UPDATE (2 July 2021): We've extended the deadline to 30 August 2021 for converting Authtokens to OAuth.
UPDATE (4 Feb 2021): We've extended the deadline to 1 July 2021 for converting Authtokens to OAuth.
The usage of Authtokens to authenticate API calls is being deprecated on 1 July 2021
across Zoho's Finance suite of products, which includes Zoho Expense. This change is being done in favor of switching to OAuth 2.0
, a more secure and robust protocol.
This means that any of your existing workflows or custom functions, which rely on Authtokens to communicate with Zoho Expense's APIs will no longer function after 1 July 2021, unless you replace Authtokens with OAuth.
Here are some benefits of OAuth, compared to Authtokens:
- OAuth 2.0 is an industry-standard protocol, which means client applications can communicate with Zoho Expense's APIs in a generalized manner, instead of figuring out a custom solution.
- OAuth provides access to Zoho Expense's APIs via access and refresh tokens, which do not require you to store your users' Zoho Expense credentials on your own client application.
- You can specify scopes for access tokens. This means each access token can provide authentication only to the Zoho Expense APIs which you specify. You can also revoke these access tokens at any time, if necessary.
- Access tokens expire after a particular amount of time. This limits your data exposure, in case your client application has been breached.
We strongly recommend that you convert your workflows from Authtokens to OAuth as soon as possible, to avoid any last-minute service disruptions to you or your customers.
Our API Documentation covers how to set up OAuth
for your client application. We also have guides to convert your existing Authtokens to OAuth's access/refresh tokens in your existing workflows:
The Zoho Expense Team