Skip to main content

Terminologies

The following are a few terminologies that you need to know before you start using the Zoho Contracts' APIs.

 

Terminology

Description

Protected resources

The Zoho Contracts resources, such as Contracts, Counterparties, Contract Types, etc.

Resource server

The Zoho Contracts server that hosts protected resources.

Resource owner

Any end-user of your account, who can grant access to the protected resources.

Client

An application that sends requests to the resource server to access the protected resources on behalf of the end-user.

Client ID

The consumer key generated from the connected application.

Client Secret

The consumer secret generated from the connected application.

Access Token

A token that is sent to the resource server to access the protected resources of the user. The access token provides secure and temporary access to Zoho Contracts' APIs and is used by the applications to make requests to the connected app. Each access token will be valid only for an hour and can be used only for the set of operations that are described in the scope.

Refresh Token

A token that can be used to obtain new access tokens. This token has an unlimited lifetime until it is revoked by the end-user.

Scopes

Scopes control the type of resource that the client application can access. Tokens are usually created with various scopes to ensure improved security. For example, you can generate a scope to create or view a contract, or to view meta data and so on.

 

Scopes contain three parameters — service name, scope name, and operation type. The format to define a scope is scope=service_name.scope_name.operation_type.

 

E.g., scope=contracts.modules.ALL

 

To view the scopes available in Zoho Contracts, see the List of Scopes page.

Authentication Server

The server that provides the necessary Access and Refresh tokens to the client. In this case, it will be the Zoho Contracts authorization server.

Authentication Code

The Zoho Contracts authorization server that creates a temporary token and sends it to the client via the browser. The client will send this code to the authorization server to obtain access and refresh tokens.

 

 Zoho Contracts Developer Community