To strengthen the security of user data in Zoho Desk APIs, we have decided to move on from auth tokens to OAuth2 tokens.

The reasons for this move are as follows: 

1. Stronger Data Security

To enable data access to third-party apps in the previous authentication model, users had to trust the apps with their auth token, which had permanent validity. There was always a possibility of the app being malicious or unsecured. To revoke access, the user had to delete the auth token and generate a new one.  

The OAuth2 authentication model solves this problem by providing  third-party apps with  a delegated access token that comes with an expiry time. Users can any time revoke the access given, by clicking Active Authtokens -> Connected Apps in this link. This approach strengthens data security by giving users more control over their data.

2. Access Restrictions

Another improvement over the existing model is scoped access, through which users can determine the amount of data and the range of actions to expose to third-party apps. In the previous model,  users could choose only complete access or no access. However, in OAuth2, access restrictions can be placed. For instance, a ticket-viewing app  would request the user's permission to read tickets and will be permitted to only read tickets. This request  clearly  communicates to the user the kind of access the app requires for functioning. The user has the right to permit or deny the access requested. 

Support for Auth Tokens

The previously used method of authentication via auth tokens has already been deprecated, but support will be provided until  March 31, 2018 . Therefore, you are requested to update your existing code to employ OAuth tokens within this 3-month period. 

For instructions on how to configure an OAuth token, refer to the Authentication sub-section in this link.