Zoho Deluge - Get Refresh/Access Token API v2

What?
A sorta quick article to note how I can generate refresh tokens and access tokens using Zoho Deluge code (so within Zoho Creator, CRM or Books) without XML calls.

Why?
I find myself using this more and more now that API v1 is on the way out and Zoho Deluge by itself is limited somewhat with regards to functionality and record editing when compared to API v2.

How?
Note that this is using Zoho Deluge and not another server-side script such as PHP to send the requests via API.

Following standard OAuth 2.0 procedures, we will get a Code to generate a Refresh token, once we have a Refresh token we will generate an Access token.

Pre-amble
Quit trying to generate an authtoken v1 (CRM Deprecation Sunset Date: 31st December 2019).

Go to the Zoho Developer Console
Create a Zoho Client ID
Either use self-client for a code or use the below to generate one.

Code
Here you will need your own client ID and client secret generated from the developer console in the following snippet:

copy raw

v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";  // can be any endpoint that does not redirect or reformat the resulting URL
//  
// get Grant Token
v_EndPoint = "https://accounts.zoho.com/oauth/v2/auth";
v_Scope = "ZohoBooks.contacts.ALL,ZohoBooks.invoices.ALL,ZohoBooks.purchaseorders.ALL";
v_State = "testing";
v_ResponseType = "code";
v_Access = "offline";
v_Prompt = "consent";
l_Params = List();
l_Params.add("scope=" + v_Scope);
l_Params.add("client_id=" + v_ClientID);
l_Params.add("state=" + v_State);
l_Params.add("response_type=" + v_ResponseType);
l_Params.add("redirect_uri=" + v_RedirectUri);
l_Params.add("access_type=" + v_Access);
l_Params.add("prompt=" + v_Prompt);
v_Url = v_EndPoint + "?" + l_Params.toString("&");
info v_Url;
openUrl( v_Url , "new window");

v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books"; // can be any endpoint that does not redirect or reformat the resulting URL
//
// get Grant Token
v_EndPoint = "https://accounts.zoho.com/oauth/v2/auth";
v_Scope = "ZohoBooks.contacts.ALL,ZohoBooks.invoices.ALL,ZohoBooks.purchaseorders.ALL";
v_State = "testing";
v_ResponseType = "code";
v_Access = "offline";
v_Prompt = "consent";
l_Params = List();
l_Params.add("scope=" + v_Scope);
l_Params.add("client_id=" + v_ClientID);
l_Params.add("state=" + v_State);
l_Params.add("response_type=" + v_ResponseType);
l_Params.add("redirect_uri=" + v_RedirectUri);
l_Params.add("access_type=" + v_Access);
l_Params.add("prompt=" + v_Prompt);
v_Url = v_EndPoint + "?" + l_Params.toString("&");
info v_Url;
openUrl( v_Url , "new window");

This will open a page for you with a Zoho Consent form where you confirm whether your app is allowed to access the data within the specified scope(s). If you run this as a standalone, then this will simply tell you what the link is to go to. Agree and note the code parameter passed in the URL (ie. "&code=..."). Also note that any generated code immediately expires any previously generated code.

Refresh Token
With the code you have received via the URL, enter this in the code below to generate a refresh token:

copy raw

v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";
//  
// enter the code received in the previous step
v_Code = "1000.00001111222233334444555566667777888899990000aaaabbbbccccddddeeeef";
v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
v_GrantType = "authorization_code";
m_Payload = Map();
m_Payload.put("code",v_Code);
m_Payload.put("client_id",v_ClientID);
m_Payload.put("client_secret",v_ClientSecret);
m_Payload.put("redirect_uri",v_RedirectUri);
m_Payload.put("grant_type",v_GrantType);
r_AuthToken = invokeurl
[
	url :v_EndPoint
	type :POST
	parameters:m_Payload
];
info r_AuthToken;

v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";
//
// enter the code received in the previous step
v_Code = "1000.00001111222233334444555566667777888899990000aaaabbbbccccddddeeeef";
v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
v_GrantType = "authorization_code";
m_Payload = Map();
m_Payload.put("code",v_Code);
m_Payload.put("client_id",v_ClientID);
m_Payload.put("client_secret",v_ClientSecret);
m_Payload.put("redirect_uri",v_RedirectUri);
m_Payload.put("grant_type",v_GrantType);
r_AuthToken = invokeUrl
[
url :v_EndPoint
type :POST
parameters:m_Payload
];
info r_AuthToken;

Once you have a refresh token, it is not necessary to generate another refresh token as it does not expire. You would only generate a new one if you were changing scope. There is a limit of 20 refresh tokens. Any refresh tokens generated after will overwrite the oldest one.

