OAuth 2.0 Token
Zoho Apptics REST API supports the OAuth 2.0 protocol to authorize and authenticate API requests. OAuth 2.0 is the standard authentication protocol that allows third-party application developers to allow their users to securely access and use the server resources. Each API request must include an OAuthToken to retrieve any resource from Zoho Apptics portal. Ensure that you have permission to access the API service. If not, please contact support@zohoapptics.com.
Obtaining the OAuthToken
Register your app in Zoho developer console.
- Navigate to the Zoho developer console.
- In the API credentials page, click on add client ID to create a new client ID and client secret.
- Provide the client name, client domain and the authorized redirect URIs. (The redirect URI is the callback entry point of the app and is different from the entry point of the app.)
- You will get a set of OAuth 2.0 details with the client ID and client secret shared only between Zoho and the application.
Request URL
https://accounts.zoho.com/oauth/v2/auth
The request URL will change based on the data center your are accessing.
Data center | Request URL |
|---|---|
EU | accounts.zoho.eu |
IN | accounts.zoho.in |
AU | accounts.zoho.com.au |
CN | accounts.zoho.com.cn |
JP | accounts.zoho.jp |
Query params
Copied?response_type=code
&client_id=1000.R2Z0WWOLFVMR287126QED3B4JWQ5EN
&scope=JProxy.jmobileapi.ALL
&redirect_uri=https://apptics.zoho.com/token
&state=-5466400890088961855Obtain the Authorization Grant
Obtain an authorization grant by invoking the authorization URL, that contains the parameters listed in the table below.
| Parameter | Description |
|---|---|
| client_id | client ID is generated after registering the client. |
| response_type | "code" |
| redirect_url | redirect URL mentioned while registering the client. |
| scope | various scopes associated with Zoho Apptics. |
| access_type | "offline/online". In cases where refresh tokens can't be stored, use online access_type. The default will be online. |
| state | an opaque value used by the client to maintain state between request and callback. |
After you invoke the authorization URL, a "user-consent" page opens. Once the user accepts, a GET request will be made to the redirect_url with the authorization code appended in the query param.
Obtain the access token
Invoke a URL in the following format to exchange the authorization code (that you got in the previous step) with an OAuth Token.
| Parameter | Description |
|---|---|
| code | authorization code obtained after generating the grant token |
| client_id | client ID is obtained after registering the client |
| client_secret | client secret is obtained after registering the client |
| scope | specify the scope allowed for Zoho Apptics |
| grant_type | "authorization_code" |
| redirect_url | redirect URL is mentioned while registering the client |
| state | state is an opaque value used by the client to maintain state between the request and callback. Has to be maintained the same during the entire process for authenticity |
After invoking the URL, you will be presented with an access token, which you must include in all API calls.
Request URL
https://accounts.zoho.com/oauth/v2/token
Query params
Copied?code=1000.fadbca4c2be2f08b0ce82a54f4313.ba5325853af6f12a0f160
&grant_type=authorization_code
&client_id=1000.R2Z0WWOLFVMR287126QED3B4JWQ5EN
&client_secret=39c689de68c712fa5f1f06c3b1319ab98f59fa921b
&redirect_uri=https://apptics.zoho.com/token
&scope=JProxy.jmobileapi.ALLResponse example
Copied{
"access_token": "1000.67013ab3960787bcf3affae67e649fc0.83a789c859e040bf11e7d05f9c8b5ef6",
"refresh_token": "1000.aed4288cd9cfb2d63d093faef1b98890.2f4aa58ddadbec9fbbfd683805da839b",
"expires_in_sec": 3600,
"token_type": "Bearer",
"expires_in": 3600000
}Generating access token from a refresh token
Access tokens generally expire in one hour. You will have to generate a new access token to keep the process going. You can eliminate the need to perform the entire procedure to generate access tokens, by using refresh tokens. Once the access token expires, the refresh token can be obtained only when access_type is set to offline while creating the access token.
Request URL
https://accounts.zoho.com/oauth/v2/token
Query params
Copied?refresh_token=1000.dd7e67013ab396012e3d6eb1a9bc08.40bf11e7d0a1781ffec859e
&client_id=1000.R2Z0WWOLFVMR287126QED3B4JWQ5EN
&client_secret=39c689de68c712fa5f1f06c3b1319ab98f59fa921b
&scope=JProxy.jmobileapi.ALL
&redirect_uri=https://apptics.zoho.com/token
&grant_type=refresh_tokenResponse example
Copied{
"access_token": "1000.2d4437b4f862641d76dedac5f95a3f8a.fac6eb7129da540de1d53b06562e744d",
"expires_in_sec": 3600,
"token_type": "Bearer",
"expires_in": 3600000
}Using OAuth in API calls
To invoke Zoho Apptics APIs, pass the access token in the authorization parameter in the header, as shown in the example.
Request URL
https://apptics.zoho.com/cx/api/v1/crash/list
Authorization - Bearer or Zoho-oauthtoken<space><accesstoken>
ZAK - Key from Apptics config file (refer to Getting started page)
Request body (JSON object)
| Parameter | Data type | Allowed values | Description |
|---|---|---|---|
| startdate | string | date | dd-MM-yyyy |
| enddate | string | date | dd-MM-yyyy |
| platform* | string | iOS/Android/Windows/tvOS/watchOS/macOS | max - 5 |
| appversion | string | max - 10 | |
| mode | integer | 0,1 | 0 - dev, 1 - prod |
| offset | integer | ||
| limit | integer | ||
| application | string |
Sample response
Copied[{
"AppVersion": "DDP_00_1",
"Status": 0,
"DevicesCount": "15",
"OS": "iOS",
"CrashCount": "18",
"UsersCount": "15",
"UniqueMessageID": "51000286158323",
"PID": 54000000018013,
"AppVersionID": 51000284487014,
"Exception": "last_function"
}, {
"AppVersion": "1.0",
"Status": 0,
"DevicesCount": "2",
"OS": "Android",
"CrashCount": "11",
"UsersCount": "1",
"UniqueMessageID": "51000286065031",
"PID": 54000000018015,
"AppVersionID": 51000286075296,
"Exception": "java.lang.reflect.InvocationTargetException"
OAuth Scopes
The various scopes accessible using Zoho Apptics APIs are as follows:
| Scope | Description |
|---|---|
| JProxy.jmobileapi.ALL | Used to access all mobile and CX APIs |
| JProxy.Analytics.ALL | Used to access analytics stats (engagement and audience) |
| JProxy.Growth.ALL | Used to access in-app updates, in-app ratings, and remote config APIs |
| JProxy.Quality.ALL | Used to access fatal, non-fatal, remote log, and in-app feedback APIs |
| JProxy.Settings.ALL | Used to manage portal, project, applications, and user APIs |
| JProxy.Integrations.ALL | Used to access integration APIs |