Using Authentication Token

To use the API, you'll require the Authentication Token from your CRM account. The authentication token should be passed in the request header for every API request. Please make sure that you have the permission to access the API service. If you do not have permission, please contact your CRM Administrator.

 Generate Auth Token

To generate the Auth Token, you need to send an authentication request to the Vertical CRM Accounts using the URL format shown below. Make sure that you are a confirmed user, else while generating the Auth Token the you might receive an error - "ACCOUNT_REGISTRATION_NOT_CONFIRMED".

URL Format

API Mode:

http://<APPDOMAIN>/crm/apiauthtoken.do?EMAIL_ID=[Username/EmailID]&PASSWORD=[Password]

APPDOMAIN is the the application URL that you provide at the time of creation of your application. If you have mapped your custom domain to your application, you can still use this application URL and it will automatically be mapped to your domain. If the EMAIL_ID and PASSWORD contain special characters, then they should be encoded.

For example : If "pharmahub.zohoplatform.com" is your application's URL, the the API format will be

http://pharmahub.zohoplatform.com/crm/apiauthtoken.do?EMAIL_ID=[Username/EmailID]&PASSWORD=[Password]

You will the get the required token as response as shown below.

 Sample Response

#
#Wed Feb 29 03:07:33 PST 2012
AUTHTOKEN=1000397765.1000414544.ca1f9949f637a8e667e35bd3654bf82e0c70975ee47349dc57aa7967b151a11a9ea419459381cd82e5757e644904df3315a6a729d528538df406f598c9e4f7f2
RESULT=TRUE

Important

  • The Auth Token can be used in all your API calls. You can also see the URL format under Setup > Developer Space > Vertical CRM API.
  • User Auth Token must be kept confidential.
  • Do NOT expose your Auth Token anywhere in public forums, public repositories or on your website's client side code like HTML or JavaScript.
  • Exposing it to public may lead to data theft, loss or corruption.

 API Request Format

Every API calls made to the application requires the authtoken passed in the request header.

Sample Code snippet for passing authtoken in request header is shown below:

 Code Snippet

Java

Using Apache HTTPClient. 

DefaultHttpClient httpclient = new DefaultHttpClient();

String url = "http://localhost";

HttpPost httpPost = new HttpPost(url); 

httpPost.addHeader("Authorization" , "<Generated Auth Token>");

HttpResponse response = httpclient.execute(httpPost);

VB .NET

HttpWebRequest req= HttpWebRequest.Create("myURL");

req.Headers.Add("Authorization", "<Generated Auth Token>");

 Example

Here's an example to fetch records:

https://<APPDOMAIN>/crm/private/xml/Leads/getRecords?

Header:

Authorization=1000397765.1000414544.ca1f9949f637a8e667e35bd3654bf82e0c70975ee47349dc57aa7967b151a11a9ea419459381cd82e5757e644904df3315a6a729d528538df406f598c9e4f7f2

 Manage Auth Tokens

You can delete the Auth Token generated for your account (See Generate Auth Token  section), and call the below URL.

http://<APPDOMAIN>/crm/deleteapiauthtoken.do?crmauthtoken=<Your AuthToken>

Note:

  • Removing an Auth Token will delete the token permanently.
  • If you regenerate the Auth Token, update your program with the new token.

Points to Remember

      • The Auth Token is user-specific and is a permanent token.
      • On deletion, the existing token will be deleted permanently. The new token has to be replaced in all API calls.
      • The Auth Token of a user's account will become invalid if the user is deactivated.
      • In case, your application requires more than the upper limit, your additional API requests will not be processed. To avoid data transfer issues, please assess your API requirements well in advance. If you need any help, please contact our Support at support@zohoplatform.com