Share Record
Purpose
To share a record with other users in the organization.
Request Details
Request URL
{api-domain}/crm/v2/{module_api_name}/{record_id}/actions/share
Supported modules
Leads, Accounts, Contacts, Deals, Campaigns, Cases, Solutions, Products, Vendors, Price Books, Quotes, Sales Orders, Purchase Orders, Invoices, and Custom.
Header
Authorization: Zoho-oauthtoken 100xx.d92d4xxxxxxxxxxxxx15f52
Scope
scope=ZohoCRM.share.{module_name}.{operation_type}
Possible module names
leads, accounts, contacts, deals, campaigns, cases, solutions, products, vendors, pricebooks, quotes, salesorders, purchaseorders, invoices, and custom.
Possible operation types
ALL - Full access to the record
CREATE - Share records with other users in the organization
The records can be shared to other users in the organization only if certain conditions are met. For simplicity, let us assume that User A shares a record with User B. Now, user A can share the record successfully only if:
User B is a confirmed and active user.
User B does not have access to that particular record.
User B has access to that particular module. For instance, to share a contact, user B must have access to the Contacts module.
You cannot share the records in Activities module and Linking module directly. They can be shared as related lists.
The users who have profiles with share permission can share any records that they have access to, except the records that are shared to them. To check the same, go to Setup> Under Users and Control> Choose Security Control> Choose the profile> Under Tool Permissions> Check if 'share' is enabled. It is enabled by default for Standard and Administrator Profiles.
The details of the records that form many to many relationships (with multi-select lookup) cannot be shared.
A record can be shared only with 10 users.
Once the record gets shared successfully, the user who initiated the share operation will get notified via email.
The user can update the shared records using the PUT method. To know more, refer to Update Records.
Sample Request
Copiedcurl "https://zylkercorp.zohoplatform.com/crm/v2/Contacts/4150868000001176057/actions/share"
-X POST
-H "Authorization: Zoho-oauthtoken 100xx.8cb99dxxxxxxxxxxxxx9be93.9b8xxxxxxxxxxxxxxxf"
-d "@input.json"Copied//Get instance of ShareRecordsOperations Class that takes moduleAPIName and recordId as parameter
let sharedRecordsOperations = new ZCRM.ShareRecord.Operations(recordId, moduleAPIName);
//Get instance of BodyWrapper Class that will contain the request body
let request = new ZCRM.ShareRecord.Model.BodyWrapper();
//Array to hold ShareRecord instances
let shareRecordArray = [];
for(let i = 0; i < 10; i++)
{
//Get instance of ShareRecord Class
let shareRecord = new ZCRM.ShareRecord.Model.ShareRecord();
//Set boolean value to share related records
shareRecord.setShareRelatedRecords(false);
//Set the permission. Possible values - full_access, read_only, read_write
shareRecord.setPermission("read_write");
//Get instance of User Class
let user = new ZCRM.User.Model.User();
//Set User ID
user.setId(34770615791024n);
//Set the User instance to user
shareRecord.setUser(user);
//Add the instance to array
shareRecordArray.push(shareRecord);
}
//Set the array to share of BodyWrapper instance
request.setShare(shareRecordArray);
//Call shareRecord method that takes BodyWrapper instance as parameter
let response = await sharedRecordsOperations.shareRecord(request);
Copiedvar listener = 0;
class ShareRecords {
async shareRecord() {
var url = "https://zylkercorp.zohoplatform.com/crm/v2/Leads/34770617753001/actions/share"
var parameters = new Map()
var headers = new Map()
var token = {
clientId:"1000.NPY9M1V0XXXXXXXXXXXXXXXXXXXF7H",
redirectUrl:"http://127.0.0.1:5500/redirect.html",
scope:"ZohoCRM.users.ALL,ZohoCRM.bulk.read,ZohoCRM.share.Leads.ALL,ZohoCRM.modules.ALL,ZohoCRM.settings.ALL,Aaaserver.profile.Read,ZohoCRM.org.ALL,profile.userphoto.READ,ZohoFiles.files.ALL,ZohoCRM.bulk.ALL,ZohoCRM.settings.variable_groups.ALL"
}
var accesstoken = await new ShareRecords().getToken(token)
headers.set("Authorization", "Zoho-oauthtoken " + accesstoken)
var requestMethod = "POST"
var reqBody = {
"share": [
{
"user": {
"id": "3524033191017"
},
"share_related_records": true,
"permission": "read_only"
}
]
}
var params = "";
parameters.forEach(function(value, key) {
