Welcome to Portal

?Unknown\pull-down

Welcome to Zoho Cares

Bienvenido a Soporte de Zoho

Search our knowledge base, ask the community or submit a request.

Migrating to Oauth 2.0

This article will help you generate access and refresh tokens from the existing auth token for redirection based applications and self-client applications. You can use the API version 1.1 when:
  1. Your application has multiple users and it obtains their username and password to generate an auth token
  2. Users input their auth tokens

Migration for redirection based application

Prerequisite

The application owner must share the client ID, auth token scopes, and the required Oauth scopes over an email to support@zohocampaigns.comAt Zoho Campaigns, we will validate the details and configure them in Zoho Accounts. After successful validation, we will inform the application owner about the client upgrade over an email.

How it Works?

Migration for redirection based applications happens in a phased manner.
  1. After successful validation from the service team, the external application will access the "Migration for Redirection-based Applications" API with the client ID, client secret, and auth token.
  2. Zoho Accounts will check whether the parameters passed in the request are already verified.
  3. After successful validation, Zoho Accounts will provide the Oauth access and refresh tokens to the application.

Request URL

Request method

POST

Parameters

Parameter
Data type
Description
client_id
string
Specify the client ID you obtained while registering your application
client_secret
string
Specify the client secret generated from the connected application.
grant_type
string
The grant type must be authtooauth.
authtoken
string
Specify your auth for token.

Possible Errors 

Error code
Description
invalid_grant
The grant_type is not specified as authtooauth.
invalid_client
The client ID you specified is wrong.
(or)
The auth to Oauth mapping entry for the valid client is not made in accounts.
invalid_authtoken
The auth token you specified is wrong.
(or)
The auth token scope mismatches with the pre-shared auth scopes.
invalid_scope
The Oauth scope you specified is invalid.

Note:
  1. The maximum number of migration requests you can make is 60 per minute and 100 per hour.
  2. After the generation of an Oauth token, the system deletes the old auth token after 1 day.
  3. The maximum number of times a client can pass an invalid auth token is 20. If you exceed this limit, the system will block the client and throw the "access_denied" error message.

Migration for self-client applications

You can use this option when your application is a standalone server-side application performing a back-end job, and you do not have a domain and a redirect URL.

How it Works?

Migration for self-client applications happens in a phased manner.
  1. The external application will access the "Migration for Self-Client Applications" API with the client ID, client secret, auth token, and the required Oauth scopes.
  2. Zoho Accounts will check whether the service names of the auth token and Oauth scopes match.
  3. After scope validation, Zoho Accounts will check whether the application owner and the auth token owner are the same.
  4. If the validation is successful, Zoho Accounts will generate an Oauth token for the external application. Otherwise, the system will throw the "access_denied" error message.
  5. Zoho Accounts will send an email to the user about the client upgrade.

Request URL

Request method

POST

Parameters

Parameter
Data type
Description
client_id
string
Specify the client ID you obtained while registering your application.
client_secret
string
Specify the client secret generated from the connected application.
grant_type
string
The grant type must be authtooauth.
authtoken
string
Specify your auth token.
scope
string
Specify the Oauth scopes to access data from Zoho Campaigns. For more details about Zoho Campaign scopes, refer Access Token section of the Zoho Campaigns REST API Documentation.

Possible Errors

Error code
Description
invalid_grant
The grant_type is not specified as authtotoauth.
access_denied
The auth token you specified is already used to generate an Oauth token.
invalid_client
The client ID you specified is wrong.
invalid_authtoken
The auth token you specified is wrong.
invalid_scope
The Oauth scope you specified is invalid.

Note:
  1. The maximum number of migration requests you can make is 25 per minute and 60 per hour.
  2. After the generation of an Oauth token, the system deletes the old auth token after one day.

Error Codes

The set of error codes with their values are explained in this link

Helpful?115
Updated: 2 years ago
Share :
Stats
1 follower
Follow

Subscribe to receive notifications from this article.