard OAuth 2.0 procedures, we will get a Code to generate a Refresh token, once we have a Refresh token we will generate an Access token.

Pre-amble
Quit trying to generate an authtoken v1 (CRM Deprecation Sunset Date: 31st December 2019).
  1. Go to the Zoho Developer Console
  2. Create a Zoho Client ID
  3. Either use self-client for a code or use the below to generate one.

Code
Here you will need your own client ID and client secret generated from the developer console in the following snippet:
copyraw
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";  // can be any endpoint that does not redirect or reformat the resulting URL
//  
// get Grant Token
v_EndPoint = "https://accounts.zoho.com/oauth/v2/auth";
v_Scope = "ZohoBooks.contacts.ALL,ZohoBooks.invoices.ALL,ZohoBooks.purchaseorders.ALL";
v_State = "testing";
v_ResponseType = "code";
v_Access = "offline";
v_Prompt = "consent";
l_Params = List();
l_Params.add("scope=" + v_Scope);
l_Params.add("client_id=" + v_ClientID);
l_Params.add("state=" + v_State);
l_Params.add("response_type=" + v_ResponseType);
l_Params.add("redirect_uri=" + v_RedirectUri);
l_Params.add("access_type=" + v_Access);
l_Params.add("prompt=" + v_Prompt);
v_Url = v_EndPoint + "?" + l_Params.toString("&");
info v_Url;
openUrl( v_Url , "new window");
  1.  v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"
  2.  v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455"
  3.  v_RedirectUri = "https://www.zoho.com/books";  // can be any endpoint that does not redirect or reformat the resulting URL 
  4.  // 
  5.  // get Grant Token 
  6.  v_EndPoint = "https://accounts.zoho.com/oauth/v2/auth"
  7.  v_Scope = "ZohoBooks.contacts.ALL,ZohoBooks.invoices.ALL,ZohoBooks.purchaseorders.ALL"
  8.  v_State = "testing"
  9.  v_ResponseType = "code"
  10.  v_Access = "offline"
  11.  v_Prompt = "consent"
  12.  l_Params = List()
  13.  l_Params.add("scope=" + v_Scope)
  14.  l_Params.add("client_id=" + v_ClientID)
  15.  l_Params.add("state=" + v_State)
  16.  l_Params.add("response_type=" + v_ResponseType)
  17.  l_Params.add("redirect_uri=" + v_RedirectUri)
  18.  l_Params.add("access_type=" + v_Access)
  19.  l_Params.add("prompt=" + v_Prompt)
  20.  v_Url = v_EndPoint + "?" + l_Params.toString("&")
  21.  info v_Url; 
  22.  openUrl( v_Url , "new window")
This will open a page for you with a Zoho Consent form where you confirm whether your app is allowed to access the data within the specified scope(s). If you run this as a standalone, then this will simply tell you what the link is to go to. Agree and note the code parameter passed in the URL (ie. "&code=..."). Also note that any generated code immediately expires any previously generated code.

Refresh Token
With the code you have received via the URL, enter this in the code below to generate a refresh token:
copyraw
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";
//  
// enter the code received in the previous step
v_Code = "1000.00001111222233334444555566667777888899990000aaaabbbbccccddddeeeef";
v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
v_GrantType = "authorization_code";
m_Payload = Map();
m_Payload.put("code",v_Code);
m_Payload.put("client_id",v_ClientID);
m_Payload.put("client_secret",v_ClientSecret);
m_Payload.put("redirect_uri",v_RedirectUri);
m_Payload.put("grant_type",v_GrantType);
r_AuthToken = invokeurl
[
	url :v_EndPoint
	type :POST
	parameters:m_Payload
];
info r_AuthToken;
  1.  v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"
  2.  v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455"
  3.  v_RedirectUri = "https://www.zoho.com/books"
  4.  // 
  5.  // enter the code received in the previous step 
  6.  v_Code = "1000.00001111222233334444555566667777888899990000aaaabbbbccccddddeeeef"
  7.  v_EndPoint = "https://accounts.zoho.com/oauth/v2/token"
  8.  v_GrantType = "authorization_code"
  9.  m_Payload = Map()
  10.  m_Payload.put("code",v_Code)
  11.  m_Payload.put("client_id",v_ClientID)
  12.  m_Payload.put("client_secret",v_ClientSecret)
  13.  m_Payload.put("redirect_uri",v_RedirectUri)
  14.  m_Payload.put("grant_type",v_GrantType)
  15.  r_AuthToken = invokeUrl 
  16.  [ 
  17.      url :v_EndPoint 
  18.      type :POST 
  19.      parameters:m_Payload 
  20.  ]
  21.  info r_AuthToken; 
Once you have a refresh token, it is not necessary to generate another refresh token as it does not expire. You would only generate a new one if you were changing scope. There is a limit of 20 refresh tokens. Any refresh tokens generated after will overwrite the oldest one.