Access Token
This will expire after 1 hour so either you find a way to store the access token for reuse or generate a new one in every request.

copy raw

v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";
//  
// enter the refresh token received in the previous step
v_RefreshToken = "1000.aaaabbbbccccddddeeeeffff11112222.33334444555566667777888899990000";
v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
v_GrantType = "refresh_token";
m_Payload = Map();
m_Payload.put("refresh_token",v_RefreshToken);
m_Payload.put("client_id",v_ClientID);
m_Payload.put("client_secret",v_ClientSecret);
m_Payload.put("redirect_uri",v_RedirectUri);
m_Payload.put("grant_type",v_GrantType);
r_AuthToken = invokeurl
[
	url :v_EndPoint
	type :POST
	parameters:m_Payload
];
v_AccessToken = r_AuthToken.get("access_token");

v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";
//
// enter the refresh token received in the previous step
v_RefreshToken = "1000.aaaabbbbccccddddeeeeffff11112222.33334444555566667777888899990000";
v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
v_GrantType = "refresh_token";
m_Payload = Map();
m_Payload.put("refresh_token",v_RefreshToken);
m_Payload.put("client_id",v_ClientID);
m_Payload.put("client_secret",v_ClientSecret);
m_Payload.put("redirect_uri",v_RedirectUri);
m_Payload.put("grant_type",v_GrantType);
r_AuthToken = invokeUrl
[
url :v_EndPoint
type :POST
parameters:m_Payload
];
v_AccessToken = r_AuthToken.get("access_token");

Now you have an access token you can build your header and send requests:

copy raw

m_Header = Map();
m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");  // optional
m_Data= Map();
m_Data.put("data",m_RecordData.toJSONList());  // NOTE: convert this to a JSON Array
r_RecordUpdate = invokeUrl
[
	url :v_EndPoint
	type :PUT
	headers: m_Header
	parameters:m_Data.toString() 
];
// NOTE: convert parameters variable to a string

m_Header = Map();
m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8"); // optional
m_Data= Map();
m_Data.put("data",m_RecordData.toJSONList()); // NOTE: convert this to a JSON Array
r_RecordUpdate = invokeUrl
[
url :v_EndPoint
type :PUT
headers: m_Header
parameters:m_Data.toString()
];
// NOTE: convert parameters variable to a string

Common Error(s):

