For Zoho Services only:


I'm actually part of something bigger at Ascent Business Solutions recognized as the top Zoho Premium Solutions Partner in the United Kingdom.

Ascent Business Solutions offer support for smaller technical fixes and projects for larger developments, such as migrating to a ZohoCRM.  A team rather than a one-man-band is always available to ensure seamless progress and address any concerns. You'll find our competitive support rates with flexible, no-expiration bundles at https://ascentbusiness.co.uk/zoho-services/uk-zoho-support.  For larger projects, talk to our experts and receive dedicated support from our hands-on project consultants at https://ascentbusiness.co.uk/zoho-services/zoho-crm-implementation.

The team I manage specializes in coding API integrations between Zoho and third-party finance/commerce suites such as Xero, Shopify, WooCommerce, and eBay; to name but a few.  Our passion lies in creating innovative solutions where others have fallen short as well as working with new businesses, new sectors, and new ideas.  Our success is measured by the growth and ROI we deliver for clients, such as transforming a garden shed hobby into a 250k monthly turnover operation or generating a +60% return in just three days after launch through online payments and a streamlined e-commerce solution, replacing a paper-based system.

If you're looking for a partner who can help you drive growth and success, we'd love to work with you.  You can reach out to us on 0121 392 8140 (UK) or info@ascentbusiness.co.uk.  You can also visit our website at https://ascentbusiness.co.uk.

Zoho Deluge - Get Refresh/Access Token API v2

What?
A sorta quick article to note how I can generate refresh tokens and access tokens using Zoho Deluge code (so within Zoho Creator, CRM or Books) without XML calls.

Why?
I find myself using this more and more now that API v1 is on the way out and Zoho Deluge by itself is limited somewhat with regards to functionality and record editing when compared to API v2.

How?
Note that this is using Zoho Deluge and not another server-side script such as PHP to send the requests via API.

Following standard OAuth 2.0 procedures, we will get a Code to generate a Refresh token, once we have a Refresh token we will generate an Access token.

Pre-amble
Quit trying to generate an authtoken v1 (CRM Deprecation Sunset Date: 31st December 2019).
  1. Go to the Zoho Developer Console
  2. Create a Zoho Client ID
  3. Either use self-client for a code or use the below to generate one.

Code
Here you will need your own client ID and client secret generated from the developer console in the following snippet:
copyraw
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";  // can be any endpoint that does not redirect or reformat the resulting URL
//  
// get Grant Token
v_EndPoint = "https://accounts.zoho.com/oauth/v2/auth";
v_Scope = "ZohoBooks.contacts.ALL,ZohoBooks.invoices.ALL,ZohoBooks.purchaseorders.ALL";
v_State = "testing";
v_ResponseType = "code";
v_Access = "offline";
v_Prompt = "consent";
l_Params = List();
l_Params.add("scope=" + v_Scope);
l_Params.add("client_id=" + v_ClientID);
l_Params.add("state=" + v_State);
l_Params.add("response_type=" + v_ResponseType);
l_Params.add("redirect_uri=" + v_RedirectUri);
l_Params.add("access_type=" + v_Access);
l_Params.add("prompt=" + v_Prompt);
v_Url = v_EndPoint + "?" + l_Params.toString("&");
info v_Url;
openUrl( v_Url , "new window");
  1.  v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"
  2.  v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455"
  3.  v_RedirectUri = "https://www.zoho.com/books";  // can be any endpoint that does not redirect or reformat the resulting URL 
  4.  // 
  5.  // get Grant Token 
  6.  v_EndPoint = "https://accounts.zoho.com/oauth/v2/auth"
  7.  v_Scope = "ZohoBooks.contacts.ALL,ZohoBooks.invoices.ALL,ZohoBooks.purchaseorders.ALL"
  8.  v_State = "testing"
  9.  v_ResponseType = "code"
  10.  v_Access = "offline"
  11.  v_Prompt = "consent"
  12.  l_Params = List()
  13.  l_Params.add("scope=" + v_Scope)
  14.  l_Params.add("client_id=" + v_ClientID)
  15.  l_Params.add("state=" + v_State)
  16.  l_Params.add("response_type=" + v_ResponseType)
  17.  l_Params.add("redirect_uri=" + v_RedirectUri)
  18.  l_Params.add("access_type=" + v_Access)
  19.  l_Params.add("prompt=" + v_Prompt)
  20.  v_Url = v_EndPoint + "?" + l_Params.toString("&")
  21.  info v_Url; 
  22.  openUrl( v_Url , "new window")
This will open a page for you with a Zoho Consent form where you confirm whether your app is allowed to access the data within the specified scope(s). If you run this as a standalone, then this will simply tell you what the link is to go to. Agree and note the code parameter passed in the URL (ie. "&code=..."). Also note that any generated code immediately expires any previously generated code.

