Developer API Help

Using Authentication Token

The Zoho CRM API is available in all editions of Zoho CRM. To use the API, you'll require the Zoho CRM Authentication Token from your CRM account. Please make sure that you have the permission to access the API service. If you do not have permission, please contact your CRM administrator.

Generate Auth Token

To generate the Auth Token, you need to send an authentication request to Zoho Accounts using the URL format below. Make sure that you are a confirmed user, else while generating the Auth Token the you might receive an error - "ACCOUNT_REGISTRATION_NOT_CONFIRMED".


  • User Auth Token must be kept confidential.
  • Do NOT expose your Auth Token anywhere in public forums, public repositories or on your website's client side code like HTML or JavaScript.
  • Exposing it to public may lead to data theft, loss or corruption.

URL Format

API Mode: CRM Username or Email ID&PASSWORD=Your Zoho CRM Password

Using Two-factor Authentication?

If you're using the two factor authentication to access your Zoho CRM account, follow these steps to generate the Auth Token in API mode:

  1. Log in to Zoho CRM.
  2. Open
  3. In the Zoho Accounts Home page, click Two Factor Authentication.
  4. In the Two Factor Authentication page, click on the Manage Application Specific Passwords.
  5. In the Application Specific Passwords pop-up, do the following:
    1. Enter the Device or App Name
    2. Enter the current password
    3. Click Generate. You will receive the new application-specific password with spaces.
  6. Remove the spaces in password and include in the below URL:

Parameters to be passed along with this URL are:

Parameter Description
EMAIL_ID Specify your Zoho CRM Username or Email ID
scope Specify the value as ZohoCRM/crmapi
PASSWORD Specify your Zoho CRM Password

For more information, please refer Two factor Authentication help page.

Browser Mode:

Log in to Zoho CRM in a new window and use the following url:

If you are a Google Apps User, you can log into your CRM account and then use the browser mode format to generate the Authentication Token.

Sample Response

#Wed Feb 29 03:07:33 PST 2012


  • The Auth Token can be used in all your API calls. You can also see the URL format under Setup > Developer Space > CRM API.
  • You need to be logged into your CRM account to use the Browser Mode.


Here's an example to fetch records:

Manage Auth Tokens

You can view, delete and regenerate the Auth Token generated for your account from the 'My Zoho Account' Page.

      1. Log in to Zoho CRM
      2. Open [Username] > My Zoho Account
      3. In the My Zoho Account page, click Settings > Active Authtokens
        In this page, you can also Remove or Regenerate Auth Tokens.


  • Removing an Auth Token will delete the token permanently.
  • If you regenerate Auth Token, update your program with the new token.

Points to Remember

      • The Auth Token is user-specific and is a permanent token.
      • On deletion, the existing token will be deleted permanently. The new token has to be replaced in all API calls.
      • The Auth Token of a user's account will become invalid if the user is deactivated.
      • We notify CRM administrators (Users with "Administrator" profile) if your organization exceeds the API limit. We also provide API Statistics for better assessment of your integration requirements.
      • In case, your application requires more than the upper limit, your additional API requests will not be processed. To avoid data transfer issues, please assess your API requirements well in advance. If you need any help, please contact our Support at