Note: This post is for those who're using the Application Programming Interfaces (APIs) of Zoho Campaigns to integrate applications they've developed on their own or applications that don't have a direct integration with Zoho Campaigns. (Here's a list of applications that have a direct integration with Zoho Campaigns.)
With an aim of strengthening Zoho Campaigns' API authentication method, we're deprecating auth tokens and mandating OAuth. Launched originally on Feb 13, 2019, OAuth is aimed at providing increased security, allowing the account owner to validate the scope of the developer- or user-requested actions.
In the soon-to-be-deprecated method, the static API key or auth token present inside the product has to be manually copied and shared by the account owner to the user. So unless and until the account owner revokes the access, the user will continue to access the data between Zoho Campaigns and other applications. However, if the access is revoked, it stalls all the integration of the user.
OAuth overcomes this, while ruling out any potential misuse of data. This method runs on top of two components: access tokens and refresh tokens. The latter renews the former when it expires after an hour, thereby preventing unauthorized users from using the access tokens. While requesting for the access and refresh tokens, the user has to specify the scope of actions they'd like to perform. The authorization request is then forwarded to the particular account owner by Zoho Accounts.
If you're currently using Zoho Campaigns APIs with auth tokens, you should upgrade to OAuth on or before March 20, 2021. Here's a detailed how-to guide on migrating to OAuth.
If you have any questions, please feel free to write to us at support@zohocampaigns.com.