Share Records

Purpose

To share a record with other users in the organization.

Request Details

Request URL

{api-domain}/crm/{version}/{module_api_name}/{record_id}/actions/share

Supported modules

Leads, Accounts, Contacts, Deals, Campaigns, Cases, Solutions, Products, Vendors, Price Books, Quotes, Sales Orders, Purchase Orders, Invoices, and Custom.

Header

Authorization: Zoho-oauthtoken d92d4xxxxxxxxxxxxx15f52

Scope

scope=ZohoCRM.share.{module_name}.{operation_type}

Possible module names

leads, accounts, contacts, deals, campaigns, cases, solutions, products, vendors, pricebooks, quotes, salesorders, purchaseorders, invoices, and custom.

Possible operation types

ALL - Full access to the record
CREATE - Share records with other users in the organization

Note
  • The records can be shared to other users in the organization only if certain conditions are met. For simplicity, let us assume that User A shares a record with User B. Now, user A can share the record successfully only if:

    • User B is a confirmed and active user.

    • User B does not have access to that particular record.

    • User B has access to that particular module. For instance, to share a contact, user B must have access to the Contacts module.

  • You cannot share the records in Activities module and Linking module directly. They can be shared as related lists.

  • The users who have profiles with share permission can share any records that they have access to, except the records that are shared to them. To check the same, go to Setup> Under Users and Control> Choose Security Control> Choose the profile> Under Tool Permissions> Check if 'share' is enabled. It is enabled by default for Standard and Administrator Profiles.

  • The details of the records that form many to many relationships (with multi-select lookup) cannot be shared.

  • A record can be shared only with 10 users.

  • Once the record gets shared successfully, the user who initiated the share operation will get notified via email.

  • The user can update the shared records using the PUT method. To know more, refer to Update Records.

Sample Request

Copiedcurl "https://www.zohoapis.com/crm/v2.1/Contacts/4150868000001176057/actions/share"
-X POST
-H "Authorization: Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
-d "@input.json"
3.0.08.0
CopiedString moduleAPIName = "Leads";
Long recordId = 3477061000005177002L;

//Get instance of ShareRecordsOperations Class that takes recordId and moduleAPIName as parameter
ShareRecordsOperations shareRecordsOperations = new ShareRecordsOperations(recordId, moduleAPIName);

//Get instance of BodyWrapper Class that will contain the request body
BodyWrapper request = new BodyWrapper();

//List of ShareRecord instances
List < ShareRecord > shareList = new ArrayList < ShareRecord > ();

//Get instance of ShareRecord Class
ShareRecord share1 = new ShareRecord();

for (int i = 0; i < 9; i++) {
    //Get instance of ShareRecord Class
    share1 = new ShareRecord();

    //Set the record is shared with or without related records.
    share1.setShareRelatedRecords(true);

    //Set the access permission given to the user for that record.
    share1.setPermission("read_write");

    User user = new User();

    user.setId(3477061000005791024 L);

    //Set the users details with whom the record is shared.
    share1.setUser(user);

    shareList.add(share1);
}

share1 = new ShareRecord();

share1.setShareRelatedRecords(true);

share1.setPermission("read_write");

User user = new User();

user.setId(3477061000005791024 L);

share1.setUser(user);

shareList.add(share1);

request.setShare(shareList);

