Update Share Permissions

Purpose

Using this API, you can:

Update the sharing permissions of a record granted to users as Read-Write, Read-only, or grant full access.
Revoke access given to users to a shared record.
Update the access permission to the related lists of the record that was shared with the user.

Endpoints

PUT /{module_api_name}/{record_id}/actions/share

Request Details

Request URL

{api-domain}/crm/{version}/{module_api_name}/{record_id}/actions/share

Supported modules

Leads, Accounts, Contacts, Deals, Campaigns, Cases, Solutions, Products, Vendors, Price Books, Quotes, Sales Orders, Purchase Orders, Invoices, and Custom.

Header

Authorization: Zoho-oauthtoken d92d4xxxxxxxxxxxxx15f52

Scope

scope=ZohoCRM.share.{module_name}.{operation_type}

Possible module names

leads, accounts, contacts, deals, campaigns, cases, solutions, products, vendors, pricebooks, quotes, salesorders, purchaseorders, invoices, and custom.

Possible operation types

ALL - Full access to the record
UPDATE - Update the sharing permission

Note

The system automatically revokes access to the record for the users who are not mentioned in the JSON request body. Therefore, give the ID of all the users with whom the record was shared, unless you want to revoke share permissions for them.

Sample Request

Copiedcurl "https://www.zohoapis.com/crm/v2.1/Contacts/4150868000001148347/actions/share"
-X PUT
-H "Authorization: Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
-d "@input.json"

3.0.08.0

CopiedString moduleAPIName = "Leads";
Long recordId = 3477061000005177002L;

//Get instance of ShareRecordsOperations Class that takes recordId and moduleAPIName as parameter
ShareRecordsOperations shareRecordsOperations = new ShareRecordsOperations(recordId, moduleAPIName);

//Get instance of BodyWrapper Class that will contain the request body
BodyWrapper request = new BodyWrapper();

//List of ShareRecord instances
List < ShareRecord > shareList = new ArrayList < ShareRecord > ();

//Get instance of ShareRecord Class
ShareRecord share1 = new ShareRecord();

share1.setShareRelatedRecords(true);

share1.setPermission("full_access");

User user = new User();

user.setId(3477061000005791024 L);

share1.setUser(user);

shareList.add(share1);

request.setShare(shareList);

//Call updateSharePermissions method that takes BodyWrapper instance as parameter
APIResponse < ActionHandler > response = shareRecordsOperations.updateSharePermissions(request);

Copiedpackage com.zoho.crm.api.sample.restapi.sharerecords;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpEntityEnclosingRequestBase;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
import org.json.JSONArray;
import org.json.JSONObject;
public class UpdateSharePermissions 
{
	@SuppressWarnings("deprecation")
	public static void main(String[] args) 
	{
		try
		{
			HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
			SSLContext sslContext = SSLContext.getDefault();
			SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
			CloseableHttpClient httpclient = httpClientBuilder.setSSLSocketFactory(sslConnectionSocketFactory).build();
			URIBuilder uriBuilder = new URIBuilder("https://www.zohoapis.com/crm/v2.1/Leads/34770617753001/actions/share");
			HttpUriRequest requestObj = new HttpPut(uriBuilder.build());
			HttpEntityEnclosingRequestBase requestBase = (HttpEntityEnclosingRequestBase) requestObj;
			JSONObject requestBody = new JSONObject();
			JSONArray recordArray = new JSONArray();
			JSONObject recordObject = new JSONObject();
			recordObject.put("share_related_records", true);
			recordObject.put("permission", "read_only");
			JSONObject user = new JSONObject();
			user.put("id", "34770615791024");
			recordObject.put("user", user);
			recordArray.put(recordObject);
			recordObject = new JSONObject();
			recordObject.put("share_related_records", true);
			recordObject.put("permission", "full_access");
			user = new JSONObject();
			user.put("id", "34770615791024");
			recordObject.put("user", user);
			recordArray.put(recordObject);
			requestBody.put("share", recordArray);
			requestBase.setEntity(new StringEntity(requestBody.toString(), HTTP.UTF_8));
			requestObj.addHeader("Authorization", "Zoho-oauthtoken 1000.xxxxxxx.xxxxxxx");
			HttpResponse response = httpclient.execute(requestObj);
			HttpEntity responseEntity = response.getEntity();
			System.out.println("HTTP Status Code : " + response.getStatusLine().getStatusCode());
			if(responseEntity != null)
			{
				Object responseObject = EntityUtils.toString(responseEntity);
				String responseString = responseObject.toString();
				System.out.println(responseString);
			}
		}
		catch(Exception ex)
		{
			ex.printStackTrace();
		}
	}
}

