Why we chose "OAuth2.0" over other authentication methods?
Hello everyone!
While there are various authentication methods available for REST APIs, we use OAuth2.0. In this article, we are going to discuss the most popular authentication methods, their pros and cons, and the reason why we chose OAuth2.0 over other authentication methods.
As the name suggests, HTTP basic authentication is the most simple and straightforward form of authentication, and hence most vulnerable. In this authentication method, the user passes the username and password along with every API request.
Pros:
- Implementation of HTTP basic authentication is quite simple since there is no encryption/tokenisation involved.
- Compared to other authentication methods, the HTTP basic authentication is faster.
Cons:
- The lack of encryption makes it most vulnerable to security attacks.
- Every API call can be a target for cleartext credential theft, not just an initial login request.
- Since the same username and password will be used for product login, in case of a security breach, all your data will be compromised.
- To recover from a security breach, you must update your password and update the same in all your API code, which is tedious.
- The server cannot grant/revoke access to specific resources. In other words, you cannot apply scopes. You can only grant full access to all the resources.
2. API Key Authentication
API key authentication is an advanced form of basic HTTP authentication. In this method, when a user logs in for the first time, the server generates a unique key (string value) and assigns it to the user, known as the API key. The user must pass the API key with every API request with which the server verifies the identity of the user.
Pros:
- Comparatively more secure than the "HTTP basic authentication", since the username and password are not passed as such, with every API request.
- Unlike HTTP Basic authentication, API keys provide access to specific resources. In the case of a security breach, only a specific set of data will be compromised.
Cons:
- API keys are vulnerable to security attacks. They can be stolen and misused.
- To recover from a security breach, you must regenerate the API key, and update the same in all your API code, which is tedious.
3. OAuth2.0
OAuth2.0 is an industry-standard protocol specification that enables third-party applications (clients) to gain delegated access to protected resources in Zoho via an API.
In this method, the client app requests the authentication server for access to specific resources and receives a grant token in return. Further, the grant token can be used to generate access and refresh tokens. The access token is used to access resources. It is valid only for a set amount of time. Once the access token expires, new access tokens can be generated using refresh tokens.
Pros:
- Using OAuth2.0, you can verify the identity of the client and also provide delegated access to each resource. Thus, allowing you to both authenticate and authorize.
- Comparatively more secure than "HTTP basic authentication" and "API key authentication", since it does not involve username-password or static key.
- OAuth2.0 uses scopes to ensure limited access to sensitive data. The grant token is generated to access a specific set of data, defined by scopes.
- You can revoke the tokens any time, thus restricting the client's access to sensitive data.
- Each access token is valid for only an hour and can only be used for operations defined in the scope.
- OAuth2.0 can be easily scaled to a multi-user environment without any hassle.
Cons:
- It is complex to generate tokens. Since the tokens are valid only for a short period, the developer must regenerate the access token using the refresh token.
Clearly, OAuth2.0 is both scalable and secure. Although it is complex, because of its other advantages, we chose OAuth2.0 over other authentication methods.
Cheers!
Access your files securely from anywhere
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Sneha Sridharan
Sticky Posts
Client Script | Update - Introducing Commands in Client Script!
Have you ever wished you could trigger Client Script from contexts other than just the supported pages and events? Have you ever wanted to leverage the advantage of Client Script at your finger tip? Discover the power of Client Script - Commands! CommandsKaizen #165 : How to call Zoho CRM APIs using Client Script
Welcome back to another exciting Client Script post! In this post, we will discuss one of the most frequently asked questions: How do you call Zoho CRM APIs from Client Scripts? In this kaizen post, 1. Ways to make calls to Zoho CRM APIs using ClientKaizen#162 : Add Tags and Open Pre-filled Email Drafts via Client Scripts
Hello everyone! Welcome to another informative Kaizen post. In this post, let us see how to accomplish the following using Client Script. 1. How to auto-tag a record based on field update? 2. How to Open a pre-filled email draft This post will provideExtension Pointers - JS SDK series #4: Managing data from a widget using ZOHO.CRM.HTTP
Handling and managing the data between two applications is a major factor for an efficient business. There are a variety of ways to handle data between Zoho CRM and other third-party applications. You can use deluge CRM tasks, create connectors, use APIKaizen #152 - Client Script Support for the new Canvas Record Forms
Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho DataPrep Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
trying to access CRM Variables with JS SDK
Hello i built a widget with Sigma, i create CRM VARIABLES in custom properties. I try to access them in function : ZOHO.embeddedApp.on("PageLoad",function(data) with : ZOHO.CRM.CONFIG.getVariable("mycrmvariable").then(function(data){ console.log("mycrmvariableWriting on sketch cards is bugged when zoomed in
When zoomed in, it writes a noticeable distance above or to the side of where you're actually trying to write. The further you're zoomed in, the more noticeable it is. Zooming is also entirely absent on the desktop version.Private Project
Hi, I would like to know if a user can create a Private project that only he's able to see it. Not even the ADMIN user. ThanksApple Messages for Business in Omnichannel communications?
