Authentication
All Zoho Meeting APIs need to be authenticated using an OAuth token.
OAuth 2.0 is an open authorization protocol that grants third-party applications limited access to user accounts on an HTTP service. The authentication and authorization process is facilitated only between the end-user and the HTTP service. Zoho APIs use OAuth 2.0 to provide dependable security for your application data. OAuth 2.0 delegates authorization and authentication for web and desktop applications, as well as mobile devices.
You can obtain an OAuth token by following these steps:
1. Register your application
Before integrating Zoho APIs with your application using OAuth, you must register your application with Zoho. The Client ID is used by Zoho to verify the identity of the application and has public visibility.
2. Get An Authorization Grant
URL: https://accounts.zoho.com/oauth/v2/auth
Method: GET Params:
- scope=Scopes for which token to be generated Eg : ZohoMeeting.meeting.READ,ZohoMeeting.meeting.CREATE
- client_id=The client ID of the integrating app
- response_type=code
- redirect_uri= https://app.example.com/oauth (Redirect URL given during registration)
- access_type=offline (The allowed values are offline and online)
- state=opaque string that will be returned in redirect url
- prompt=consent (Used to generate refresh token everytime)
Note: access_type=offline will give the refresh token along with the access token for the first time you use it. Adding prompt=consent prompts for user consent each time your app tries to access user credentials. Thus, adding both access_type=offline and prompt=consent will give a refresh token along with the access token every time. The best practice is to save the refresh token once generated and use it every time when needed.
Available Scopes:
Scopes | Scope operations available |
---|---|
manageOrg | ZohoMeeting.manageOrg.READ |
meeting | ZohoMeeting.meeting.UPDATE, ZohoMeeting.meeting.READ, ZohoMeeting.meeting.CREATE, ZohoMeeting.meeting.DELETE |
webinar | ZohoMeeting.webinar.UPDATE, ZohoMeeting.webinar.READ, ZohoMeeting.webinar.CREATE, ZohoMeeting.webinar.DELETE |
Actions under each scope:
User Details
- Get User Details API
Meeting API
- Get Meeting Details
- Create Meeting
- Edit Meeting
- Delete Meeting
Webinar API
- Get Webinar Details
- Create Webinar
- Edit Webinar
- Delete Webinar
Sample Response
CopiedOn calling the API, it will redirect to the url given with the authorization grant appended to it like below:
https://app.example.com/oauth?state=tempstate&code=1000.47b8fa1a1676bda5da938decdf0cf0d6.d3f48797707de05fcac81d135dc7b6c0
3. Get An Access Token
After getting the authorization grant, post it to the below API to get the access token and the refresh token.
URL: https://accounts.zoho.com/oauth/v2/token
Method : POST
Params:
- code=<Code obtained in the above step>
- client_id=<The client ID of the integrating app>
- client_secret=<Obtained during Client Registration>
- redirect_uri=<Same URI that was used in the above step>
- grant_type=authorization_code
Note: expires_in parameter in response contains expiry time of access_token in milliseconds.
Sample Response
Copied{
"access_token": "1000.c656b09869cfef3be0ca145e44143fa9.a11f43090a54d71dc0797ec92bf34b9e",
"refresh_token": "1000.4038qw5a8a5af1234ce920a45sx388a6.a450db33ca9e80701b1a23c8fe98e62e",
"expires_in_sec": 3600,
"api_domain": "https://www.zohoapis.com",
"token_type": "Bearer",
"expires_in": 3600000
}
Regenerating The Access Token With The Refresh Token
Once the access token has expired, it can be regenerated from the refresh token by making a POST call to the API given below.
URL: https://accounts.zoho.com/oauth/v2/token
Params:
- refresh_token=<Refresh Token obtained in the above step>
- client_id=<The client ID of the integrating app>
- client_secret=<Obtained during Client Registration>
- redirect_uri=<Same URI that was used in the above step>
- grant_type=refresh_token
Sample Response
Copied{
"access_token": "1000.e896b09869afef6be0ca145e44143fa9.a78f43090a54d71dc0797ec92bg44b9e",
"expires_in_sec": 3600,
"api_domain": "https://www.zohoapis.com",
"token_type": "Bearer",
"expires_in": 3600000
}
Revoking A Refresh Token
A refresh token can be revoked by calling the API given below.
URL: https://accounts.zoho.com/oauth/v2/token
Params: token = <Refresh token>
Note: The Refresh Token will always be generated by the prompt=consent. The maximum number of Refresh Tokens is 20. Once the limit is reached, the first Refresh Token generated will be deleted.
Sample Response
Copied {"status":"success"}