Overview

Zoho Assist APIs use OAuth 2.0 for authentication. This page gives you an overview of the authentication process. For complete details on OAuth 2.0 flows, registration, token management, and more, refer to Zoho OAuth 2.0 documentation.

How it works

To access Zoho Assist APIs, your application needs an access token obtained through one of the OAuth 2.0 flows. At a high level, the steps are:

1.Register your application in the Zoho API console.

2.Get consent from user to access their data and obtain an access token.

3.Call Zoho Assist APIs using the access token.

Token expiry: Access tokens expire periodically. The expiry duration is mentioned as expires_in  (seconds) in the access token response. To maintain uninterrupted access, you can request for an optional refresh token, store it, and use it to generate new access tokens as needed.

Different OAuth flows for different app types: Zoho supports OAuth flows for different application types (server-based, client-based, mobile & desktop-based, limited input devices, and self client). You can choose the flow that matches your application.

Multi DC support: Zoho operates data centres in multiple regions. If your application serves users across regions, you must enable Multi DC support in the API console and use region-specific endpoints for both OAuth and Product API calls. See Multi-DC Support