[Update - April 30, 2021] Zoho CRM Authtoken Deprecation

[Update - April 30, 2021] Zoho CRM Authtoken Deprecation

Hello everyone, 

The deadline for migrating from Authtoken to OAuth has been extended until May 31, 2021. Please switch to OAuth tokens before May 31 to prevent code breakage.

Thank you.

Hello everyone,

This post is regarding our upgrade to OAuth authentication for all the applications in the Zoho suite.

We still have a fair number of users and orgs who are using authtokens in their functions to make calls to other Zoho services like Creator, Books, Projects, etc., from Zoho CRM. We would like to bring to your notice that from May 1, 2021, all functions that use authtokens while making calls to other Zoho services will fail.

The sunset of basic authentication mode (Authtokens)

We hope you're aware that we've stopped the generation of authtokens for all the Zoho suite applications.

This update came into effect IN users from September 30th, 2020EU and CN users from October 30th, 2020, and US users from November 30th, 2020. Refer to the announcement for more information.

The impact of the sunset

All the integration tasks that follow authtoken authentication will cease to work.

Why the upgrade?

Authtokens are quite straightforward. The user has to provide their username and password to get the authentication token (authtoken) to access the API. The authentication token is passed in the request header for every API request. The flaws in this authentication mechanism are evident.
  • The lack of encryption makes the security risk fairly high.
  • There is no bandwidth to grant or revoke access to specific resources in an application.
At Zoho, we take security very seriously, which motivates us to go to great lengths to ensure that your data is safe. Thus, we've upgraded to OAuth.

The OAuth Authentication

OAuth 2.0 is an industry-standard protocol specification that enables third-party applications (clients) to gain delegated access to protected resources in Zoho via an API.

Advantages of OAuth Authentication

  • Clients are not required to support password authentication or store user credentials.
  • Clients gain delegated access, i.e., access only to resources authenticated by the user.
  • Users can revoke the client's delegated access anytime.
  • OAuth2.0 access tokens expire after a set time. If the client faces a security breach, user data will be compromised only until the access token is valid. 

Migrating from Authtoken authentication to OAuth

Refer to the announcement to know the next steps on migrating from authtoken to OAuth tokens.

We strongly recommend that you migrate to OAuth tokens on or before May 1, 2021, to avoid any breakage in your code.

Write to us at support@zohocrm.com if you have any questions.

Sneha Sridharan

          Zoho TeamInbox Resources

            Zoho DataPrep Resources

                Zoho CRM Plus Resources

                  Zoho Books Resources

                    Zoho Subscriptions Resources

                      Zoho Desk Resources

                        Zoho Projects Resources

                          Zoho Sprints Resources

                            Zoho Orchestly Resources

                              Zoho Creator Resources

                                Zoho WorkDrive Resources

                                    Zoho Campaigns Resources

                                      Zoho CRM Resources

                                                    Design. Discuss. Deliver.

                                                    Create visually engaging stories with Zoho Show.

                                                    Get Started Now

                                                      Zoho Show Resources

                                                        Zoho Writer Writer

                                                        Get Started. Write Away!

                                                        Writer is a powerful online word processor, designed for collaborative work.