Error 4001 when using API

Error 4001 when using API

Hello,

I have recently implemented calls to Zoho API in my company-developed application. When using those with my own Zoho account I manage to import data in the CRM, but when another person in my company tries it (after fetching a generated authentication token via https://accounts.zoho.com/apiauthtoken/nb/create?SCOPE=ZohoCRM/crmapi), we get an error 4001 with associated error message "Insufficient Privileges to perform this operation".

My understanding is that as long as we have the generated authentication token we can send requests to Zoho via the API, but it looks like my colleague is missing something in her setup...

I have had a quick look at this issue and it seems that we need to explicitly allow API access in the settings (in the Profile section of Users&Permissions). Is that the case, even though we have generated user-specific authentication tokens? Once again I thought that the token was enough, but does my colleague also need to explicitly grant API permission in the Settings? Can it be done programmatically or does she have to explicitly do it on the Zoho website?

Thanks in advance for the answers and best regards