Authentication

All Zoho Meeting APIs need to be authenticated using an OAuth token.

OAuth 2.0 is an open authorization protocol that grants third-party applications limited access to user accounts on an HTTP service. The authentication and authorization process is facilitated only between the end-user and the HTTP service. Zoho APIs use OAuth 2.0 to provide dependable security for your application data. OAuth 2.0 delegates authorization and authentication for web and desktop applications, as well as mobile devices.

You can obtain an OAuth token by following these steps:

  1. Register your application
  2. Get an authorization grant
  3. Get an access token

1. Register your application

Before integrating Zoho APIs with your application using OAuth, you must register your application with Zoho. The Client ID is used by Zoho to verify the identity of the application and has public visibility.

 

2. Get An Authorization Grant

URL: https://accounts.zoho.com/oauth/v2/auth

Method: GET

Params:
  • scope=Scopes for which token to be generated Eg : ZohoMeeting.meeting.READ,ZohoMeeting.meeting.CREATE
  • client_id=The client ID of the integrating app
  • response_type=code
  • redirect_uri= https://app.example.com/oauth (Redirect URL given during registration)
  • access_type=offline (The allowed values are offline and online)
  • state=opaque string that will be returned in redirect url
  • prompt=consent (Used to generate refresh token everytime)

Note: access_type=offline will give the refresh token along with the access token for the first time you use it. Adding prompt=consent prompts for user consent each time your app tries to access user credentials. Thus, adding both access_type=offline and prompt=consent will give a refresh token along with the access token every time. The best practice is to save the refresh token once generated and use it every time when needed.

 

Available Scopes:

ScopesScope operations available
manageOrgZohoMeeting.manageOrg.READ
meetingZohoMeeting.meeting.UPDATE, ZohoMeeting.meeting.READ, ZohoMeeting.meeting.CREATE, ZohoMeeting.meeting.DELETE
webinarZohoMeeting.webinar.UPDATE, ZohoMeeting.webinar.READ, ZohoMeeting.webinar.CREATE, ZohoMeeting.webinar.DELETE

Actions under each scope:

User Details

  • Get User Details API

Meeting API

  • Get Meeting Details
  • Create Meeting
  • Edit Meeting
  • Delete Meeting

Webinar API

  • Get Webinar Details
  • Create Webinar
  • Edit Webinar
  • Delete Webinar

Sample Response

CopiedOn calling the API, it will redirect to the url given with the authorization grant appended to it like below:

https://app.example.com/oauth?state=tempstate&code=1000.47b8fa1a1676bda5da938decdf0cf0d6.d3f48797707de05fcac81d135dc7b6c0

 

3. Get An Access Token

After getting the authorization grant, post it to the below API to get the access token and the refresh token.

URL: https://accounts.zoho.com/oauth/v2/token

Method : POST

Params:

  • code=<Code obtained in the above step>
  • client_id=<The client ID of the integrating app>
  • client_secret=<Obtained during Client Registration>
  • redirect_uri=<Same URI that was used in the above step>
  • grant_type=authorization_code

Note: expires_in parameter in response contains expiry time of access_token in milliseconds.

Sample Response

Copied{
    "access_token": "1000.c656b09869cfef3be0ca145e44143fa9.a11f43090a54d71dc0797ec92bf34b9e",
    "refresh_token": "1000.4038qw5a8a5af1234ce920a45sx388a6.a450db33ca9e80701b1a23c8fe98e62e",
    "expires_in_sec": 3600,
    "api_domain": "https://www.zohoapis.com",
    "token_type": "Bearer",
    "expires_in": 3600000
  }

 

Regenerating The Access Token With The Refresh Token

Once the access token has expired, it can be regenerated from the refresh token by making a POST call to the API given below.

URL: https://accounts.zoho.com/oauth/v2/token

Params:

  • refresh_token=<Refresh Token obtained in the above step>
  • client_id=<The client ID of the integrating app>
  • client_secret=<Obtained during Client Registration>
  • redirect_uri=<Same URI that was used in the above step>
  • grant_type=refresh_token

Sample Response

Copied{
    "access_token": "1000.e896b09869afef6be0ca145e44143fa9.a78f43090a54d71dc0797ec92bg44b9e",
    "expires_in_sec": 3600,
    "api_domain": "https://www.zohoapis.com",
    "token_type": "Bearer",
    "expires_in": 3600000
  }

 

Revoking A Refresh Token

A refresh token can be revoked by calling the API given below.

URL: https://accounts.zoho.com/oauth/v2/token

Params: token = <Refresh token>

Note: The Refresh Token will always be generated by the prompt=consent. The maximum number of Refresh Tokens is 20. Once the limit is reached, the first Refresh Token generated will be deleted.

Sample Response

Copied {"status":"success"}