4.0.04.x

Copied//Get instance of ShareRecordsOperations Class that takes moduleAPIName and recordId as parameter
$shareRecordsOperations = new ShareRecordsOperations($recordId, $moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
$request = new BodyWrapper();
//List of ShareRecord instances
$shareList = array();
//Get instance of ShareRecord Class
$share1 = new ShareRecord();
$share1->setShareRelatedRecords(true);
$share1->setPermission("full_access");
$user = new User();
$user->setId("34770615791024");
$share1->setUser($user);
array_push($shareList, $share1);
$request->setShare($shareList);
//Call updateSharePermissions method that takes BodyWrapper instance as parameter
$response = $shareRecordsOperations->updateSharePermissions($request);

Copied<?php

class UpdateSharePermissions
{
    public function execute(){
        $curl_pointer = curl_init();
        
        $curl_options = array();
        $url = "https://www.zohoapis.com/crm/v2.1/Leads/3477061000007753001/actions/share";

        $curl_options[CURLOPT_URL] =$url;
        $curl_options[CURLOPT_RETURNTRANSFER] = true;
        $curl_options[CURLOPT_HEADER] = 1;
        $curl_options[CURLOPT_CUSTOMREQUEST] = "PUT";
        $requestBody = array();
        $recordArray = array();
        $recordObject = array();
        $user = array();
        $user["id"]= "3477061000005791024";
        $recordObject["share_related_records"]=true;
        $recordObject["permission"]="full_access";
        $recordObject["user"]= $user;
        
        
        $recordArray[] = $recordObject;
        $requestBody["share"] =$recordArray;
        $curl_options[CURLOPT_POSTFIELDS]= json_encode($requestBody);
        $headersArray = array();
        
        $headersArray[] = "Authorization". ":" . "Zoho-oauthtoken " . "1000.30f3a589XXXXXXXXXXXXXXXXXXX4077.dc5XXXXXXXXXXXXXXXXXXXee9e7c171c";
        
        $curl_options[CURLOPT_HTTPHEADER]=$headersArray;
        
        curl_setopt_array($curl_pointer, $curl_options);
        
        $result = curl_exec($curl_pointer);
        $responseInfo = curl_getinfo($curl_pointer);
        curl_close($curl_pointer);
        list ($headers, $content) = explode("\r\n\r\n", $result, 2);
        if(strpos($headers," 100 Continue")!==false){
            list( $headers, $content) = explode( "\r\n\r\n", $content , 2);
        }
        $headerArray = (explode("\r\n", $headers, 50));
        $headerMap = array();
        foreach ($headerArray as $key) {
            if (strpos($key, ":") != false) {
                $firstHalf = substr($key, 0, strpos($key, ":"));
                $secondHalf = substr($key, strpos($key, ":") + 1);
                $headerMap[$firstHalf] = trim($secondHalf);
            }
        }
        $jsonResponse = json_decode($content, true);
        if ($jsonResponse == null && $responseInfo['http_code'] != 204) {
            list ($headers, $content) = explode("\r\n\r\n", $content, 2);
            $jsonResponse = json_decode($content, true);
        }
        var_dump($headerMap);
        var_dump($jsonResponse);
        var_dump($responseInfo['http_code']);
        
    }
    
}
(new UpdateSharePermissions())->execute();

3.0.08.x

Copied//Get instance of ShareRecordsOperations Class that takes recordId and moduleAPIName as parameter
ShareRecordsOperations shareRecordsOperations = new ShareRecordsOperations(recordId, moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
BodyWrapper request = new BodyWrapper();
//List of ShareRecord instances
List<ShareRecord> shareList = new List<ShareRecord>();
//Get instance of ShareRecord Class
ShareRecord share1 = new ShareRecord();
share1.ShareRelatedRecords = true;
share1.Permission = "full_access";
User user = new User();
user.Id = 34770615791024;
share1.User = user;
shareList.Add(share1);
request.Share = shareList;
//Call UpdateSharePermissions method that takes BodyWrapper instance as parameter
APIResponse<ActionHandler> response = shareRecordsOperations.UpdateSharePermissions(request);

