Creating a Custom OAuth App
Zoho Projects uses the OAuth authentication standard, which requires the authenticating user to interact with Zoho Projects via the browser. The driver facilitates the OAuth exchange in various ways as described below.
Registering an OAuth Application
Before you get started with authorization and make any calls to the Zoho CRM API, you need to register your application with Zoho CRM. You can follow the procedure below to obtain the OAuthClientId, OAuthClientSecret, and CallbackURL connection properties.
- Navigate to the Zoho Developer Console.
- Click Add Client, then Server-Based Application.
- Enter the client name, homepage URL, and redirect URL.
-
If you are connecting from a desktop application, set the callback URL to http://localhost:33333, or another port number of your choice.
If you are connecting from a Web application, set the callback URL you want to be used as a trusted redirect URL, where the user will return with the token that verifies that they have granted your app access.
- Click Create.
Authenticate to Zoho Projects from a Desktop Application
After setting the following connection properties, you are ready to connect:
- InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.
- OAuthClientId: Set this to the client Id you defined for your OAuth app.
- OAuthClientSecret: Set this to the client secret you defined for your OAuth app.
- CallbackURL: Set this to the callback URL you defined for your OAuth app.
- Extracts the access token from the callback URL and authenticates requests.
- Obtains a new access token when the old one expires.
- Saves OAuth values in OAuthSettingsLocation to be persisted across connections.
Authenticate to Zoho Projects from a Web Application
Follow the steps below to get and manage the OAuth token values in the Web flow.
Get an Access Token
Set the following connection properties to obtain the OAuthAccessToken:
- OAuthClientId: Set this to the Client Id in your app settings.
- OAuthClientSecret: Set this to the Client Secret in your app settings.
You can then call stored procedures to complete the OAuth exchange:
- Call the GetOAuthAuthorizationURL stored procedure. Set the AuthMode input to WEB and set the CallbackURL input to the Redirect URI you specified in your app settings. The stored procedure returns the URL to the OAuth endpoint.
- Log in and authorize the application. You are redirected back to the callback URL.
- Call the GetOAuthAccessToken stored procedure. Set the AuthMode input to WEB. Set the Verifier input to the "code" parameter in the query string of the callback URL.
Connect to Data and Refresh the Token
The OAuthAccessToken returned by GetOAuthAccessToken has a limited lifetime. To automatically refresh the token, set the following on the first data connection. Alternatively, use the RefreshOAuthAccessToken stored procedure to manually refresh the token.
- InitiateOAuth: Set this to REFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
- OAuthSettingsLocation: Set this to the path where the driver will save the OAuth values, to be persisted across connections.
- OAuthClientId: Set this to the Client Id in your app settings.
- OAuthClientSecret: Set this to the Client Secret in your app settings.
- OAuthRefreshToken: Set this to the refresh token returned by GetOAuthAccessToken.
- OAuthAccessToken: Set this to the access token returned by GetOAuthAccessToken.
On subsequent data connections, set the following:
- InitiateOAuth
- OAuthSettingsLocation