Developer API Help

Using Authentication Token

The Zoho CRM API is available in all editions of Zoho CRM. To use the API, you'll require the Zoho CRM Authentication Token from your CRM account. Please make sure that you have the permission to access the API service. If you do not have permission, please contact your CRM administrator.

Generate Auth Token

To generate the Auth Token, you need to send an authentication request to Zoho Accounts using the URL format below. Make sure that you are a confirmed user, else while generating the Auth Token the you might receive an error - "ACCOUNT_REGISTRATION_NOT_CONFIRMED".

URL Format

API Mode:

To generate Auth Token in API mode, do the following:

  1. Log in to Zoho CRM.
  2. Open
  3. In the Zoho Accounts Home page, click Two Factor Authentication.
  4. In the Two Factor Authentication page, click on the Manage Application Specific Passwords.
  5. In the Application Specific Passwords pop-up, do the following:
    1. Enter the Device or App Name
    2. Enter the current password
    3. Click Generate. You will receive the new application-specific password with spaces.
  6. Remove the spaces in password and include in the following API mode URL to generate the Auth Token.[Username/EmailID]&PASSWORD=[Password]&DISPLAY_NAME=[ApplicationName]

Parameters to be passed along with this URL are:

Parameter Description
EMAIL_ID Specify your Zoho CRM Username or Email ID
scope Specify the value as ZohoCRM/crmapi
PASSWORD Specify your Zoho CRM Password
DISPLAY_NAME Specify the Application Name that describes the purpose of using this AuthToken. For example, "MailChimp" or "Google Apps"

For more information, please refer Two factor Authentication help page.

Browser Mode:

To generate Auth Token in browser mode, do the following:

  1. Log in to Zoho CRM.
  2. Go to Setup > Developer Space > CRM API.
  3. Now enter your Application Name (for example, "MailChimp") for which you want to generate Auth Token.
    Note: Application Name is required to easily identify the purpose of generating the Auth Token. It is used to differentiate Auth Token generation accross different applications.


  • User Auth Token must be kept confidential.
  • Do NOT expose your Auth Token anywhere in public forums, public repositories or on your website's client side code like HTML or JavaScript.
  • Exposing it to public may lead to data theft, loss or corruption.

Sample Response

#Wed Feb 29 03:07:33 PST 2012


  • The Auth Token can be used in all your API calls. You can also see the URL format under Setup > Developer Space > CRM API.
  • You need to be logged into your CRM account to use the Browser Mode.


Here's an example to fetch records:

Manage Auth Tokens

You can view, delete and regenerate the Auth Token generated for your account from the 'My Zoho Account' Page.

      1. Log in to Zoho CRM
      2. Open [Username] > My Zoho Account
      3. In the My Zoho Account page, click Settings > Active Authtokens
        In this page, you can also Remove or Regenerate Auth Tokens.


  • Removing an Auth Token will delete the token permanently.
  • If you regenerate Auth Token, update your program with the new token.

Points to Remember

      • The Auth Token is user-specific and is a permanent token.
      • On deletion, the existing token will be deleted permanently. The new token has to be replaced in all API calls.
      • The Auth Token of a user's account will become invalid if the user is deactivated.
      • We notify CRM users (Users who generated the Auth Token) if your organization exceeds the API limit.
      • In case, your application requires more than the upper limit, your additional API requests will not be processed. To avoid data transfer issues, please assess your API requirements well in advance. If you need any help, please contact our Support at