Copiedusing System;
using System.IO;
using System.Net;
using System.Text;
using Newtonsoft.Json.Linq;
namespace Com.Zoho.Crm.API.Sample.RestAPI.ShareRecords
{
    public class UpdateSharePermissions
    {
        public static void UpdateShare()
        {
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://www.zohoapis.com/crm/v2.1/Leads/3477067753001/actions/share");
            request.Method = "PUT";
            request.Headers["Authorization"] = "Zoho-oauthtoken 1000.abfeXXXXXXXXXXX2asw.XXXXXXXXXXXXXXXXXXsdc2";
            JObject requestBody = new JObject();
            JArray recordArray = new JArray();
            JObject recordObject = new JObject();
            recordObject.Add("share_related_records", true);
            recordObject.Add("permission", "read_only");
            JObject user = new JObject();
            user.Add("id", "3477065791024");
            recordObject.Add("user", user);
            recordArray.Add(recordObject);
            recordObject = new JObject();
            recordObject.Add("share_related_records", true);
            recordObject.Add("permission", "full_access");
            user = new JObject();
            user.Add("id", "347706105791024");
            recordObject.Add("user", user);
            recordArray.Add(recordObject);
            requestBody.Add("share", recordArray);
            string dataString = requestBody.ToString();
            var data = Encoding.UTF8.GetBytes(dataString);
            int dataLength = data.Length;
            request.ContentLength = dataLength;
            using (var writer = request.GetRequestStream())
            {
                writer.Write(data, 0, dataLength);
            }
            request.KeepAlive = true;
            HttpWebResponse response;
            try
            {
                response = (HttpWebResponse)request.GetResponse();
            }
            catch (WebException e)
            {
                if (e.Response == null) { throw; }
                response = (HttpWebResponse)e.Response;
            }
            HttpWebResponse responseEntity = response;
            Console.WriteLine("HTTP Status Code : " + (int)response.StatusCode);
            string responsestring = new StreamReader(responseEntity.GetResponseStream()).ReadToEnd();
            responseEntity.Close();
            Console.WriteLine(responsestring);
        }
    }
}

3.0.03.x.x

Copied# Get instance of ShareRecordsOperations Class that takes module_api_name and record_id as parameter
shared_records_operations = ShareRecordsOperations(record_id, module_api_name)
# Get instance of BodyWrapper Class that will contain the request body
request = BodyWrapper()
# List to hold ShareRecord instances
share_record_list = []
# Get instance of ShareRecord Class
share_record = ZCRMShareRecord()
# Set boolean value to share related records
share_record.set_share_related_records(True)
# Set the permission. Possible values - full_access, read_only, read_write
share_record.set_permission('full_access')
# Get instance of User Class
user = User()
# Set User ID
user.set_id(3409643000000302031)
# Set the User instance to user
share_record.set_user(user)
# Add the instance to list
share_record_list.append(share_record)
# Set the list to share of BodyWrapper instance
request.set_share(share_record_list)
# Call update_share_permissions method that takes BodyWrapper instance as parameter
response = shared_records_operations.update_share_permissions(request)

Copieddef update_share_permissions():
    import requests
    import json

    url = 'https://www.zohoapis.com/crm/v2.1/Contacts/3409643000002277005/actions/share'

    headers = {
        'Authorization': 'Zoho-oauthtoken 1000.04be928e4a96XXXXXXXXXXXXX68.0b9eXXXXXXXXXXXX60396e268',
    }

    request_body = dict()
    record_list = list()

    record_object = {
        'share_related_records': 'true',
        'permission': 'read_write',
        'user': {
            'id': '3409643000000174021'
        }
    }

    record_list.append(record_object)

    request_body['share'] = record_list

    response = requests.put(url=url, headers=headers, data=json.dumps(request_body).encode('utf-8'))

    if response is not None:
        print("HTTP Status Code : " + str(response.status_code))

        print(response.json())

update_share_permissions()