Refresh Token
With the code you have received via the URL, enter this in the code below to generate a refresh token:
copyraw
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";
//  
// enter the code received in the previous step
v_Code = "1000.00001111222233334444555566667777888899990000aaaabbbbccccddddeeeef";
v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
v_GrantType = "authorization_code";
m_Payload = Map();
m_Payload.put("code",v_Code);
m_Payload.put("client_id",v_ClientID);
m_Payload.put("client_secret",v_ClientSecret);
m_Payload.put("redirect_uri",v_RedirectUri);
m_Payload.put("grant_type",v_GrantType);
r_AuthToken = invokeurl
[
	url :v_EndPoint
	type :POST
	parameters:m_Payload
];
info r_AuthToken;
  1.  v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"
  2.  v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455"
  3.  v_RedirectUri = "https://www.zoho.com/books"
  4.  // 
  5.  // enter the code received in the previous step 
  6.  v_Code = "1000.00001111222233334444555566667777888899990000aaaabbbbccccddddeeeef"
  7.  v_EndPoint = "https://accounts.zoho.com/oauth/v2/token"
  8.  v_GrantType = "authorization_code"
  9.  m_Payload = Map()
  10.  m_Payload.put("code",v_Code)
  11.  m_Payload.put("client_id",v_ClientID)
  12.  m_Payload.put("client_secret",v_ClientSecret)
  13.  m_Payload.put("redirect_uri",v_RedirectUri)
  14.  m_Payload.put("grant_type",v_GrantType)
  15.  r_AuthToken = invokeUrl 
  16.  [ 
  17.      url :v_EndPoint 
  18.      type :POST 
  19.      parameters:m_Payload 
  20.  ]
  21.  info r_AuthToken; 
Once you have a refresh token, it is not necessary to generate another refresh token as it does not expire. You would only generate a new one if you were changing scope. There is a limit of 20 refresh tokens. Any refresh tokens generated after will overwrite the oldest one.

Access Token
This will expire after 1 hour so either you find a way to store the access token for reuse or generate a new one in every request.
copyraw
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";
//  
// enter the refresh token received in the previous step
v_RefreshToken = "1000.aaaabbbbccccddddeeeeffff11112222.33334444555566667777888899990000";
v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
v_GrantType = "refresh_token";
m_Payload = Map();
m_Payload.put("refresh_token",v_RefreshToken);
m_Payload.put("client_id",v_ClientID);
m_Payload.put("client_secret",v_ClientSecret);
m_Payload.put("redirect_uri",v_RedirectUri);
m_Payload.put("grant_type",v_GrantType);
r_AuthToken = invokeurl
[
	url :v_EndPoint
	type :POST
	parameters:m_Payload
];
v_AccessToken = r_AuthToken.get("access_token");
  1.  v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"
  2.  v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455"
  3.  v_RedirectUri = "https://www.zoho.com/books"
  4.  // 
  5.  // enter the refresh token received in the previous step 
  6.  v_RefreshToken = "1000.aaaabbbbccccddddeeeeffff11112222.33334444555566667777888899990000"
  7.  v_EndPoint = "https://accounts.zoho.com/oauth/v2/token"
  8.  v_GrantType = "refresh_token"
  9.  m_Payload = Map()
  10.  m_Payload.put("refresh_token",v_RefreshToken)
  11.  m_Payload.put("client_id",v_ClientID)
  12.  m_Payload.put("client_secret",v_ClientSecret)
  13.  m_Payload.put("redirect_uri",v_RedirectUri)
  14.  m_Payload.put("grant_type",v_GrantType)
  15.  r_AuthToken = invokeUrl 
  16.  [ 
  17.      url :v_EndPoint 
  18.      type :POST 
  19.      parameters:m_Payload 
  20.  ]
  21.  v_AccessToken = r_AuthToken.get("access_token")

