Zoho Deluge - Get Refresh/Access Token API v2

What?
A sorta quick article to note how I can generate refresh tokens and access tokens using Zoho Deluge code (so within Zoho Creator, CRM or Books) without XML calls.

Why?
I find myself using this more and more now that API v1 is on the way out and Zoho Deluge by itself is limited somewhat with regards to functionality and record editing when compared to API v2.

How?
Note that this is using Zoho Deluge and not another server-side script such as PHP to send the requests via API.

Following standard OAuth 2.0 procedures, we will get a Code to generate a Refresh token, once we have a Refresh token we will generate an Access token.

Pre-amble
Quit trying to generate an authtoken v1 (CRM Deprecation Sunset Date: 31st December 2019).
  1. Go to the Zoho Developer Console
  2. Create a Zoho Client ID
  3. Either use self-client for a code or use the below to generate one.

Code
Here you will need your own client ID and client secret generated from the developer console in the following snippet:
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";  // can be any endpoint that does not redirect or reformat the resulting URL
//  
// get Grant Token
v_EndPoint = "https://accounts.zoho.com/oauth/v2/auth";
v_Scope = "ZohoBooks.contacts.ALL,ZohoBooks.invoices.ALL,ZohoBooks.purchaseorders.ALL";
v_State = "testing";
v_ResponseType = "code";
v_Access = "offline";
v_Prompt = "consent";
l_Params = List();
l_Params.add("scope=" + v_Scope);
l_Params.add("client_id=" + v_ClientID);
l_Params.add("state=" + v_State);
l_Params.add("response_type=" + v_ResponseType);
l_Params.add("redirect_uri=" + v_RedirectUri);
l_Params.add("access_type=" + v_Access);
l_Params.add("prompt=" + v_Prompt);
v_Url = v_EndPoint + "?" + l_Params.toString("&");
info v_Url;
openUrl( v_Url , "new window");
This will open a page for you with a Zoho Consent form where you confirm whether your app is allowed to access the data within the specified scope(s). If you run this as a standalone, then this will simply tell you what the link is to go to. Agree and note the code parameter passed in the URL (ie. "&code=..."). Also note that any generated code immediately expires any previously generated code.

Refresh Token
With the code you have received via the URL, enter this in the code below to generate a refresh token:
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";
//  
// enter the code received in the previous step
v_Code = "1000.00001111222233334444555566667777888899990000aaaabbbbccccddddeeeef";
v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
v_GrantType = "authorization_code";
m_Payload = Map();
m_Payload.put("code",v_Code);
m_Payload.put("client_id",v_ClientID);
m_Payload.put("client_secret",v_ClientSecret);
m_Payload.put("redirect_uri",v_RedirectUri);
m_Payload.put("grant_type",v_GrantType);
r_AuthToken = invokeurl
[
	url :v_EndPoint
	type :POST
	parameters:m_Payload
];
info r_AuthToken;
Once you have a refresh token, it is not necessary to generate another refresh token as it does not expire. You would only generate a new one if you were changing scope. There is a limit of 20 refresh tokens. Any refresh tokens generated after will overwrite the oldest one.

Access Token
This will expire after 1 hour so either you find a way to store the access token for reuse or generate a new one in every request.
v_ClientID = "1000.ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
v_ClientSecret = "aaaabbbbccccddddeeeeffff111122223333444455";
v_RedirectUri = "https://www.zoho.com/books";
//  
// enter the refresh token received in the previous step
v_RefreshToken = "1000.aaaabbbbccccddddeeeeffff11112222.33334444555566667777888899990000";
v_EndPoint = "https://accounts.zoho.com/oauth/v2/token";
v_GrantType = "refresh_token";
m_Payload = Map();
m_Payload.put("refresh_token",v_RefreshToken);
m_Payload.put("client_id",v_ClientID);
m_Payload.put("client_secret",v_ClientSecret);
m_Payload.put("redirect_uri",v_RedirectUri);
m_Payload.put("grant_type",v_GrantType);
r_AuthToken = invokeurl
[
	url :v_EndPoint
	type :POST
	parameters:m_Payload
];
v_AccessToken = r_AuthToken.get("access_token");

