Overview
The Zoho Recruit API uses the OAuth 2.0 protocol for authentication. It uses the Authorization Code Grant Type to obtain the grant token (code). This grant type allows you to share specific data with any application while keeping your usernames and passwords private. This protocol provides users with a secure and easy way to use authentication.
Reference
The generation flow for Zoho Recruit's OAuth Authentication involves 5-simple steps. Use the links provided below to navigate between these pages.
Why use OAuth 2.0?
- You can revoke a customer's access to the application any time
- No need to disclose credentials to clients
- No information will be revealed even if the client is hacked, since access tokens are issued to individual applications and not the client as a whole
- Specific scopes can be applied to either restrict or provide access to certain data for the client, which will be different for each client application
How does OAuth 2.0 work?
Terminology
Here are some terms you need to know before you start using the Zoho Recruit APIs.
Protected resources
Zoho Recruit resources, such as Candidates, Contacts, Job Openings, etc.
Resource server
The Zoho Recruit server that hosts the protected resources.
Resource owner
Any end user of your account who can grant access to the protected resources.
Client
An application that sends requests to the resource server to access the protected resources on behalf of the end user.
Client ID
The consumer key generated from the connected application.
Client Secret
The consumer secret generated from the connected application.
Authorization server
The authorization server provides the necessary credentials (such as access and refresh tokens) to the client. In this case, it will be the Zoho Recruit authorization server.
Authentication code
A temporary token created by the authentication server and sent to the client via the browser. The client will send this code to the authorization server to obtain access and refresh tokens.
Tokens
Access Token
A token that is sent to the resource server to access the protected resources of the user. The access token provides secure and temporary access to Zoho Recruit APIs and is used by the applications to make requests to the connected app. Each access token will be valid only for an hour, and can be used only for the operations that are described in the scope.
Refresh Token
A token that can be used to obtain new access tokens. This token has an unlimited lifetime until it is revoked by the end user.
Scopes
Zoho Recruit APIs use selected scopes which control the type of resource that the client application can access. Tokens are usually created with various scopes to ensure improved security. For example, you can generate a scope to create or view a lead or to view metadata.
Scopes contain three parameters—service name, scope name, and operation type.
Scopes contain three parameters—service name, scope name, and operation type.
The format to define a scope is scope=service_name.scope_name.operation_type
Here, ZohoRecruit is the service API name, modules is the scope name, and ALL is the operation type.
Available Scopes
Scope Name |
Associated Methods |
users |
users.all |
settings |
settings.all, settings.custom_views, settings.related_lists, settings.modules, settings.fields, settings.layouts |
modules |
modules.all, modules.candidate, modules.client, modules.contact, modules.jobopening, modules.campaign, modules.task, modules.event, modules.call, modules.interview, modules.vendor, modules.custom,modules.notes,modules.activities,modules.assessment,modules.candidatestatus,modules.jobopeningstatus |
Group Scopes
Group scopes provide complete access to all functions the user can perform on the record. For example, a group scope can allow a user to read, create, update, and delete records in all modules.
In the above example, the user has access to all modules in the client Zoho Recruit account.
Other examples are:
- scope=ZohoRecruit.modules.READ (read-only permission)
- scope=ZohoRecruit.modules.CREATE
- scope=ZohoRecruit.modules.UPDATE
- scope=ZohoRecruit.modules.DELETE
Important Note:
The user access token must be kept confidential, since it defines the type of API that you use. Do NOT expose your access token anywhere in public forums, public repositories or on your website's client-side code like HTML or JavaScript. Exposing it to the public may lead to data theft, loss, or corruption.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Overview Dashboard
In today's world, your recruitment process is defined by who you hire and how you're trying to hire them. This leads to organizations developing unique recruitment methods, which are often multi-layered as responsibilities are divided among various ...Interviews: An Overview
In the word of recruitment, the orchestration of interviews often resembles a complex and intricate symphony. Coordinating schedules, communicating with candidates and interviewers, and tracking each interview's progress can be akin to conducting an ...Customization: An Overview
Welcome to the Customization overview in Zoho Recruit. Forget cookie-cutter solutions – Zoho Recruit is not just another applicant tracking system, it helps you tailor data fields like a bespoke suit. Imagine a user interface that dances to your ...Overview
Interviews are a critical turning point in any hiring process. Conventionally, interviews used to be a moment where the recruiter and the hiring team would sit face-to-face with the candidate and analyze their skills and experience. In a more modern ...Overview
Create your survey in minutes, reach your candidates on every device and view results graphically and in real-time with the Zoho Survey integration. Zoho Survey lets you automatically gather information in real-time, analyze it, and act upon the ...
New to Zoho LandingPage?
Zoho LandingPage Resources