Authentication Method
A
serverless function within your CRM can be invoked from any third-party
application or within the CRM. However, commonly not all of the
applications support a single authentication method. Keeping that in
mind, we have two methods that you can use to execute the function. One
of them would be using the API Key authentication method, which can be
used by either you or others to invoke the function from anywhere. The
other is the OAuth2 method.
The difference
between API Key and OAuth2 lies in the mode of authentication. API Key
has to be authenticated in the Request URL and not as a header.
Serverless Functions can be authenticated through the following methods:
OAuth Authentication
| Run your application serverless with the latest and more secure mode of authentication.
|
API Key Authentication
| The simplest and the fastest way to enable authentication for your applications.
|
API
Key authentication is used to inform Zoho that the incoming client can
access the data from the CRM. However, you can set up permissions to
limit the level of access that the service or the developer has over the
info. Although the API key is impressively simple, the downside to it
is in not keeping up with the current authentication methods.
OAuth
authentication is different in the obvious fact that the level of
security is up by a notch with the addition of access and refresh
tokens. Each access token may provide access to a specific set of data
from your CRM, but with some additional permissions like “read-only”.