Access Token
This will expire after 1 hour so either you find a way to store the access token for reuse or generate a new one in every request.
copyraw
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";
//  
// enter the refresh token received in the previous step
v_RefreshToken = "1000.aaaabbbbccccddddeeeeffff11112222.33334444555566667777888899990000";
v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
v_GrantType = "refresh_token";
m_Payload = Map();
m_Payload.put("refresh_token",v_RefreshToken);
m_Payload.put("client_id",v_ClientID);
m_Payload.put("client_secret",v_ClientSecret);
m_Payload.put("redirect_uri",v_RedirectUri);
m_Payload.put("grant_type",v_GrantType);
r_AuthToken = invokeurl
[
	url :v_EndPoint
	type :POST
	parameters:m_Payload
];
v_AccessToken = r_AuthToken.get("access_token");
  1.  v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"
  2.  v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455"
  3.  v_RedirectUri = "https://www.zoho.com/books"
  4.  // 
  5.  // enter the refresh token received in the previous step 
  6.  v_RefreshToken = "1000.aaaabbbbccccddddeeeeffff11112222.33334444555566667777888899990000"
  7.  v_EndPoint = "https://accounts.zoho.com/oauth/v2/token"
  8.  v_GrantType = "refresh_token"
  9.  m_Payload = Map()
  10.  m_Payload.put("refresh_token",v_RefreshToken)
  11.  m_Payload.put("client_id",v_ClientID)
  12.  m_Payload.put("client_secret",v_ClientSecret)
  13.  m_Payload.put("redirect_uri",v_RedirectUri)
  14.  m_Payload.put("grant_type",v_GrantType)
  15.  r_AuthToken = invokeUrl 
  16.  [ 
  17.      url :v_EndPoint 
  18.      type :POST 
  19.      parameters:m_Payload 
  20.  ]
  21.  v_AccessToken = r_AuthToken.get("access_token")

Now you have an access token you can build your header and send requests:
copyraw
m_Header = Map();
m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");  // optional
m_Data= Map();
m_Data.put("data",m_RecordData.toJSONList());  // NOTE: convert this to a JSON Array
r_RecordUpdate = invokeUrl
[
	url :v_EndPoint
	type :PUT
	headers: m_Header
	parameters:m_Data.toString() 
];
// NOTE: convert parameters variable to a string
  1.  m_Header = Map()
  2.  m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken)
  3.  m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");  // optional 
  4.  m_Data= Map()
  5.  m_Data.put("data",m_RecordData.toJSONList());  // NOTE: convert this to a JSON Array 
  6.  r_RecordUpdate = invokeUrl 
  7.  [ 
  8.      url :v_EndPoint 
  9.      type :PUT 
  10.      headers: m_Header 
  11.      parameters:m_Data.toString() 
  12.  ]
  13.  // NOTE: convert parameters variable to a string 

Common Error(s):
  • {"error":"invalid_code"}: Happens if you have a wrong CODE or generated another one after the one you're using. You need to use the latest CODE as any new one expires any previously generated ones. A code lasts between 1 to 10 minutes.
  • {"code": "AUTHENTICATION_FAILURE","details": [],"message": "Authentication failed","status": "error"}: I have had this error with API v2 when I'm using PHP/cURL and not deluge to get a list of contact records. As I'm listing errors encountered, I'm adding it to this list. If submitting the headers as an array, note that it must NOT be an associative array:
    copyraw
    // this won't work
    $a_Header['Authorization'] = "Zoho-oauthtoken " . $v_AccessToken;
    $a_Header['Content-Type'] = "application/x-www-form-urlencoded;charset=UTF-8";
    