1.0.010.x

Copied//Get instance of ShareRecordsOperations Class that takes moduleAPIName and recordId as parameter
let sharedRecordsOperations = new ShareRecordsOperations(recordId, moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
let request = new BodyWrapper();
//Array to hold ShareRecord instances
let shareRecordArray = [];
//Get instance of ShareRecord
let shareRecord = new ShareRecord();
//Set the permission
shareRecord.setPermission("full_access");
//Set the boolean value to share related records
shareRecord.setShareRelatedRecords(true);
//Get instance of User Class
let user = new User();
//Set ID to the User
user.setId(3409643000000302031n);
//Set user instance to user in ShareRecord instance
shareRecord.setUser(user);
//Add the instance to array
shareRecordArray.push(shareRecord);
//Set the array to share in BodyWrapper
request.setShare(shareRecordArray);
//Call updateSharePermissions method that takes BodyWrapper instance as parameter
let response = await sharedRecordsOperations.updateSharePermissions(request);

Copiedasync function updateSharePermissions() {
    const got = require("got");

    let url = 'https://www.zohoapis.com/crm/v2.1/Contacts/3409643000002277005/actions/share'

    let headers = {
        Authorization : "Zoho-oauthtoken 1000.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
    }

    let requestBody = {}
    let recordArray = []

    let recordObject = {
        'share_related_records': true,
        'permission': 'read_write',
        'user': {
            'id': '3409643000000174021'
        }
    }

    recordArray.push(recordObject)

    requestBody['share'] = recordArray

    let requestDetails = {
        method : "PUT",
        headers : headers,
        body : JSON.stringify(requestBody),
        encoding: "utf8",
        throwHttpErrors : false
    };
    
    let response = await got(url, requestDetails)
    
    if(response != null) {
        console.log(response.statusCode);
        console.log(response.body);
    }
}
updateSharePermissions()

2.1.0

Copied# List to hold ShareRecord instances
share_records = []
# Get instance of ShareRecordsOperations Class that takes module_api_name and record_id as parameter
sro = ShareRecords::ShareRecordsOperations.new(record_id, module_api_name)
# Get instance of BodyWrapper Class that will contain the request body
bw = ShareRecords::BodyWrapper.new
# Get instance of User Class
user = Users::User.new
# Set User ID
user.id = 3_477_061_000_005_791_024
(0..1).each do |i|
  share_record = ShareRecords::ShareRecord.new
  # Set boolean value to share related records
  share_record.share_related_records = true
  # Set the permission. Possible values - full_access, read_only, read_write
  share_record.permission = 'full_access'
  # Set the User instance to user
  share_record.user = user
  # Add the instance to list
  share_records.push(share_record)
end
# Set the list to share of BodyWrapper instance
bw.share = share_records
response = sro.update_share_permissions(bw)

Copiedrequire 'net/http'
require 'json'

class UpdateSharePermissions
    def execute
       
        url ="https://www.zohoapis.com/crm/v2.1/Leads/3477061000005623115/actions/share"
        url = URI(url)
        req = Net::HTTP::Put.new(url.request_uri)
        http = Net::HTTP.new(url.host, url.port)
        http.use_ssl = true
        headers={}
        headers["Authorization"]="Zoho-oauthtoken 1000.dfa7XXXXXXXXXXXXXXXXXX84f9665840.c176aeXXXXXXXXXXXX13f3d37a84d"
        headers&.each { |key, value| req.add_field(key, value) }
       
        request_body = {}
        record_array = []
        record_object = {}
        user = {}
        user["id"]= "3477061000005791024"
        record_object["share_related_records"]=true
        record_object["permission"]="full_access"
        record_object["user"]= user
        record_array = [record_object]
        request_body["share"] =record_array;
        request_json = request_body.to_json
        req.body = request_json.to_s
        response=http.request(req)
        status_code = response.code.to_i
        headers = response.each_header.to_h
        print status_code
        print headers
        unless response.body.nil?
            print  response.body
        end
    end
end

UpdateSharePermissions.new.execute

Copieduser1 = Map();
user1.put("user", {"id":"4150868000001174048"});
user1.put("share_related_records", true);
user1.put("permission", "full_access");

user2 = Map();
user2.put("user", {"id":"4150868000001199001"});
user2.put("share_related_records", true);
user2.put("permission", "read_only");

usersList = List();
usersList.add(user1);
usersList.add(user2);

params = Map();
params.put("share", usersList);

response = invokeurl
[
	url :"https://www.zohoapis.com/crm/v2.1/Leads/692969000000981055/actions/share"
	type :PUT
	parameters: params.toString()
	connection:"crm_oauth_connection"
];
info response;

Show full

Show less

In the request, "@input.json" contains the sample input data.