//Call shareRecordsOperations method that takes BodyWrapper instance as parameter
APIResponse < ActionHandler > response = shareRecordsOperations.shareRecord(request);
Copiedpackage com.zoho.crm.api.sample.restapi.sharerecords;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpEntityEnclosingRequestBase;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
import org.json.JSONArray;
import org.json.JSONObject;
public class ShareRecords 
{
	@SuppressWarnings("deprecation")
	public static void main(String[] args) 
	{
		try
		{
			HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
			SSLContext sslContext = SSLContext.getDefault();
			SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
			CloseableHttpClient httpclient = httpClientBuilder.setSSLSocketFactory(sslConnectionSocketFactory).build();
			URIBuilder uriBuilder = new URIBuilder("https://www.zohoapis.com/crm/v2.1/Leads/34770617753001/actions/share");
			HttpUriRequest requestObj = new HttpPost(uriBuilder.build());
			HttpEntityEnclosingRequestBase requestBase = (HttpEntityEnclosingRequestBase) requestObj;
			JSONObject requestBody = new JSONObject();
			JSONArray recordArray = new JSONArray();
			JSONObject recordObject = new JSONObject();
			recordObject.put("share_related_records", true);
			recordObject.put("permission", "full_access");
			JSONObject user = new JSONObject();
			user.put("id", "34770615791024");
			recordObject.put("user", user);
			recordArray.put(recordObject);
			recordObject = new JSONObject();
			recordObject.put("share_related_records", true);
			recordObject.put("permission", "read_only");
			user = new JSONObject();
			user.put("id", "34770615791024");
			recordObject.put("user", user);
			recordArray.put(recordObject);
			requestBody.put("share", recordArray);
			requestBase.setEntity(new StringEntity(requestBody.toString(), HTTP.UTF_8));
			requestObj.addHeader("Authorization", "Zoho-oauthtoken 1000.xxxxxxx.xxxxxxx");
			HttpResponse response = httpclient.execute(requestObj);
			HttpEntity responseEntity = response.getEntity();
			System.out.println("HTTP Status Code : " + response.getStatusLine().getStatusCode());
			if(responseEntity != null)
			{
				Object responseObject = EntityUtils.toString(responseEntity);
				String responseString = responseObject.toString();
				System.out.println(responseString);
			}
		}
		catch(Exception ex)
		{
			ex.printStackTrace();
		}
	}
}
4.0.04.x
Copied//Get instance of ShareRecordsOperations Class that takes moduleAPIName and recordId as parameter
$shareRecordsOperations = new ShareRecordsOperations( $recordId, $moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
$request = new BodyWrapper();
//List of ShareRecord instances
$shareList = array();
for($i = 0; $i < 1; $i++)
{
//Get instance of ShareRecord Class
$share1 = new ShareRecord();
// Set the record is shared with or without related records.
$share1->setShareRelatedRecords(true);
//Set the access permission given to the user for that record.
$share1->setPermission("read_write");
$user = new User();
$user->setId("34770615791024");
//Set the users details with whom the record is shared.
$share1->setUser($user);
array_push($shareList, $share1);
}
$share1 = new ShareRecord();
$share1->setShareRelatedRecords(true);
$share1->setPermission("read_write");
$user = new User();
$user->setId("34770615791024");
$share1->setUser($user);
array_push($shareList, $share1);
$request->setShare($shareList);
//Call getSharedRecordDetails method that takes paramInstance as parameter
$response = $shareRecordsOperations->shareRecord($request);
Copied<?php

class ShareRecords
{
    public function execute(){
        $curl_pointer = curl_init();
        
        $curl_options = array();
        $url = "https://www.zohoapis.com/crm/v2.1/Leads/3477061000007753001/actions/share";

        $curl_options[CURLOPT_URL] =$url;
        $curl_options[CURLOPT_RETURNTRANSFER] = true;
        $curl_options[CURLOPT_HEADER] = 1;
        $curl_options[CURLOPT_CUSTOMREQUEST] = "POST";
        $requestBody = array();
        $recordArray = array();
        $recordObject = array();
        $user = array();
        $user["id"]= "3477061000005791024";
        $recordObject["share_related_records"]=true;
        $recordObject["permission"]="full_access";
        $recordObject["user"]= $user;
        
        
        $recordArray[] = $recordObject;
        $requestBody["share"] =$recordArray;
        $curl_options[CURLOPT_POSTFIELDS]= json_encode($requestBody);
        $headersArray = array();
        