Now you have an access token you can build your header and send requests:
m_Header = Map();
m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");  // optional
m_Data= Map();
m_Data.put("data",m_RecordData.toJSONList());  // NOTE: convert this to a JSON Array
r_RecordUpdate = invokeUrl
[
	url :v_EndPoint
	type :PUT
	headers: m_Header
	parameters:m_Data.toString() 
];
// NOTE: convert parameters variable to a string

Common Error(s):
  • {"error":"invalid_code"}: Happens if you have a wrong CODE or generated another one after the one you're using. You need to use the latest CODE as any new one expires any previously generated ones. A code lasts between 1 to 10 minutes.
  • {"code": "AUTHENTICATION_FAILURE","details": [],"message": "Authentication failed","status": "error"}: I have had this error with API v2 when I'm using PHP/cURL and not deluge to get a list of contact records. As I'm listing errors encountered, I'm adding it to this list. If submitting the headers as an array, note that it must NOT be an associative array:
    // this won't work
    $a_Header['Authorization'] = "Zoho-oauthtoken " . $v_AccessToken;
    $a_Header['Content-Type'] = "application/x-www-form-urlencoded;charset=UTF-8";
    
    // this will work
    $a_Header[0] = "Authorization: Zoho-oauthtoken " . $v_AccessToken;
    $a_Header[1] = "Content-Type: application/x-www-form-urlencoded;charset=UTF-8";
    
    If you are using the SDK and still get the above error, try setting the currentUserEmail to the email address of the super admin of your system just to check, then set a valid user preferably other than the super-admin.
  • {"code":"INVALID_DATA","details":{"expected_data_type":"jsonobject"},"message":"body","status":"error"}: Happens if you don't convert the field-value pair dataset to a string:
    m_RecordData = Map();
    m_RecordData.put("Field_To_Update", "Value_To_Put");
    m_Data = Map();
    m_Data.put("data",m_RecordData.toJSONList());
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	headers: m_Header
    	parameters:m_Data  // MISSING .toString() to convert this ensuring it is not a list or map
    ];
    
  • {"code":"AUTHTOKEN_DEPRECATED","details":{},"message":"Authtoken support is deprecated","status":"error"}: Happens when using a CRM connector of type "Zoho". Another type of connector for v2 is called "Zoho OAuth". Re-create the connectors with the latter:
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	parameters:m_Data
    	connection: myconnector
    ];
    
  • {"code":4,"message":"Invalid value passed for JSONString"}: Can happen when posting to ZohoBooks and you haven't put JSONString into a map as follows:
    m_Header = Map();
    m_Header.put("Authorization","Zoho-oauthtoken " + v_AccessToken);
    m_Header.put("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
    m_CreateContactPerson = Map();
    m_CreateContactPerson.put("contact_id", "1234567890123456");  // the account ID in books
    m_CreateContactPerson.put("first_name", "Joel");
    m_CreateContactPerson.put("last_name", "Lipman");
    m_CreateContactPerson.put("email", "This email address is being protected from spambots. You need JavaScript enabled to view it.");
    m_CreateRecord = Map();
    m_CreateRecord.put("JSONString",m_CreateContactPerson);
    r_Response = invokeUrl [
        url: "https://books.zoho.com/api/v3/contacts/contactpersons?organization_id=12345678901"
        type: POST
        headers: m_Header
        parameters: m_CreateRecord
    ];
    