Request JSON

shareJSON array, mandatory
The JSON object represents the set of users with whom you want to share the record. Each object in the array represents a user.

share Properties

userJSON object, mandatory
Represents the ID of the user with whom you want to share the record.
share_related_recordsboolean, optional
Represents if you want to share the related records also with the user.
Possible values:
true - share related records along with the record.
false - Do not share related records. This is the default value.
permissionstring, optional
Represents the access permission you want to give the user for that record.
Possible values:
full_access- Allow the user full access to the record. This is the default value.
read_only - Allow the user to only view the record.
read_write - Allow the user to view and edit the record.

Sample Input

Copied{
    "share": [
        {
            "user": {
                "id": "4150868000001199001"
            },
            "share_related_records": true,
            "permission": "read_only"
        },
        {
            "user": {
                "id": "4150868000001174048"
            },
            "share_related_records": false,
            "permission": "full_access"
        }
    ]
}

Possible Errors

OAUTH_SCOPE_MISMATCHHTTP 401
invalid oauth scope to access this URL
Resolution: The client does not have the scope to ZohoCRM.share.{module_name}.UPDATE
(or)
The module name given in the URL is either Events, Calls, Tasks or any Linking module.
(or)
The module name given in the URL is invalid.
INVALID_URL_PATTERNHTTP 404
Please check if the URL trying to access is a correct one.
Resolution: The URL given has syntactical errors.
INVALID_DATAHTTP 400
ENTITY_ID_INVALID
Resolution: The record ID given in the URL is either invalid
(or)
does not belong to the module mentioned.
INVALID_DATAHTTP 400
Permission is invalid
Resolution: The value given in permission is not one of: full_access, read_only, or read_write.
(or)
The user does not have permission to access that particular module.
SHARE_LIMIT_EXCEEDEDHTTP 400
Cannot share a record to more than 10 users.
Resolution: The record you are trying to share has already been shared with 10 users.
NO_PERMISSIONHTTP 403
Permission denied to update records
Resolution: The user does not have permission to update the sharing permissions of a record. Contact your system administrator.
INTERNAL_ERRORHTTP 500
Internal Server Error
Resolution: Unexpected and unhandled exception in Server. Contact support team.
INVALID_REQUEST_METHODHTTP 400
The http request method type is not a valid one
Resolution: You have specified an invalid HTTP method to access the API URL. Specify a valid request method. Refer to endpoints section above.
AUTHORIZATION_FAILEDHTTP 400
User does not have sufficient privilege to update records
Resolution: The user does not have the permission to update the sharing permissions of a record. Contact your system administrator.
INVALID_MODULEHTTP 400
The module name given seems to be invalid
Resolution: You have specified an invalid module name or there is no tab permission, or the module could have been removed from the available modules. Specify a valid module API name.
INVALID_MODULEHTTP 400
The given module is not supported in API
Resolution: The modules such as Documents and Projects are not supported in the current API. (This error will not be shown, once these modules are been supported). Specify a valid module API name.

Sample Response

Copied{
    "share": [
        {
            "code": "SUCCESS",
            "details": {},
            "message": "record will be shared successfully",
            "status": "success"
        },
        {
            "code": "SUCCESS",
            "details": {},
            "message": "record will be shared successfully",
            "status": "success"
        }
    ]
}

CRM

Voice

Sign

Forms

Bigin

SalesIQ

Bookings

RouteIQ

Thrive

CRM Plus

Zakya

Campaigns

Voice

Sign

Forms

Social

Survey

SalesIQ

Sites

Backstage

PageSense

Marketing Automation

LandingPage

Webinar

LeadChain

Domains

CommunitySpaces

Thrive

Publish

Marketing Plus

Commerce

Zakya

Desk

Assist

Voice

SalesIQ

Bookings

FSM

Lens

Solo

Service Plus

Books

Expense

Sign

Inventory

Invoice

Billing

Payroll

Commerce

Checkout

Practice

Solo

Payments

Finance Plus

Mail

Voice

Sign

WorkDrive

Bookings

Cliq

Notebook

Meeting

Connect

Learn

Office Integrator

Writer

TeamInbox

ZeptoMail

Show

Tables

Sheet

Office Suite

Calendar

ToDo

PDF Editor

Workplace

Vani

Expense

Recruit

People