        $headersArray[] = "Authorization". ":" . "Zoho-oauthtoken " . "1000.30f3a589XXXXXXXXXXXXXXXXXXX4077.dc5XXXXXXXXXXXXXXXXXXXee9e7c171c";
        
        $curl_options[CURLOPT_HTTPHEADER]=$headersArray;
        
        curl_setopt_array($curl_pointer, $curl_options);
        
        $result = curl_exec($curl_pointer);
        $responseInfo = curl_getinfo($curl_pointer);
        curl_close($curl_pointer);
        list ($headers, $content) = explode("\r\n\r\n", $result, 2);
        if(strpos($headers," 100 Continue")!==false){
            list( $headers, $content) = explode( "\r\n\r\n", $content , 2);
        }
        $headerArray = (explode("\r\n", $headers, 50));
        $headerMap = array();
        foreach ($headerArray as $key) {
            if (strpos($key, ":") != false) {
                $firstHalf = substr($key, 0, strpos($key, ":"));
                $secondHalf = substr($key, strpos($key, ":") + 1);
                $headerMap[$firstHalf] = trim($secondHalf);
            }
        }
        $jsonResponse = json_decode($content, true);
        if ($jsonResponse == null && $responseInfo['http_code'] != 204) {
            list ($headers, $content) = explode("\r\n\r\n", $content, 2);
            $jsonResponse = json_decode($content, true);
        }
        var_dump($headerMap);
        var_dump($jsonResponse);
        var_dump($responseInfo['http_code']);
        
    }
    
}
(new ShareRecords())->execute();
3.0.08.x
Copied//Get instance of ShareRecordsOperations Class that takes recordId and moduleAPIName as parameter
ShareRecordsOperations shareRecordsOperations = new ShareRecordsOperations(recordId, moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
BodyWrapper request = new BodyWrapper();
//List of ShareRecord instances
List<ShareRecord> shareList = new List<ShareRecord>();
//Get instance of ShareRecord Class
ShareRecord share1 = new ShareRecord();
for(int i = 0; i < 9; i++)
{
    //Get instance of ShareRecord Class
    share1 = new ShareRecord();
    //Set the record is shared with or without related records.
    share1.ShareRelatedRecords = true;
    //Set the access permission given to the user for that record.
    share1.Permission = "read_write";
    User user1 = new User();
    user1.Id = 34770615791024;
    //Set the users details with whom the record is shared.
    share1.User = user1;
    shareList.Add(share1);
}
share1 = new ShareRecord();
share1.ShareRelatedRecords = true;
share1.Permission = "read_write";
User user = new User();
user.Id = 34770615791024;
share1.User = user;
shareList.Add(share1);
request.Share = shareList;
//Call ShareRecord method that takes BodyWrapper instance as parameter
APIResponse<ActionHandler> response = shareRecordsOperations.ShareRecord(request);
Copiedusing System;
using System.IO;
using System.Net;
using System.Text;
using Newtonsoft.Json.Linq;
namespace Com.Zoho.Crm.API.Sample.RestAPI.ShareRecords
{
    public class ShareRecords
    {
        public static void ShareRecord()
        {
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://www.zohoapis.com/crm/v2.1/Leads/34770617753001/actions/share");
            request.Method = "POST";
            request.Headers["Authorization"] = "Zoho-oauthtoken 1000.abfeXXXXXXXXXXX2asw.XXXXXXXXXXXXXXXXXXsdc2";
            JObject requestBody = new JObject();
            JArray recordArray = new JArray();
            JObject recordObject = new JObject();
            recordObject.Add("share_related_records", true);
            recordObject.Add("permission", "full_access");
            JObject user = new JObject();
            user.Add("id", "347706105791024");
            recordObject.Add("user", user);
            recordArray.Add(recordObject);
            recordObject = new JObject();
            recordObject.Add("share_related_records", true);
            recordObject.Add("permission", "read_only");
            user = new JObject();
            user.Add("id", "347706105791024");
            recordObject.Add("user", user);
            recordArray.Add(recordObject);
            requestBody.Add("share", recordArray);
            string dataString = requestBody.ToString();
            var data = Encoding.UTF8.GetBytes(dataString);
            int dataLength = data.Length;
            request.ContentLength = dataLength;
            using (var writer = request.GetRequestStream())
            {
                writer.Write(data, 0, dataLength);
            }
            request.KeepAlive = true;
            HttpWebResponse response;
            try
            {
                response = (HttpWebResponse)request.GetResponse();
            }
            catch (WebException e)
            {
                if (e.Response == null) { throw; }
                response = (HttpWebResponse)e.Response;
            }
            HttpWebResponse responseEntity = response;
            Console.WriteLine("HTTP Status Code : " + (int)response.StatusCode);
            string responsestring = new StreamReader(responseEntity.GetResponseStream()).ReadToEnd();
            responseEntity.Close();
            Console.WriteLine(responsestring);
        }
    }
}
3.0.03.x.x
Copied# Get instance of ShareRecordsOperations Class that takes module_api_name and record_id as parameter
shared_records_operations = ShareRecordsOperations(record_id, module_api_name)
# Get instance of BodyWrapper Class that will contain the request body
request = BodyWrapper()
# List to hold ShareRecord instances
share_record_list = []
# Get instance of ShareRecord Class
share_record = ZCRMShareRecord()
# Set boolean value to share related records
share_record.set_share_related_records(True)
# Set the permission. Possible values - full_access, read_only, read_write
share_record.set_permission('read_write')
# Get instance of User Class
user = User()
# Set User ID
user.set_id(3409643000000302031)
# Set the User instance to user
share_record.set_user(user)
# Add the instance to list
share_record_list.append(share_record)
# Set the list to share of BodyWrapper instance
request.set_share(share_record_list)
# Call share_record method that takes BodyWrapper instance as parameter
response = shared_records_operations.share_record(request)
Copieddef share_records():
    import requests
    import json