  • {"code":"MANDATORY_NOT_FOUND","details":{"api_name":"data"},"message":"required field not found","status":"error"}: Happens if you put "JSONstring" instead of "data". Depending on the context of your code (ie. Books API v3=JSONString; CRM API v2=data), you will need to put either. Or your request is missing a field that is required by your CRM (is set to mandatory for users to enter data). Otherwise:
    m_Data = Map();
    m_Data.put("JSONString",m_RecordData.toJSONList());   // change JSONString to data
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	headers: m_Header
    	parameters:m_Data.toString() 
    ];
    
  • {"code":"INVALID_DATA","details":{"expected_data_type":"jsonarray","api_name":"data"},"message":"invalid data","status":"error"}: Happens if you submit "data" as something other than a JSON Array:
    m_Data = Map();
    m_Data.put("data",m_RecordData);  // MISSING .toJSONList() to convert m_RecordData to a JSON Array
    r_RecordUpdate = invokeUrl
    [
    	url :v_EndPoint
    	type :PUT
    	headers: m_Header
    	parameters:m_Data.toString() 
    ];
    
  • {"code":"INVALID_TOKEN","details":{},"message":"invalid oauth token","status":"error"}: Can happen if the request is out of scope but also if your endpoint is going to .COM instead of .EU (or vice-versa). You can check this by logging into your Zoho product (eg. CRM) and looking at the top level domain
    // If your CRM is accessed by visiting https://www.zoho.com/eu or https://crm.zoho.eu then
    v_Endpoint = "https://accounts.zoho.eu/oauth/v2/auth";   // for EU servers
    v_Endpoint = "https://accounts.zoho.eu/oauth/v2/token";   // for EU servers
    v_Endpoint = "https://www.zohoapis.eu/crm/v2/<module_name>";   // for EU servers
    
    // If your CRM is accessed by visiting https://www.zoho.com/crm or https://crm.zoho.com then
    v_Endpoint = "https://accounts.zoho.com/oauth/v2/auth";   // for US servers
    v_Endpoint = "https://accounts.zoho.com/oauth/v2/token";   // for US servers
    v_Endpoint = "https://www.zohoapis.com/crm/v2/<module_name>";  // for US servers
    
    // If your CRM is accessed by visiting https://www.zoho.com.cn/crm or https://crm.zoho.com.cn then
    v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/auth";   // for China servers
    v_Endpoint = "https://accounts.zoho.com.cn/oauth/v2/token";   // for China servers
    v_Endpoint = "https://www.zohoapis.com.cn/crm/v2/<module_name>";  // for China servers
    

Scope(s) to include ALL modules:
  • Books: ZohoBooks.fullaccess.all
  • CRM: ZohoCRM.modules.ALL,ZohoCRM.settings.ALL

Zoho Books API v3 Limits 2019:
  • Free Organization - 1000 API calls/day and 100 API calls/minute
  • Paid Organization - 2500 API calls/day and 100 API calls/minute

Zoho CRM API v2 Limits 2019:
  • Free Edition:   5000 API calls/day
  • Standard/Starter Edition:   5000 + (Number of User licenses x 250) API calls/day   [Maximum 100,000]
  • Professional Edition:   10000 + (Number of User licenses x 500) API calls/day   [Maxiumum 500,000]
  • Enterprise/Zoho One/CRM Plus:   15000 + (Number of User licenses x 1000) API calls/day   [Maximum 1,000,000]
  • Ultimate Edition:   15000 + (Number of User licenses x 2000) API calls/day   [Maximum 2,000,000]

Source(s):

Related Articles

Joes Revolver Map

Accreditation

Badge - Certified Zoho Creator Associate
Badge - Certified Zoho Creator Associate

Donate & Support

If you like my content, and would like to support this sharing site, feel free to donate using a method below:

Paypal:
Donate to Joel Lipman via PayPal

Bitcoin:
Donate to Joel Lipman with Bitcoin - Valid till 8 May 2022 3QnhmaBX7LQSRsC9hh6Je9rGQKEGNQNfPb
© 2021 Joel Lipman .com. All Rights Reserved.