    // this will work
    $a_Header[0] = "Authorization: Zoho-oauthtoken " . $v_AccessToken;
    $a_Header[1] = "Content-Type: application/x-www-form-urlencoded;charset=UTF-8";
    1.  // this won't work 
    2.  $a_Header['Authorization'] = "Zoho-oauthtoken " . $v_AccessToken
    3.  $a_Header['Content-Type'] = "application/x-www-form-urlencoded;charset=UTF-8"
    4.   
    5.  // this will work 
    6.  $a_Header[0] = "Authorization: Zoho-oauthtoken " . $v_AccessToken
    7.  $a_Header[1] = "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
    If you are using the SDK and still get the above error, try setting the currentUserEmail to the email address of the super admin of your system just to check, then set a valid user preferably other than the super-admin.
  • {"code":"INVALID_DATA","details":{"expected_data_type":"jsonobject"},"message":"body","status":"error"}: Happens if you don't convert the field-value pair dataset to a string:
    copyraw
    m_RecordData = Map();
    m_RecordData.put("Field_To_Update", "Value_To_Put");
    m_Data = Map();
    m_Data.put("data",m_RecordData.toJSONList());
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	headers: m_Header
    	parameters:m_Data  // MISSING .toString() to convert this ensuring it is not a list or map
    ];
    1.  m_RecordData = Map()
    2.  m_RecordData.put("Field_To_Update", "Value_To_Put")
    3.  m_Data = Map()
    4.  m_Data.put("data",m_RecordData.toJSONList())
    5.  r_RecordUpdate = invokeUrl 
    6.  [ 
    7.      url :v_EndPoint 
    8.      type :PUT 
    9.      headers: m_Header 
    10.      parameters:m_Data  // MISSING .toString() to convert this ensuring it is not a list or map 
    11.  ]
  • {"code":"AUTHTOKEN_DEPRECATED","details":{},"message":"Authtoken support is deprecated","status":"error"}: Happens when using a CRM connector of type "Zoho". Another type of connector for v2 is called "Zoho OAuth". Re-create the connectors with the latter:
    copyraw
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	parameters:m_Data
    	connection: myconnector
    ];
    1.  r_RecordUpdate = invokeUrl 
    2.  [ 
    3.      url :v_EndPoint 
    4.      type :PUT 
    5.      parameters:m_Data 
    6.      connection: myconnector 
    7.  ]
  • {"code":4,"message":"Invalid value passed for JSONString"}: Can happen when posting to ZohoBooks and you haven't put JSONString into a map as follows:
    copyraw
    m_Header = Map();
    m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
    m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
    m_CreateContactPerson = Map();
    m_CreateContactPerson.put("contact_id", "1234567890123456");  // the account ID in books
    m_CreateContactPerson.put("first_name", "Joel");
    m_CreateContactPerson.put("last_name", "Lipman");
    m_CreateContactPerson.put("email", "This email address is being protected from spambots. You need JavaScript enabled to view it.");
    m_CreateRecord = Map();
    m_CreateRecord.put("JSONString",m_CreateContactPerson);
    r_Response = invokeUrl [
        url: "https://books.zoho.com/api/v3/contacts/contactpersons?organization_id=12345678901"
        type: POST
        headers: m_Header
        parameters: m_CreateRecord
    ];
    1.  m_Header = Map()
    2.  m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken)
    3.  m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8")
    4.  m_CreateContactPerson = Map()
    5.  m_CreateContactPerson.put("contact_id", "1234567890123456");  // the account ID in books 
    6.  m_CreateContactPerson.put("first_name", "Joel")
    7.  m_CreateContactPerson.put("last_name", "Lipman")
    8.  m_CreateContactPerson.put("email", "This email address is being protected from spambots. You need JavaScript enabled to view it.")
    9.  m_CreateRecord = Map()
    10.  m_CreateRecord.put("JSONString",m_CreateContactPerson)
    11.  r_Response = invokeUrl [ 
    12.      url: "https://books.zoho.com/api/v3/contacts/contactpersons?organization_id=12345678901" 
    13.      type: POST 
    14.      headers: m_Header 
    15.      parameters: m_CreateRecord 
    16.  ]
  • {"code":"MANDATORY_NOT_FOUND","details":{"api_name":"data"},"message":"required field not found","status":"error"}: Happens if you put "JSONstring" instead of "data". Depending on the context of your code (ie. Books API v3=JSONString; CRM API v2=data), you will need to put either. Or your request is missing a field that is required by your CRM (is set to mandatory for users to enter data). Otherwise:
    copyraw
    m_Data = Map();
    m_Data.put("JSONString",m_RecordData.toJSONList());   // change JSONString to data
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	headers: m_Header
    	parameters:m_Data.toString() 
    ];
    1.  m_Data = Map()
    2.  m_Data.put("JSONString",m_RecordData.toJSONList());   // change JSONString to data 
    3.  r_RecordUpdate = invokeUrl 
    4.  [ 
    5.      url :v_EndPoint 
    6.      type :PUT 
    7.      headers: m_Header 
    8.      parameters:m_Data.toString() 
    9.  ]
  • {"code":"INVALID_DATA","details":{"expected_data_type":"jsonarray","api_name":"data"},"message":"invalid data","status":"error"}: Happens if you submit "data" as something other than a JSON Array:
    copyraw
    m_Data = Map();
    m_Data.put("data",m_RecordData);  // MISSING .toJSONList() to convert m_RecordData to a JSON Array
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	headers: m_Header
    	parameters:m_Data.toString() 
    ];
    1.  m_Data = Map()
    2.  m_Data.put("data",m_RecordData);  // MISSING .toJSONList() to convert m_RecordData to a JSON Array 
    3.  r_RecordUpdate = invokeUrl 
    4.  [ 
    5.      url :v_EndPoint 
    6.      type :PUT 
    7.      headers: m_Header 
    8.      parameters:m_Data.toString() 
    9.  ]
  • {"code":"INVALID_TOKEN","details":{},"message":"invalid oauth token","status":"error"}: Can happen if the request is out of scope but also if your endpoint is going to .COM instead of .EU (or vice-versa). You can check this by logging into your Zoho product (eg. CRM) and looking at the top level domain
    copyraw
    // If your CRM is accessed by visiting https://www.zoho.com/eu or https://crm.zoho.eu then
    v_Endpoint = "https://accounts.zoho.eu/oauth/v2/auth";   // for EU servers
    v_Endpoint = "https://accounts.zoho.eu/oauth/v2/token";   // for EU servers
    v_Endpoint = "https://www.zohoapis.eu/crm/v2/<module_name>";   // for EU servers
    