    url = 'https://www.zohoapis.com/crm/v2.1/Contacts/3409643000002277005/actions/share'

    headers = {
        'Authorization': 'Zoho-oauthtoken 1000.04be928e4a96XXXXXXXXXXXXX68.0b9eXXXXXXXXXXXX60396e268',
    }

    request_body= dict()
    record_list = list()

    record_object_1 = {
        'share_related_records': 'true',
        'permission': 'full_access',
        'user': {
            'id': '3409643000000174021'
        }
    }

    record_object_2 = {
        'share_related_records': 'true',
        'permission': 'read_only',
        'user': {
            'id': '3409643000000302001'
        }
    }

    record_list.append(record_object_1)
    record_list.append(record_object_2)

    request_body['share'] = record_list

    response = requests.post(url=url, headers=headers, data=json.dumps(request_body).encode('utf-8'))

    if response is not None:
        print("HTTP Status Code : " + str(response.status_code))

        print(response.json())

share_records()
1.0.010.x
Copied//Get instance of ShareRecordsOperations Class that takes moduleAPIName and recordId as parameter
let sharedRecordsOperations = new ShareRecordsOperations(recordId, moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
let request = new BodyWrapper();
//Array to hold ShareRecord instances
let shareRecordArray = [];
//Get instance of ShareRecord Class
let shareRecord = new ShareRecord();
//Set boolean value to share related records
shareRecord.setShareRelatedRecords(false);
//Set the permission. Possible values - full_access, read_only, read_write
shareRecord.setPermission("read_write");
//Get instance of User Class
let user = new User();
//Set User ID
user.setId(3409643000000302031n);
//Set the User instance to user
shareRecord.setUser(user);
//Add the instance to array
shareRecordArray.push(shareRecord);
//Set the array to share of BodyWrapper instance
request.setShare(shareRecordArray);
//Call shareRecord method that takes BodyWrapper instance as parameter
let response = await sharedRecordsOperations.shareRecord(request);
Copiedasync function shareRecords() {
    const got = require("got");

