I am posting this in ZOHO Creator because there does not appear to be a Forum Section for ZOHO API.
I believe that the there is a fundamental Design Flaw in the way the ZOHO API has been implemented ... one which severely restricts the scope of data sharing between the ZOHO Service (like ZOHO Creator) and external websites.
As it stands, the sharing of data is restricted to external websites OWNED by the same person who is the owner of the ZOHO Account (Workspace).
This is because, in order to gain access to the smallest component (e.g. a record stored within a Table (View) of an Application) owned by an Account, you first have to request a Ticket Number that is specified in all subsequent API requests. The URL for requesting such a Ticket Number is of the form ...
... this method pretty much constraints the possible uses of this facility to the Account owner's external website(s) ... as no one would/should share their Account password with third parties ... and risk exposing all data/documents in all of their ZOHO Applications/Services.
I suggest that ZOHO provide an alternate scheme that ...
a) does not require providing the Account Password to third parties
b) enables Account Owners to provide a secure method of permitting multiple third parties to access very specific resources (e.g. Creator Views) within the Account
This could be accomplished by ... having ZOHO accept requests for Ticket Numbers via a URL of the form ...
... where the details of each specific API_Permission_ID can be defined/stored/edited by the Owner of the ZOHO Account ... something like ...
API_Permission_ID: e.g. PBE-497-JEP-123
Notes: (optional) e.g. For VIP Customer Polar Bear Express
Status: Enabled or Disabled
View_Permission: Yes or No
Edit_Permission: Yes or No
Delete_Permission: Yes or No
Add_Permission: Yes or No
Service: ZOHO Creator
//example details for ZOHO Creator resources
Application_Name: Affiliate_Program
Resource_Name: e.g. View:Products_ABC_for_ClientX_View
This way, an Account owner can setup as many Permission Specifications as needed ... and provide the third party with their API_Permission_ID (instead of the Account Password).
Not only is the Account Owner able to confine access to a particular View of an Application ... but also define the kind of access (View, Edit, Add, Delete etc.) that is permited.
If a particular API_Permission_ID is compromised, it can be changed very easily.
For added flexibility/control, a particular Permission Specification can be Enabled/Disabled by the Account Owner at will.
This kind of fine grain control over the access granted to third parties will greatly enhance the value of the data maintained in the various ZOHO Services e.g. A Business can setup access so that their (VIP) Clients can exchange data pertaining to just those clients.
Gaev