    // If your CRM is accessed by visiting https://www.zoho.com/crm or https://crm.zoho.com then
    v_Endpoint = "https://accounts.zoho.com/oauth/v2/auth";   // for US servers
    v_Endpoint = "https://accounts.zoho.com/oauth/v2/token";   // for US servers
    v_Endpoint = "https://www.zohoapis.com/crm/v2/<module_name>";  // for US servers
    
    // If your CRM is accessed by visiting https://www.zoho.com.cn/crm or https://crm.zoho.com.cn then
    v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/auth";   // for China servers
    v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/token";   // for China servers
    v_Endpoint = "https://www.zohoapis.com.cn/crm/v2/<module_name>";  // for China servers
    1.  // If your CRM is accessed by visiting https://www.zoho.com/eu or https://crm.zoho.eu then 
    2.  v_Endpoint = "https://accounts.zoho.eu/oauth/v2/auth";   // for EU servers 
    3.  v_Endpoint = "https://accounts.zoho.eu/oauth/v2/token";   // for EU servers 
    4.  v_Endpoint = "https://www.zohoapis.eu/crm/v2/<module_name>";   // for EU servers 
    5.   
    6.  // If your CRM is accessed by visiting https://www.zoho.com/crm or https://crm.zoho.com then 
    7.  v_Endpoint = "https://accounts.zoho.com/oauth/v2/auth";   // for US servers 
    8.  v_Endpoint = "https://accounts.zoho.com/oauth/v2/token";   // for US servers 
    9.  v_Endpoint = "https://www.zohoapis.com/crm/v2/<module_name>";  // for US servers 
    10.   
    11.  // If your CRM is accessed by visiting https://www.zoho.com.cn/crm or https://crm.zoho.com.cn then 
    12.  v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/auth";   // for China servers 
    13.  v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/token";   // for China servers 
    14.  v_Endpoint = "https://www.zohoapis.com.cn/crm/v2/<module_name>";  // for China servers 

Scope(s) to include ALL modules:
  • Books: ZohoBooks.fullaccess.all
  • CRM: ZohoCRM.modules.ALL,ZohoCRM.settings.ALL

Zoho Books API v3 Limits 2019:
  • Free Organization - 1000 API calls/day and 100 API calls/minute
  • Paid Organization - 2500 API calls/day and 100 API calls/minute

Zoho CRM API v2 Limits 2019:
  • Free Edition:   5000 API calls/day
  • Standard/Starter Edition:   5000 + (Number of User licenses x 250) API calls/day   [Maximum 100,000]
  • Professional Edition:   10000 + (Number of User licenses x 500) API calls/day   [Maxiumum 500,000]
  • Enterprise/Zoho One/CRM Plus:   15000 + (Number of User licenses x 1000) API calls/day   [Maximum 1,000,000]
  • Ultimate Edition:   15000 + (Number of User licenses x 2000) API calls/day   [Maximum 2,000,000]

Source(s):
Category: Zoho :: Article: 687

Credit where Credit is Due:


Feel free to copy, redistribute and share this information. All that we ask is that you attribute credit and possibly even a link back to this website as it really helps in our search engine rankings.

Disclaimer: The information on this website is provided without warranty and any content is merely the opinion of the author. Please try to test in development environments prior to adapting them to your production environments. The articles are written in good faith and, at the time of print, are working examples used in a commercial setting.

Thank you for visiting and, as always, we hope this website was of some use to you!

Kind Regards,

Joel Lipman
www.joellipman.com

Related Articles

Joes Revolver Map

Accreditation

Badge - Certified Zoho Creator Associate
Badge - Certified Zoho Creator Associate

Donate & Support

If you like my content, and would like to support this sharing site, feel free to donate using a method below:

Paypal:
Donate to Joel Lipman via PayPal

Bitcoin:
Donate to Joel Lipman with Bitcoin - Valid till 8 May 2022 3QnhmaBX7LQSRsC9hh6Je9rGQKEGNQNfPb
© 2021 Joel Lipman .com. All Rights Reserved.