A Brief Understanding of API Authentication Scopes

UPDATE: Zoho made a small change to how connections are made since we recorded this course. We will film new videos soon, but until then, read below for the details. It’s a very minor change.

Instead of the Zoho OAuth and Zoho option that you see in this video, Zoho created application-specific connections, that will usually be the simplest and most intuitive to use, and they kept the Zoho OAuth connector.

Usually, you can find the same scopes in an app-specific connection and Zoho OAuth, though some may differ. For example, the Zoho Books Vendor Payments READ, CREATE, and ALL scopes are in the Books connector while only the DELETE scope is in the Zoho OAuth connector.

Everything else about this video is accurate. The only thing that changed is where to find the right scopes (Zoho created connections dedicated to individual apps). Find your needed scope in one of those places!

A scope’s purpose is to only give certain permissions.

We don’t want to allow access to an entire app or suite of apps at a time, through one connection, because any evil-minded scumbag who gets ahold of that could do a lot of damage.

So, using Zoho OAuth or a connection to a specific app, select the scope that gives you the permissions you need for your function.