Now you have an access token you can build your header and send requests:
copyraw
m_Header = Map();
m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");  // optional
m_Data= Map();
m_Data.put("data",m_RecordData.toJSONList());  // NOTE: convert this to a JSON Array
r_RecordUpdate = invokeUrl
[
	url :v_EndPoint
	type :PUT
	headers: m_Header
	parameters:m_Data.toString() 
];
// NOTE: convert parameters variable to a string
  1.  m_Header = Map()
  2.  m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken)
  3.  m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");  // optional 
  4.  m_Data= Map()
  5.  m_Data.put("data",m_RecordData.toJSONList());  // NOTE: convert this to a JSON Array 
  6.  r_RecordUpdate = invokeUrl 
  7.  [ 
  8.      url :v_EndPoint 
  9.      type :PUT 
  10.      headers: m_Header 
  11.      parameters:m_Data.toString() 
  12.  ]
  13.  // NOTE: convert parameters variable to a string 

Common Error(s):
  • {"error":"invalid_code"}: Happens if you have a wrong CODE or generated another one after the one you're using. You need to use the latest CODE as any new one expires any previously generated ones. A code lasts between 1 to 10 minutes.
  • {"code": "AUTHENTICATION_FAILURE","details": [],"message": "Authentication failed","status": "error"}: I have had this error with API v2 when I'm using PHP/cURL and not deluge to get a list of contact records. As I'm listing errors encountered, I'm adding it to this list. If submitting the headers as an array, note that it must NOT be an associative array:
    copyraw
    // this won't work
    $a_Header['Authorization'] = "Zoho-oauthtoken " . $v_AccessToken;
    $a_Header['Content-Type'] = "application/x-www-form-urlencoded;charset=UTF-8";
    