    let url = 'https://www.zohoapis.com/crm/v2.1/Contacts/3409643000002277005/actions/share'

    let headers = {
        Authorization : "Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
    }

    let requestBody = {}
    let recordArray = []

    let recordObject1 = {
        'share_related_records': true,
        'permission': 'full_access',
        'user': {
            'id': '3409643000000174021'
        }
    }

    let recordObject2 = {
        'share_related_records': true,
        'permission': 'read_only',
        'user': {
            'id': '3409643000000302001'
        }
    }

    recordArray.push(recordObject1)
    recordArray.push(recordObject2)

    requestBody['share'] = recordArray

    let requestDetails = {
        method : "POST",
        headers : headers,
        body : JSON.stringify(requestBody),
        encoding: "utf8",
        throwHttpErrors : false
    };
    
    let response = await got(url, requestDetails)
    
    if(response != null) {
        console.log(response.statusCode);
        console.log(response.body);
    }
}
shareRecords()
2.1.0
Copied# List to hold ShareRecord instances
share_records = []
# Get instance of ShareRecordsOperations Class that takes module_api_name and record_id as parameter
sro = ShareRecords::ShareRecordsOperations.new(record_id, module_api_name)
# Get instance of BodyWrapper Class that will contain the request body
bw = ShareRecords::BodyWrapper.new
# Get instance of User Class
user = Users::User.new
# Set User ID
user.id = 3_524_033_000_000_191_017
(0..1).each do |i|
  # Get instance of ShareRecord Class
  share_record = ShareRecords::ShareRecord.new
  # Set boolean value to share related records
  share_record.share_related_records = true
  # Set the permission. Possible values - full_access, read_only, read_write
  share_record.permission = 'read_write'
  # Set the User instance to user
  share_record.user = user
  # Add the instance to list
  share_records.push(share_record)
end
# Set the list to share of BodyWrapper instance
bw.share = share_records
# Call share_record method that takes BodyWrapper instance as parameter
response = sro.share_record(bw)
Copiedrequire 'net/http'
require 'json'

class ShareRecords
    def execute
       
        url ="https://www.zohoapis.com/crm/v2.1/Leads/3477061000005623115/actions/share"
        url = URI(url)
        req = Net::HTTP::Post.new(url.request_uri)
        http = Net::HTTP.new(url.host, url.port)
        http.use_ssl = true
        headers={}
        headers["Authorization"]="Zoho-oauthtoken 1000.dfa7XXXXXXXXXXXXXXXXXX84f9665840.c176aeXXXXXXXXXXXX13f3d37a84d"
        headers&.each { |key, value| req.add_field(key, value) }
       
        request_body = {}
        record_array = []
        record_object = {}
        user = {}
        user["id"]= "3477061000005791024"
        record_object["share_related_records"]=true
        record_object["permission"]="full_access"
        record_object["user"]= user
        record_array = [record_object]
        request_body["share"] =record_array;
        request_json = request_body.to_json
        req.body = request_json.to_s
        response=http.request(req)
        status_code = response.code.to_i
        headers = response.each_header.to_h
        print status_code
        print headers
        unless response.body.nil?
            print  response.body
        end
    end
end

ShareRecords.new.execute
Copieduser1 = Map();
user1.put("user", {"id":"4150868000001174048"});
user1.put("share_related_records", true);
user1.put("permission", "full_access");

user2 = Map();
user2.put("user", {"id":"4150868000001199001"});
user2.put("share_related_records", true);
user2.put("permission", "read_only");

usersList = List();
usersList.add(user1);
usersList.add(user2);

params = Map();
params.put("share", usersList);

response = invokeurl
[
	url :"https://www.zohoapis.com/crm/v2.1/Leads/692969000000981055/actions/share"
	type :POST
	parameters: params.toString()
	connection:"crm_oauth_connection"
];
info response;

In the request, "@input.json" contains the sample input data.

