OAuth 2.0 Flow

Terminology

Chabad Unity CRM’s Portal ID: 10023122998

API Console URLs:

https://crm.chabad.comeunity.me/accounts/console/user/10023122998

Create Client in API Console

Log in to your Chabad Unity CRM: https://crm.chabad.comeunity.me/console/signin.perform
Go to Settings > APIs > Click on the ? > API Console
Alternatively, Go to: https://crm.chabad.comeunity.me/accounts/console/user/10023122998
Add a Server Based Client
Client Name Is the name you will see in the API Usage dashboard.
Homepage URL is not Important
Authorized Redirect URIs are the URLs that you use to redirect to after authorizing the Connection.
If you use Postman, it is preferred to use: https://oauth.pstmn.io/v1/callback

Chabad Unity CRM - OAuth 2.0 Flow

Server-based Applications

1. Generating Grant Token (Auth Token URL)

METHOD: GET

URL: http://accounts.zohoportal.com/clientoauth/v2/10023122998/auth

PARAMS:

scope = scope For which token to be generated
The commonly used scopes are: ZohoCRM.modules.ALL,ZohoCRM.settings.ALL,ZohoCRM.users.ALL,ZohoCRM.org.ALL
client_id = Client ID, Obtained during Client Registration in API Console
response_type = code
redirect_uri = callback url which is registered in API console
access_type = offline/online

On successful Authorization, we will redirect to the above redirect_uri with code and state param. The generated code is only valid for 2 minutes and can only be invoked once. In all other cases we will be throwing the invalid_code exception.

2. Generate Access and Refresh Token (Access Token URL)

METHOD: POST

URL: https://accounts.zohoportal.com/clientoauth/v2/10023122998/token

PARAMS:

code = Obtained in the above step
client_id = Client ID, Obtained during Client Registration in API Console
client_secret = Client Secret, Obtained during Client Registration in API Console
grant_type = authorization_code

The code generated will be of one time use. Once a request is made with the code, it will be deleted.

Attention!

The URL was changed from http to https only for the Access Token.

If you encounter any issues with previously working oAuth2.0 code, first try to change the URL prefix.

3. Generate Access Token From Refresh Token

METHOD: POST

URL: https://accounts.zohoportal.com/clientoauth/v2/10023122998/token

PARAMS:

refresh_token = Obtained during Access and refresh token generation
client_id = Client ID, Obtained during Client Registration
client_secret = Client Secret, Obtained during Client Registration in API Console
grant_type = refresh_token

4. Revoking a Refresh Token

METHOD: POST

URL:

https://accounts.zohoportal.com/clientoauth/v2/10023122998/token/revoke

PARAMS:

token = Refresh token obtained during Access and refresh token generation