    // this will work
    $a_Header[0] = "Authorization: Zoho-oauthtoken " . $v_AccessToken;
    $a_Header[1] = "Content-Type: application/x-www-form-urlencoded;charset=UTF-8";
    1.  // this won't work 
    2.  $a_Header['Authorization'] = "Zoho-oauthtoken " . $v_AccessToken
    3.  $a_Header['Content-Type'] = "application/x-www-form-urlencoded;charset=UTF-8"
    4.   
    5.  // this will work 
    6.  $a_Header[0] = "Authorization: Zoho-oauthtoken " . $v_AccessToken
    7.  $a_Header[1] = "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
    If you are using the SDK and still get the above error, try setting the currentUserEmail to the email address of the super admin of your system just to check, then set a valid user preferably other than the super-admin.
  • {"code":"INVALID_DATA","details":{"expected_data_type":"jsonobject"},"message":"body","status":"error"}: Happens if you don't convert the field-value pair dataset to a string:
    copyraw
    m_RecordData = Map();
    m_RecordData.put("Field_To_Update", "Value_To_Put");
    m_Data = Map();
    m_Data.put("data",m_RecordData.toJSONList());
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	headers: m_Header
    	parameters:m_Data  // MISSING .toString() to convert this ensuring it is not a list or map
    ];
    1.  m_RecordData = Map()
    2.  m_RecordData.put("Field_To_Update", "Value_To_Put")
    3.  m_Data = Map()
    4.  m_Data.put("data",m_RecordData.toJSONList())
    5.  r_RecordUpdate = invokeUrl 
    6.  [ 
    7.      url :v_EndPoint 
    8.      type :PUT 
    9.      headers: m_Header 
    10.      parameters:m_Data  // MISSING .toString() to convert this ensuring it is not a list or map 
    11.  ]
  • {"code":"AUTHTOKEN_DEPRECATED","details":{},"message":"Authtoken support is deprecated","status":"error"}: Happens when using a CRM connector of type "Zoho". Another type of connector for v2 is called "Zoho OAuth". Re-create the connectors with the latter:
    copyraw
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	parameters:m_Data
    	connection: myconnector
    ];
    1.  r_RecordUpdate = invokeUrl 
    2.  [ 
    3.      url :v_EndPoint 
    4.      type :PUT 
    5.      parameters:m_Data 
    6.      connection: myconnector 
    7.  ]
  • {"code":4,"message":"Invalid value passed for JSONString"}: Can happen when posting to ZohoBooks and you haven't put JSONString into a map as follows:
    copyraw
    m_Header = Map();
    m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
    m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
    m_CreateContactPerson = Map();
    m_CreateContactPerson.put("contact_id", "1234567890123456");  // the account ID in books
    m_CreateContactPerson.put("first_name", "Joel");
    m_CreateContactPerson.put("last_name", "Lipman");
    m_CreateContactPerson.put("email", "This email address is being protected from spambots. You need JavaScript enabled to view it.");
    m_CreateRecord = Map();
    m_CreateRecord.put("JSONString",m_CreateContactPerson);
    r_Response = invokeUrl [
        url: "https://books.zoho.com/api/v3/contacts/contactpersons?organization_id=12345678901"
        type: POST
        headers: m_Header
        parameters: m_CreateRecord
    ];
    1.  m_Header = Map()
    2.  m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken)
    3.  m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8")
    4.  m_CreateContactPerson = Map()
    5.  m_CreateContactPerson.put("contact_id", "1234567890123456");  // the account ID in books 
    6.  m_CreateContactPerson.put("first_name", "Joel")
    7.  m_CreateContactPerson.put("last_name", "Lipman")
    8.  m_CreateContactPerson.put("email", "This email address is being protected from spambots. You need JavaScript enabled to view it.")
    9.  m_CreateRecord = Map()
    10.  m_CreateRecord.put("JSONString",m_CreateContactPerson)
    11.  r_Response = invokeUrl [ 
    12.      url: "https://books.zoho.com/api/v3/contacts/contactpersons?organization_id=12345678901" 
    13.      type: POST 
    14.      headers: m_Header 
    15.      parameters: m_CreateRecord 
    16.  ]
  • {"code":"MANDATORY_NOT_FOUND","details":{"api_name":"data"},"message":"required field not found","status":"error"}: Happens if you put "JSONstring" instead of "data". Depending on the context of your code (ie. Books API v3=JSONString; CRM API v2=data), you will need to put either. Or your request is missing a field that is required by your CRM (is set to mandatory for users to enter data). Otherwise:
    copyraw
    m_Data = Map();
    m_Data.put("JSONString",m_RecordData.toJSONList());   // change JSONString to data
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	headers: m_Header
    	parameters:m_Data.toString() 
    ];
    1.  m_Data = Map()
    2.  m_Data.put("JSONString",m_RecordData.toJSONList());   // change JSONString to data 
    3.  r_RecordUpdate = invokeUrl 
    4.  [ 
    5.      url :v_EndPoint 
    6.      type :PUT 
    7.      headers: m_Header 
    8.      parameters:m_Data.toString() 
    9.  ]
  • {"code":"INVALID_DATA","details":{"expected_data_type":"jsonarray","api_name":"data"},"message":"invalid data","status":"error"}: Happens if you submit "data" as something other than a JSON Array:
    copyraw
    m_Data = Map();
    m_Data.put("data",m_RecordData);  // MISSING .toJSONList() to convert m_RecordData to a JSON Array
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	headers: m_Header
    	parameters:m_Data.toString() 
    ];
    1.  m_Data = Map()
    2.  m_Data.put("data",m_RecordData);  // MISSING .toJSONList() to convert m_RecordData to a JSON Array 
    3.  r_RecordUpdate = invokeUrl 
    4.  [ 
    5.      url :v_EndPoint 
    6.      type :PUT 
    7.      headers: m_Header 
    8.      parameters:m_Data.toString() 
    9.  ]
  • {"code":"INVALID_TOKEN","details":{},"message":"invalid oauth token","status":"error"}: Can happen if the request is out of scope but also if your endpoint is going to .COM instead of .EU (or vice-versa). You can check this by logging into your Zoho product (eg. CRM) and looking at the top level domain
    copyraw
    // If your CRM is accessed by visiting https://www.zoho.com/eu or https://crm.zoho.eu then
    v_Endpoint = "https://accounts.zoho.eu/oauth/v2/auth";   // for EU servers
    v_Endpoint = "https://accounts.zoho.eu/oauth/v2/token";   // for EU servers
    v_Endpoint = "https://www.zohoapis.eu/crm/v2/<module_name>";   // for EU servers
    
