All Zoho Assist APIs needs to be authenticated using an oauth token.

OAuth 2.0 is an open authorization protocol which grants third party applications limited access to user accounts on an HTTP service. The authentication and authorization process is facilitated only between the end-user and the HTTP service. Zoho APIs use OAuth 2.0 to provide dependable security for your application data. It delegates authorization and authentication for web and desktop applications, and mobile devices.

You can abtain an OAuth token by following the steps mentioned below:

1. Register your application
2. Get an authorization grant
3. Get an access token

1. Register Your Application

Before integrating Zoho APIs with your application using OAuth, you must register your application with Zoho. This can be done through the developer console of your Zoho account, where you will have to provide details regarding your application like Name , Website , Redirect URI, or Callback URL. Once the authorization is approved or denied, the user will be redirected to the callback URL specified at the time of registration.

Once your application is registered, the service will issue a client ID and a client secret. Client ID is used by Zoho to verify the identity of the application and has a public visibility. Client secret is used to authorize the appropriate resources that can be accessed by the authenticated application. Client secret will be known only to Zoho APIs and the authenticated application.

Sample Response

On calling the api, it will redirect to the redirect uri given with the authorization grant appended to it like below:
https://app.example.com/oauth?state=tempstate&code=1000.47b8fa1a1676bda5da938decdf0cf0d6.d3f48797707de05fcac81d135dc7b6c0

2. Get An Authorization Grant

URL : https://accounts.zoho.com/oauth/v2/auth

Params :

scope=<Scopes for which token has to be generated> Eg : ZohoAssist.userapi.READ,ZohoAssist.sessionapi.CREATE
client_id=The client ID of the integrating app.
state=An opaque string that will be returned as a URI parameter.
response_type=code
redirect_uri=https://app.example.com/oauth (Redirect URI of your choice)
access_type=offline (The allowed values are offline and online)

Available Scopes :

Scopes Scope operations available
userapi ZohoAssist.userapi.READ
sessionapi ZohoAssist.sessionapi.CREATE
unattended.computer ZohoAssist.unattended.computer.READ
ZohoAssist.unattended.computer.UPDATE
ZohoAssist.unattended.computer.DELETE
unattended.group ZohoAssist.unattended.group.READ
ZohoAssist.unattended.group.CREATE
ZohoAssist.unattended.group.UPDATE
ZohoAssist.unattended.group.DELETE
reportapi ZohoAssist.reportapi.READ

Actions Under Each Scope :
1. Userapi

Know who you are on Zoho Assist.

2. Sessionapi

Create your remote support sessions using Zoho Assist.

3. Unattended.Computer

View and manage unattended computers configured on Zoho Assist.
Update unattended computers configured on Zoho Assist.
Delete unattended computers configured on Zoho Assist.

4. Unattended.Group

View unattended computer groups on Zoho Assist.
Create unattended computer groups on Zoho Assist.
Update unattended computer groups on Zoho Assist.
Delete unattended computer groups on Zoho Assist.

5. Reportapi

View remote support and unattended session reports on Zoho Assist.

Sample Response

{ "expires_in": 3000, "refresh_token": "1000.4038qw5a8a5af1234ce920a45sx388a6.a450db33ca9e80701b1a23c8fe98e62e", "access_token": "1000.c656b09869cfef3be0ca145e44143fa9.a11f43090a54d71dc0797ec92bf34b9e" }

3. Get An Access Token

After getting the authorization grant, post it to the below API to get the access token and the refresh token.

URL : https://accounts.zoho.com/oauth/v2/token

Params :

code=Obtained in the above step.
client_id=The client ID of the integrating app.
client_secret=Obtained during client registration
redirect_uri=Same URI that was used in the above step.
grant_type=authorization_code