Hello, Apple launched "Apple Messages for Business" but Zoho CRM or Zoho Desk don't appear in the list of possible integrators. Zoho already promotes https://www.zoho.com/crm/omnichannel.html Omni Channel integration, but Apple Messages does not yet appear.Accordion in tabs to create FAQs, etc.
Accordion elements do not seem to be able to be placed in the tabs. It would be useful to be able to do this. Thank you.Which are the IP addresses to use for 'split delivery' with Office 365? (Zoho mail inbound gateway)
Hi, I'm trying to set up 'split delivery' (email routing) with Office 365. I'm following the instructions to set up Office 365 as the primary server (https://www.zoho.com/mail/help/adminconsole/coexistence-with-office365.html) One of the prerequisitesZoho Projects 2024 Recap
Dear Users, As we conclude another remarkable year, it's the time to reflect on the journey we've just completed. The year 2024, defined by significant milestones, challenges, achievements, and important lessons. Every moment has contributed to the storyCustom Fields at Line Level
Hi, is there an ability to add custom fields at line level? I need to track the start and the end date for each product within an invoice and I can't seem to find an option to do this.Zoho API Error Code 7019 when adding job.
Hello, I am following the documentation found here. https://www.zoho.com/people/api/timesheet/adding-jobs.html Regardless of how I try and post the data (including just using the example requests), I receive back the response {'response': {'message':How to see changes with ZOHO.CRM.API.updateRecord(config) without reload page
hello got a widget in account, trigger with a button i copy data to account when click on a button, in my popup All is working well. But i need to reload the page to see the update. How can i see the changes without reloading page, only when close theHow to call a Creator function which is in a different Creator application?
How to call a Creator function which is in a different Creator application?Unable to send message; Reason: 554 5.1.8 Email Outgoing Blocked
My account is mino@flawless-frames.com, or flawlessframesstudio@gmail.com Could you please unblock my account, I've got restricted from sending more emailsStock Count
The stock count is a nice new feature, but we cannot figure out how to: 1. Use it without assigning to a person, we have a team or one of multiple do stock counts as do most any company. 2. Add any extra fields to what the "counter" sees. The most importantMove a Contact from Current Account to a NEW Account
I do not believe the functionality to Move a Contact from a Current Account to a New Account is not available. Please someone tell me I am missing something! I have been through designing, developing, using and selling CRM systems for over 25 years and had this functionality20+ years ago in other CRMs. In the real world people move from one organisation to another. In the sales, finance and technical world it is nice to see the communication history with that person in their old account and alsoForce Specific Layout for CRM Contacts Portal
Hello: We're in trial on ZOHO One and looking at the CRM Portal (just for the contacts module). We have a client layout set up for Contacts that is working well for our internally, but for the portal we don't want to require (make mandatory) some of theAutomatic Removal of Departments and Groups for Inactive Employees in Zoho One
Hi Zoho One Team, We hope you're doing well. Currently, when an employee is marked as inactive in Zoho One, they remain listed as a member of their department and associated groups. This creates a challenge in maintaining accurate records and ensuringChange eMail Template for Event-Invitations
Hello ZOHO-CRM Team How I can change the eMail Template for Event-Invitations? I work with the German Version of the Free Version. I know how I can modify eMail alerts or Signature Templates, but where I can other eMails modify you send out? Thank you for your answer. Regards, JuergZoho Social integration with Zoho Flow
Is there any plans for Zoho Social integration with Zoho Flow?Zoho CRM Widget and translations
Hi everyone! We're building a Widget with zoho-extension-toolkit, how is localization supposed to work? "zet init" created a translations/en.json file, but what should go inside it and how is it supposed to be accessed from the Widget/javascript? ThanksBienvenue à Zoho FSM : l'optimisation des opérations locales qui offre une expérience de service impeccable
Nous sommes ravis de vous présenter Zoho FSM, la plateforme de gestion des services terrain de bout en bout. Les solutions de gestion des services locaux s'adressent aux organisations qui effectuent des activités d'installation, de réparation et de maintenanceAdding tag to specific record as an acion in a workflow
Hi! I've created the following workflow in the module 'Leads'. When a record meets the criteria, there should be a tag added to the specific record in the module 'Contacts'. In the module 'Leads', there is a look-up field named 'Kandidaat' which is connectedTrying to catch error with ZOHO.CRM.HTTP.get (Response Code)
Hello, I'm trying to get response header from ZOHO.CRM.HTTP.get, in order to catch error like 404 or something else but it seems that ZOHO.CRM.HTTP.get() method only returns the body of the response, and I see no way to access the headers returned. IsFSM - How to ADD PHOTOS to Estimates & Invoices
How can you add photos to estimates and invoices that are being emailed to the client so the can see what you are estimating and your completed work?Free developer edition of Zoho CRM
A question for Zoho and other developers: How can you set up a demonstration version of a Zoho CRM implementation to show employers/clients what can be achieved? Do you pay for Zoho CRM Enterprise/Zoho One for this purpose? Does Zoho offer a free versionCan I add Conditional merge tags on my Templates?