if (parameters.has(key)) {
if (params) {
params = params + key + '=' + value + '&';
}
else {
params = key + '=' + value + '&';
}
}
});
var apiHeaders = {};
if(headers) {
headers.forEach(function(value, key) {
apiHeaders[key] = value;
});
}
if (params.length > 0){
url = url + '?' + params.substring(0, params.length - 1);
}
var requestObj = {
uri : url,
method : requestMethod,
headers : apiHeaders,
body : JSON.stringify(reqBody),
encoding: "utf8",
allowGetBody : true,
throwHttpErrors : false
};
var result = await new ShareRecords().makeAPICall(requestObj);
console.log(result.status)
console.log(result.response)
}
async getToken(token) {
if(listener == 0) {
window.addEventListener("storage", function(reponse) {
if(reponse.key === "access_token" && (reponse.oldValue != reponse.newValue || reponse.oldValue == null)){
location.reload();
}
if(reponse.key === "access_token"){
sessionStorage.removeItem("__auth_process");
}
}, false);
listener = 1;
if(sessionStorage.getItem("__auth_process")) {
sessionStorage.removeItem("__auth_process");
}
}
["granted_for_session", "access_token","expires_in","expires_in_sec","location","api_domain","state","__token_init","__auth_process"].forEach(function (k) {
var isKeyExists = localStorage.hasOwnProperty(k);
if(isKeyExists) {
sessionStorage.setItem(k, localStorage[k]);
}
localStorage.removeItem(k);
});
var valueInStore = sessionStorage.getItem("access_token");
var tokenInit = sessionStorage.getItem("__token_init");
if(tokenInit != null && valueInStore != null && Date.now() >= parseInt(tokenInit) + 59 * 60 * 1000){ // check after 59th minute
valueInStore = null;
sessionStorage.removeItem("access_token");
}
var auth_process = sessionStorage.getItem("__auth_process");
if ((valueInStore == null && auth_process == null) || (valueInStore == 'undefined' && (auth_process == null || auth_process == "true"))) {
var accountsUrl = "https://zylkercorp.zohoplatform.com/oauth/v2/auth"
var clientId;
var scope;
var redirectUrl;
if(token != null) {
clientId = token.clientId;
scope = token.scope;
redirectUrl = token.redirectUrl;
}
var fullGrant = sessionStorage.getItem("full_grant");
var grantedForSession = sessionStorage.getItem("granted_for_session");
if(sessionStorage.getItem("__token_init") != null && ((fullGrant != null && "true" == full_grant) || (grantedForSession != null && "true" == grantedForSession))) {
accountsUrl += '/refresh';
}
if (clientId && scope) {
sessionStorage.setItem("__token_init", Date.now());
sessionStorage.removeItem("access_token");
sessionStorage.setItem("__auth_process", "true");
window.open(accountsUrl + "?" + "scope" + "=" + scope + "&"+ "client_id" +"=" + clientId + "&response_type=token&state=zohocrmclient&redirect_uri=" + redirectUrl);
["granted_for_session", "access_token","expires_in","expires_in_sec","location","api_domain","state","__token_init","__auth_process"].forEach(function (k) {
var isKeyExists = localStorage.hasOwnProperty(k);
if(isKeyExists){
sessionStorage.setItem(k, localStorage[k]);
}
localStorage.removeItem(k);
});
valueInStore = sessionStorage.getItem("access_token");
}
}
if(token != null && valueInStore != 'undefined'){
token.accessToken = valueInStore;
}
return token.accessToken;
}
async makeAPICall(requestDetails) {
return new Promise(function (resolve, reject) {
var body, xhr, i;
body = requestDetails.body || null;
xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.open(requestDetails.method, requestDetails.uri, true);
for (i in requestDetails.headers) {
xhr.setRequestHeader(i, requestDetails.headers[i]);
}
xhr.send(body);
xhr.onreadystatechange = function() {
if(xhr.readyState == 4) {
resolve(xhr);
}
}
})
}
}Copieduser1 = Map();
user1.put("user", {"id":"4150868000001174048"});
user1.put("share_related_records", true);
user1.put("permission", "full_access");
user2 = Map();
user2.put("user", {"id":"4150868000001199001"});
user2.put("share_related_records", true);
user2.put("permission", "read_only");
usersList = List();
usersList.add(user1);
usersList.add(user2);
params = Map();
params.put("share", usersList);
response = invokeurl
[
url :"https://zylkercorp.zohoplatform.com/crm/v2/Leads/692969000000981055/actions/share"
type :POST
parameters: params.toString()
connection:"crm_oauth_connection"
];
info response;In the request, "@input.json" contains the sample input data.
