If you use Zoho Desk's Rest APIs, chances are that you're familiar with authtokens—a form of security token that authorizes third-party applications to access the user's (Zoho Desk) account.

 

In the coming months, we will be deprecating support for authtokens indefinitely. This means that post November 30, 2020, we will not support the generation of new authtokens. Put simply, if your apps rely on authtoken authorization, they will be unable to fetch information from Zoho Desk beyond the EOL date. We therefore strongly recommend that you make the shift to Zoho OAuthTokens (a newer form of authtokens) as soon as possible.

 

Zoho OAuthTokens work much like authtokens, but they have better security measures built in. When you use Zoho OAuth, two types of tokens are created, Refresh Tokens and Access Tokens. While Access Tokens are used by APIs to seek authentication from Zoho Desk, the Refresh Token is a mechanism by which you can generate new Access Tokens. Access Tokens are only valid for one hour, and will expire soon after. Refreshing your Access Tokens regularly greatly decreases the risk of data breach. You can read more about Zoho OAuth here. 

 

If you've used Zoho Desk's APIs to build web-based applications, self-client applications, custom functions, marketplace apps, or third-party apps, then take a look at this document to understand what steps you need to take to make your apps more secure. We've charted out everything you need to do to make the shift to Zoho OAuth as simple as possible. Here's a sample reference code in Java to help you understand the OAuth authorization flow for Zoho Desk's REST APIs.

 

We understand that these changes might interrupt your operations, but we urge you to see this as an opportunity to up your security game and provide better, more secure support to all your customers.

 

Cheers,

Team Zoho Desk