Hi I was wondering if I can use Conditional Mail Merge tags inside my Email templates/Quotes etc within the CRM? In spanish and in our business we use gender and academic degree salutations , ie: Dr., Dra., Sr., Srta., so the beginning of an email / letterReload page with widget
Hi all, I hope I can find some help here. I developed a small widget for Creator that is integrated into a page as a component. The page contains other content as well. When the widget is sent, the entire page should be reloaded to apply the changes toWhere are scheduled emails stored?
After you schedule an email to go out through the CRM, how do you go about changing that scheduled email? Or even where can I see the list of emails scheduled to go out? They are not listed in my Zoho Mail account in Outbox which has been the only answerCRM Home Page Dashboard, how can i add zoho desk cases?
How can i see which tickets are in my group as a dashboard component on the home tab in zoho crm? I don't see any way of adding this.Frontal interview scheduling - room availability in office using Google Workspace?
Hi, We're using Zoho Recruit as our ATS and Google Workspace as our email, calendar and resources management. We want to use the interview feature to schedule an in-person (frontal) interview with the applicants. How can we sync the room resources availabilityCustom Module missing SDK function fetchRelatedRecords(...) in a Client Script
Good day, We have added a new module with a Multi-Lookup relation to Contacts. When we tried to use the fetchRelatedRecords(id, related_list_api_name) function to get Related Records it is missing for our new custom module. https://js.zohocdn.com/crm/5124797/documentation/DotSDK/Modules.htmlAssistance with Setting Default Values for Zoho Chat Custom Fields
I am currently using the Zoho Chat JavaScript API to successfully add custom fields to the chat interface. While the implementation of these fields has been smooth, I am now looking to set default values for these custom fields. However, I couldn't findSubform Client Script
Good day, I have a subform where users can subscribe to various magazines. I would like to prevent the user from selecting the same magazine twice when adding a new row. Is there a way to prevent the user from doing this? (Can it be done via a clientChecklist/ save to onedrive/ a group of items invoicing in Zoho FSM
hi, is there a way to add a specific checklist to any WO without passing eachtime by the model customization? can we save file such picture directly in our sharepoint ak onedrive? is there any way to add a group of item pre defined to make invoicing easierSerious question: Are there actually "solo-preneurs"/small business owners who made Zoho-one work well for them?
L.S. After already many years of continued struggle with Zoho-One, I am seriously wondering if there are actually solo-preneurs (one person small business owners - without a large, dedicated IT dept.) who got it (Zoho-One) to work well for their businesses.Calendar Bookings in Recruit
Hi there, We have recently started using Zoho recruit and although it has some great functionality there are a few gaps that are causing real headaches. One of those being how interviews are scheduled. The majority of our hiring managers are field basedGetting Error : Developer Tool Detected
Hi Team, Getting the error during open the portal, error attached on the same ticket. Please check and help us to resolve the same.Send Zoho Creator Template by Email or sendemail
Hello All Question:- How we can send the Zoho creator email template using the send email by the workflow or using the Function? by the Workflow sendmail [ from: zoho.adminuserid to: "zohodeveloper@yopmail.com" subject: "Test Template" message: "TestUpgraded to Zoho One but Zoho Meeting still says Free Plan
I signed-up for the Zoho One plan. When exploring the applications included, I came across a problem with Zoho Meeting. It says it's the free plan. I emailed support but they sent me a link that doesn't work and, when I found the article on my own, it新年のご挨拶、直近のイベントスケジュール
🎍🐍謹賀新年🎍🐍 ユーザーの皆さま、明けましておめでとうございます! コミュニティチームの中野です。 本年もよろしくお願い致します。 昨年のZoho Japanコミュニティでは、東京・大阪・名古屋・福岡 4都市でのユーザー交流会開催や、自社最大イベント「Zoholics Japan 2024」でZoho Championの皆さまとのパネルディスカッション、10月の東京ユーザー交流会では本社CRMプロダクトマネージャーを招きロードマップ解説セッションの実施、さらにZohoアンバサダープログラムのローンチ(近日公開予定)など、新たな取り組みに挑戦しました。How to create Item in the Eazy ERP Software ?
Item Master is used for the creation of an item in the Eazy ERP Software. It is necessary to create items to maintain the stock and pass the transactions in the software. Go to Control Panel > Store > Item Master. An Items window will appear. The userNext Page