Request JSON
- shareJSON array, mandatory
The JSON object represents the set of users with whom you want to share the record. Each object in the array represents a user.
share Properties
- userJSON object, mandatory
Represents the ID of the user with whom you want to share the record.
- share_related_recordsboolean, optional
Represents if you want to share the related records also with the user.
Possible values:
true - share related records along with the record.
false - Do not share related records. This is the default value. - permissionstring, optional
Represents the access permission you want to give the user for that record.
Possible values:
full_access- Allow the user full access to the record. This is the default value.
read_only - Allow the user to only view the record.
read_write - Allow the user to view and edit the record.
Sample Input
Copied{
"share": [
{
"user": {
"id": "4150868000001174048"
},
"share_related_records": true,
"permission": "full_access"
},
{
"user": {
"id": "4150868000001199001"
},
"share_related_records": true,
"permission": "read_only"
}
]
}Possible Errors
- OAUTH_SCOPE_MISMATCHHTTP 401
invalid oauth scope to access this URL
Resolution: The client does not have the scope to ZohoCRM.share.{module_name}.CREATE
(or)
The module name given in the URL is either Events, Calls, Tasks or any Linking module.
(or)
The module name given in the URL is invalid. - INVALID_URL_PATTERNHTTP 404
Please check if the URL trying to access is a correct one.
Resolution: The URL given has syntactical errors. - INVALID_DATAHTTP 403
ENTITY_ID_INVALID
Resolution: The record ID given in the URL is either invalid
(or)
does not belong to the module mentioned. - INVALID_DATAHTTP 200
Permission is invalid
Resolution: The value given in permission is not one of: full_access, read_only, or read_write.
(or)
The user does not have permission to access that particular module. - INVALID_DATAHTTP 200
record is already visible to the user.
Resolution: The record is already accessible to the user. You can share the record only if the user cannot access it. - SHARE_LIMIT_EXCEEDEDHTTP 403
Cannot share a record to more than 10 users.
Resolution: The record you are trying to share has already been shared with 10 users. - NO_PERMISSIONHTTP 403
Permission denied to share records
Resolution: The user does not have permission to share a record with other users in the organization. Contact your system administrator. - INTERNAL_ERRORHTTP 500
Internal Server Error
Resolution: Unexpected and unhandled exception in Server. Contact support team. - INVALID_REQUEST_METHODHTTP 400
The http request method type is not a valid one
Resolution: You have specified an invalid HTTP method to access the API URL. Specify a valid request method. Refer to endpoints section above. - AUTHORIZATION_FAILEDHTTP 400
User does not have sufficient privilege to share records
Resolution: The user does not have the permission to share a record with other users in the organization. Contact your system administrator. - INVALID_MODULEHTTP 400
The module name given seems to be invalid
Resolution: You have specified an invalid module name or there is no tab permission, or the module could have been removed from the available modules. Specify a valid module API name. - INVALID_MODULEHTTP 400
The given module is not supported in API
Resolution: The modules such as Documents and Projects are not supported in the current API. (This error will not be shown, once these modules are been supported). Specify a valid module API name.
Sample Response
Copied{
"share": [
{
"code": "SUCCESS",
"details": {},
"message": "record will be shared successfully",
"status": "success"
},
{
"code": "SUCCESS",
"details": {},
"message": "record will be shared successfully",
"status": "success"
}
]
}