Zoho CRM empowers its users to convert leads, engage with customers, and grow their revenue. In order to access the CRM REST API endpoints, an OAuth2 based authentication is required by any web application wishing to access the endpoints data.
This guide will walk you through the Zoho CRM API authentication process in Zoho and the Rivery console sides (other Zoho services can be found here under “ALL ZOHO APPS”).
The authentication process consists of the following steps:
- Register your application with Zoho
- Authorization Request
- Generate Access and Refresh tokens
- Refresh your Access Token (via REST Action River)
Step 1: Register Rivery with Zoho
Before getting started with the authorization request, you first need to register the Rivery application with the Zoho Writer API. This is where your requests will be sent and received after authorization to ensure better security.
-
Go to the Zoho Developer Console
-
Choose Server-based Applications (Applications that clients are running on a dedicated HTTP server)
-
Enter the following details:
-
Client Name: Rivery
-
Homepage URL: https://rivery.io/
-
Authorized Redirect URIs (A valid URL of your application to which Zoho Accounts redirects you with a grant token(code) after successful authentication):
For US Console use -
https://console.rivery.io/api/oauthcallback/custom
For EU Console use -
https://eu-west-1.console.rivery.io/api/oauthcallback/custom
-
-
Click “Create” to complete the registration process.
-
After successfully registering the Rivery web application, you will receive the following credentials to note down:
- Client ID: The consumer key generated from the connected app.
- Client Secret: The consumer secret generated from the connected app.
Note: You can log in to your Zoho Developer console anytime to get the client_id and client_secret values for any of your applications
Step 2: Authorization Request
Next, you will need to authenticate the Rivery application to make API calls on Rivery’s behalf with an access token. Follow the below steps within the Rivery console to create the authorizatiRivery’sst.
- Navigate to the Connections tab, click “new connection”, then click “Rest API Source”
- Name the connection (e.g., “Zoho”)
- Click on the “open OAuth2 Authentication” button:
- In the OAuth2 form, fill in the following details:
- Authentication URL: https://accounts.zoho.com/oauth/v2/auth
- Access token URL: https://accounts.zoho.com/oauth/v2/token
- Client_id: <Zoho’s Rivery application Client ID generated in Step 1>
- Client Secret: <Zoho’s Rivery application Client ID generated in Step 1>
- Scope: ZohoCRM.org.READ,ZohoCRM.users.READ,ZohoCRM.settings.roles.READ,ZohoCRM.settings.profiles.READ,ZohoCRM.settings.modules.READ,ZohoCRM.settings.fields.READ,ZohoCRM.settings.layouts.READ,ZohoCRM.settings.related_lists.READ,ZohoCRM.settings.custom_views.READ,ZohoCRM.modules.ALL
Note: other available scopes can be found here
-
“Additional Options” section parameters:
- Response_type: code
- Access_type: offline
- Add the following parameters on the bottom of the “Additional Fields” section:
- Prompt: consent
- TokenName: RiveryZoho
-
At the end of the process, the filled-in form will look like this:
-
Click “Submit OAuth2” and finish the process:
-
If the process is done correctly, the following screen will pop up:
-
Click “Accept” to finish the process
Step 3: Generate Access and Refresh tokens.
After successfully authorizing the request, the access and refresh tokens will automatically appear in your Zoho custom connection.
Note: As a best practice, It is recommended to mark the “Is Password” checkbox for any sensitive connection information**
Step 4: Refresh your CRM Access Token
The Zoho CRM access token will not be valid and will expire after an hour from when it had generated. A Refresh Access Token POST request will need to run before any API request generates a new access token.
To run the Refresh Access Token request successfully, go to your Zoho connection and add the following parameters:
- Client_ID: <Zoho’s Rivery application Client ID generated in Step 1>
- Client_Secret: <Zoho’s Rivery application Client ID generated in Step 1>
- Save the connection after adding the parameters.
The last part of the process will be to create an Action river that will run the Refresh Access Tokens - APIs request generate a refreshed token based on all the relevant connection keys and their values.
An example refreshes access token request together with a fully configured API endpoints can be found in the Rivery Kit’s Hub.