{"error":"invalid_code"}: Happens if you have a wrong CODE or generated another one after the one you're using. You need to use the latest CODE as any new one expires any previously generated ones. A code lasts between 1 to 10 minutes.
{"code": "AUTHENTICATION_FAILURE","details": [],"message": "Authentication failed","status": "error"}: I have had this error with API v2 when I'm using PHP/cURL and not deluge to get a list of contact records. As I'm listing errors encountered, I'm adding it to this list. If submitting the headers as an array, note that it must NOT be an associative array:
copyrawstyler
```
// this won't work
$a_Header['Authorization'] = "Zoho-oauthtoken " . $v_AccessToken;
$a_Header['Content-Type'] = "application/x-www-form-urlencoded;charset=UTF-8";

// this will work
$a_Header[0] = "Authorization: Zoho-oauthtoken " . $v_AccessToken;
$a_Header[1] = "Content-Type: application/x-www-form-urlencoded;charset=UTF-8";
```
1. // this won't work
2. $a_Header['Authorization'] = "Zoho-oauthtoken " . $v_AccessToken;
3. $a_Header['Content-Type'] = "application/x-www-form-urlencoded;charset=UTF-8";
5. // this will work
6. $a_Header[0] = "Authorization: Zoho-oauthtoken " . $v_AccessToken;
7. $a_Header[1] = "Content-Type: application/x-www-form-urlencoded;charset=UTF-8";
If you are using the SDK and still get the above error, try setting the currentUserEmail to the email address of the super admin of your system just to check, then set a valid user preferably other than the super-admin.
{"code":"INVALID_DATA","details":{"expected_data_type":"jsonobject"},"message":"body","status":"error"}: Happens if you don't convert the field-value pair dataset to a string:
copyrawstyler
```
m_RecordData = Map();
m_RecordData.put("Field_To_Update", "Value_To_Put");
m_Data = Map();
m_Data.put("data",m_RecordData.toJSONList());
r_RecordUpdate = invokeUrl
[
	url :v_EndPoint
	type :PUT
	headers: m_Header
	parameters:m_Data  // MISSING .toString() to convert this ensuring it is not a list or map
];
```
1. m_RecordData = Map();
2. m_RecordData.put("Field_To_Update", "Value_To_Put");
3. m_Data = Map();
4. m_Data.put("data",m_RecordData.toJSONList());
5. r_RecordUpdate = invokeUrl
6. [
7. url :v_EndPoint
8. type :PUT
9. headers: m_Header
10. parameters:m_Data // MISSING .toString() to convert this ensuring it is not a list or map
11. ];
{"code":"AUTHTOKEN_DEPRECATED","details":{},"message":"Authtoken support is deprecated","status":"error"}: Happens when using a CRM connector of type "Zoho". Another type of connector for v2 is called "Zoho OAuth". Re-create the connectors with the latter:
copyrawstyler
```
r_RecordUpdate = invokeUrl
[
	url :v_EndPoint
	type :PUT
	parameters:m_Data
	connection: myconnector
];
```
1. r_RecordUpdate = invokeUrl
2. [
3. url :v_EndPoint
4. type :PUT
5. parameters:m_Data
6. connection: myconnector
7. ];
{"code":4,"message":"Invalid value passed for JSONString"}: Can happen when posting to ZohoBooks and you haven't put JSONString into a map as follows:
copyrawstyler
```
m_Header = Map();
m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
m_CreateContactPerson = Map();
m_CreateContactPerson.put("contact_id", "1234567890123456");  // the account ID in books
m_CreateContactPerson.put("first_name", "Joel");
m_CreateContactPerson.put("last_name", "Lipman");
m_CreateContactPerson.put("email", "This email address is being protected from spambots. You need JavaScript enabled to view it.");
m_CreateRecord = Map();
m_CreateRecord.put("JSONString",m_CreateContactPerson);
r_Response = invokeUrl [
    url: "https://books.zoho.com/api/v3/contacts/contactpersons?organization_id=12345678901"
    type: POST
    headers: m_Header
    parameters: m_CreateRecord
];
```
1. m_Header = Map();
2. m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
3. m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
4. m_CreateContactPerson = Map();
5. m_CreateContactPerson.put("contact_id", "1234567890123456"); // the account ID in books
6. m_CreateContactPerson.put("first_name", "Joel");
7. m_CreateContactPerson.put("last_name", "Lipman");
8. m_CreateContactPerson.put("email", "This email address is being protected from spambots. You need JavaScript enabled to view it.");
9. m_CreateRecord = Map();
10. m_CreateRecord.put("JSONString",m_CreateContactPerson);
11. r_Response = invokeUrl [
12. url: "https://books.zoho.com/api/v3/contacts/contactpersons?organization_id=12345678901"
13. type: POST
14. headers: m_Header
15. parameters: m_CreateRecord
16. ];