Request JSON

  • shareJSON array, mandatory

    The JSON object represents the set of users with whom you want to share the record. Each object in the array represents a user.

share Properties

  • userJSON object, mandatory

    Represents the ID of the user with whom you want to share the record.

  • share_related_recordsboolean, optional

    Represents if you want to share the related records also with the user.
    Possible values:
    true - share related records along with the record.
    false - Do not share related records. This is the default value.

  • permissionstring, optional

    Represents the access permission you want to give the user for that record.
    Possible values:
    full_access- Allow the user full access to the record. This is the default value.
    read_only - Allow the user to only view the record.
    read_write - Allow the user to view and edit the record.

Sample Input

Copied{
  "share": [
    {
      "user": {
        "id": "4150868000001174048"
      },
      "share_related_records": true,
      "permission": "full_access"
    },
    {
      "user": {
        "id": "4150868000001199001"
      },
      "share_related_records": true,
      "permission": "read_only"
    }
  ]
}

Possible Errors

  • OAUTH_SCOPE_MISMATCHHTTP 401

    invalid oauth scope to access this URL
    Resolution: The client does not have the scope to ZohoCRM.share.{module_name}.CREATE
    (or)
    The module name given in the URL is either Events, Calls, Tasks or any Linking module.
    (or)
    The module name given in the URL is invalid.

  • INVALID_URL_PATTERNHTTP 404

    Please check if the URL trying to access is a correct one.
    Resolution: The URL given has syntactical errors.

  • INVALID_DATAHTTP 403

    ENTITY_ID_INVALID
    Resolution: The record ID given in the URL is either invalid
    (or)
    does not belong to the module mentioned.

  • INVALID_DATAHTTP 200

    Permission is invalid
    Resolution: The value given in permission is not one of: full_access, read_only, or read_write.
    (or)
    The user does not have permission to access that particular module.

  • INVALID_DATAHTTP 200

    record is already visible to the user.
    Resolution: The record is already accessible to the user. You can share the record only if the user cannot access it.

  • SHARE_LIMIT_EXCEEDEDHTTP 403

    Cannot share a record to more than 10 users.
    Resolution: The record you are trying to share has already been shared with 10 users.

  • NO_PERMISSIONHTTP 403

    Permission denied to share records
    Resolution: The user does not have permission to share a record with other users in the organization. Contact your system administrator.

  • INTERNAL_ERRORHTTP 500

    Internal Server Error
    Resolution: Unexpected and unhandled exception in Server. Contact support team.

  • INVALID_REQUEST_METHODHTTP 400

    The http request method type is not a valid one
    Resolution: You have specified an invalid HTTP method to access the API URL. Specify a valid request method. Refer to endpoints section above.

  • AUTHORIZATION_FAILEDHTTP 400

    User does not have sufficient privilege to share records
    Resolution: The user does not have the permission to share a record with other users in the organization. Contact your system administrator.

  • INVALID_MODULEHTTP 400

    The module name given seems to be invalid
    Resolution: You have specified an invalid module name or there is no tab permission, or the module could have been removed from the available modules. Specify a valid module API name.

  • INVALID_MODULEHTTP 400

    The given module is not supported in API
    Resolution: The modules such as Documents and Projects are not supported in the current API. (This error will not be shown, once these modules are been supported). Specify a valid module API name.

  • INVALID_DATAHTTP 400

    cannot share to the user
    Resolution: The record you are trying to share is already visible to the user.

Sample Response

Copied{
    "share": [
        {
            "code": "SUCCESS",
            "details": {},
            "message": "record will be shared successfully",
            "status": "success"
        },
        {
            "code": "SUCCESS",
            "details": {},
            "message": "record will be shared successfully",
            "status": "success"
        }
    ]
}