    // If your CRM is accessed by visiting https://www.zoho.com/crm or https://crm.zoho.com then
    v_Endpoint = "https://accounts.zoho.com/oauth/v2/auth";   // for US servers
    v_Endpoint = "https://accounts.zoho.com/oauth/v2/token";   // for US servers
    v_Endpoint = "https://www.zohoapis.com/crm/v2/<module_name>";  // for US servers
    
    // If your CRM is accessed by visiting https://www.zoho.com.cn/crm or https://crm.zoho.com.cn then
    v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/auth";   // for China servers
    v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/token";   // for China servers
    v_Endpoint = "https://www.zohoapis.com.cn/crm/v2/<module_name>";  // for China servers
    1.  // If your CRM is accessed by visiting https://www.zoho.com/eu or https://crm.zoho.eu then 
    2.  v_Endpoint = "https://accounts.zoho.eu/oauth/v2/auth";   // for EU servers 
    3.  v_Endpoint = "https://accounts.zoho.eu/oauth/v2/token";   // for EU servers 
    4.  v_Endpoint = "https://www.zohoapis.eu/crm/v2/<module_name>";   // for EU servers 
    5.   
    6.  // If your CRM is accessed by visiting https://www.zoho.com/crm or https://crm.zoho.com then 
    7.  v_Endpoint = "https://accounts.zoho.com/oauth/v2/auth";   // for US servers 
    8.  v_Endpoint = "https://accounts.zoho.com/oauth/v2/token";   // for US servers 
    9.  v_Endpoint = "https://www.zohoapis.com/crm/v2/<module_name>";  // for US servers 
    10.   
    11.  // If your CRM is accessed by visiting https://www.zoho.com.cn/crm or https://crm.zoho.com.cn then 
    12.  v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/auth";   // for China servers 
    13.  v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/token";   // for China servers 
    14.  v_Endpoint = "https://www.zohoapis.com.cn/crm/v2/<module_name>";  // for China servers 

Scope(s) to include ALL modules:
  • Books: ZohoBooks.fullaccess.all
  • CRM: ZohoCRM.modules.ALL,ZohoCRM.settings.ALL

Zoho Books API v3 Limits 2019:
  • Free Organization - 1000 API calls/day and 100 API calls/minute
  • Paid Organization - 2500 API calls/day and 100 API calls/minute

Zoho CRM API v2 Limits 2019:
  • Free Edition:   5000 API calls/day
  • Standard/Starter Edition:   5000 + (Number of User licenses x 250) API calls/day   [Maximum 100,000]
  • Professional Edition:   10000 + (Number of User licenses x 500) API calls/day   [Maxiumum 500,000]
  • Enterprise/Zoho One/CRM Plus:   15000 + (Number of User licenses x 1000) API calls/day   [Maximum 1,000,000]
  • Ultimate Edition:   15000 + (Number of User licenses x 2000) API calls/day   [Maximum 2,000,000]

Source(s):
Category: Zoho :: Article: 687

Credit where Credit is Due:


Feel free to copy, redistribute and share this information. All that we ask is that you attribute credit and possibly even a link back to this website as it really helps in our search engine rankings.

Disclaimer: Please note that the information provided on this website is intended for informational purposes only and does not represent a warranty. The opinions expressed are those of the author only. We recommend testing any solutions in a development environment before implementing them in production. The articles are based on our good faith efforts and were current at the time of writing, reflecting our practical experience in a commercial setting.

Thank you for visiting and, as always, we hope this website was of some use to you!

Kind Regards,

Joel Lipman
www.joellipman.com

Related Articles

Joes Revolver Map

Accreditation

Badge - Certified Zoho Creator Associate
Badge - Certified Zoho Creator Associate

Donate & Support

If you like my content, and would like to support this sharing site, feel free to donate using a method below:

Paypal:
Donate to Joel Lipman via PayPal

Bitcoin:
Donate to Joel Lipman with Bitcoin bc1qf6elrdxc968h0k673l2djc9wrpazhqtxw8qqp4

Ethereum:
Donate to Joel Lipman with Ethereum 0xb038962F3809b425D661EF5D22294Cf45E02FebF
© 2024 Joel Lipman .com. All Rights Reserved.