{"code":"MANDATORY_NOT_FOUND","details":{"api_name":"data"},"message":"required field not found","status":"error"}: Happens if you put "JSONstring" instead of "data". Depending on the context of your code (ie. Books API v3=JSONString; CRM API v2=data), you will need to put either. Or your request is missing a field that is required by your CRM (is set to mandatory for users to enter data). Otherwise:
copyrawstyler
```
m_Data = Map();
m_Data.put("JSONString",m_RecordData.toJSONList());   // change JSONString to data
r_RecordUpdate = invokeUrl
[
	url :v_EndPoint
	type :PUT
	headers: m_Header
	parameters:m_Data.toString() 
];
```
1. m_Data = Map();
2. m_Data.put("JSONString",m_RecordData.toJSONList()); // change JSONString to data
3. r_RecordUpdate = invokeUrl
4. [
5. url :v_EndPoint
6. type :PUT
7. headers: m_Header
8. parameters:m_Data.toString()
9. ];
{"code":"INVALID_DATA","details":{"expected_data_type":"jsonarray","api_name":"data"},"message":"invalid data","status":"error"}: Happens if you submit "data" as something other than a JSON Array:
copyrawstyler
```
m_Data = Map();
m_Data.put("data",m_RecordData);  // MISSING .toJSONList() to convert m_RecordData to a JSON Array
r_RecordUpdate = invokeUrl
[
	url :v_EndPoint
	type :PUT
	headers: m_Header
	parameters:m_Data.toString() 
];
```
1. m_Data = Map();
2. m_Data.put("data",m_RecordData); // MISSING .toJSONList() to convert m_RecordData to a JSON Array
3. r_RecordUpdate = invokeUrl
4. [
5. url :v_EndPoint
6. type :PUT
7. headers: m_Header
8. parameters:m_Data.toString()
9. ];
{"code":"INVALID_TOKEN","details":{},"message":"invalid oauth token","status":"error"}: Can happen if the request is out of scope but also if your endpoint is going to .COM instead of .EU (or vice-versa). You can check this by logging into your Zoho product (eg. CRM) and looking at the top level domain
copyrawstyler
```
// If your CRM is accessed by visiting https://www.zoho.com/eu or https://crm.zoho.eu then
v_Endpoint = "https://accounts.zoho.eu/oauth/v2/auth";   // for EU servers
v_Endpoint = "https://accounts.zoho.eu/oauth/v2/token";   // for EU servers
v_Endpoint = "https://www.zohoapis.eu/crm/v2/<module_name>";   // for EU servers

// If your CRM is accessed by visiting https://www.zoho.com/crm or https://crm.zoho.com then
v_Endpoint = "https://accounts.zoho.com/oauth/v2/auth";   // for US servers
v_Endpoint = "https://accounts.zoho.com/oauth/v2/token";   // for US servers
v_Endpoint = "https://www.zohoapis.com/crm/v2/<module_name>";  // for US servers

// If your CRM is accessed by visiting https://www.zoho.com.cn/crm or https://crm.zoho.com.cn then
v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/auth";   // for China servers
v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/token";   // for China servers
v_Endpoint = "https://www.zohoapis.com.cn/crm/v2/<module_name>";  // for China servers
```
1. // If your CRM is accessed by visiting https://www.zoho.com/eu or https://crm.zoho.eu then
2. v_Endpoint = "https://accounts.zoho.eu/oauth/v2/auth"; // for EU servers
3. v_Endpoint = "https://accounts.zoho.eu/oauth/v2/token"; // for EU servers
4. v_Endpoint = "https://www.zohoapis.eu/crm/v2/<module_name>"; // for EU servers
6. // If your CRM is accessed by visiting https://www.zoho.com/crm or https://crm.zoho.com then
7. v_Endpoint = "https://accounts.zoho.com/oauth/v2/auth"; // for US servers
8. v_Endpoint = "https://accounts.zoho.com/oauth/v2/token"; // for US servers
9. v_Endpoint = "https://www.zohoapis.com/crm/v2/<module_name>"; // for US servers
11. // If your CRM is accessed by visiting https://www.zoho.com.cn/crm or https://crm.zoho.com.cn then
12. v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/auth"; // for China servers
13. v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/token"; // for China servers
14. v_Endpoint = "https://www.zohoapis.com.cn/crm/v2/<module_name>"; // for China servers

Scope(s) to include ALL modules:

Books: ZohoBooks.fullaccess.all
CRM: ZohoCRM.modules.ALL,ZohoCRM.settings.ALL

Zoho Books API v3 Limits 2019:

Free Organization - 1000 API calls/day and 100 API calls/minute
Paid Organization - 2500 API calls/day and 100 API calls/minute

Zoho CRM API v2 Limits 2019:

Free Edition: 5000 API calls/day
Standard/Starter Edition: 5000 + (Number of User licenses x 250) API calls/day [Maximum 100,000]
Professional Edition: 10000 + (Number of User licenses x 500) API calls/day [Maxiumum 500,000]
Enterprise/Zoho One/CRM Plus: 15000 + (Number of User licenses x 1000) API calls/day [Maximum 1,000,000]
Ultimate Edition: 15000 + (Number of User licenses x 2000) API calls/day [Maximum 2,000,000]

Source(s):

Category: Zoho :: Article: 687