OAuth 2.0
The ManageEngine Asset Explorer Cloud API use OAuth 2.0 for authentication. This page gives you an overview of the authentication process. For complete details on OAuth 2.0 flows, registration, token management, and more, refer to Zoho OAuth 2.0 documentation.
How OAuth 2.0 works
To access ManageEngine Asset Explorer Cloud APIs, your application needs an access token obtained through one of the
OAuth 2.0 flows. At a high level, the steps are:
- Register your application in the Zoho API console.
- Get consent from user to access their data and obtain an access token.
- Call ManageEngine Asset Explorer Cloud APIs using the access token.
Token Expiry
Access tokens expire periodically. The expiry duration is mentioned as expires_in (seconds) in the access token response. To maintain uninterrupted access, you can request for an optional refresh token, store it, and use it to generate new access tokens as needed.
Different OAuth flows for different app types
Zoho supports OAuth flows for different application types (server-based, client-based, mobile & desktop-based, limited input devices, and self client). You can choose the flow that matches your application.
Multi DC support
Zoho operates data centres in multiple regions. If your application serves users across regions, you must enable Multi DC support in the API console and use region-specific endpoints for both OAuth and Product API calls.
See detailed OAuth 2.0 workflow
Scopes
ManageEngine Asset Explorer Cloud APIs use selected scopes, which control the type of resource that the client application can access. Tokens are usually created with various scopes to ensure improved security.
For example, you can generate a scope to create or view an asset, or to view metadata and so on. Scopes contain three parameters — service name, scope name, and operation type. The format to define a scope is
scope=SDPOnDemand.scope_name.operation_type
Example: scope=SDPOnDemand.assets.ALL
Here, SDPOnDemand is the service name, assets is the scope name, and ALL is the operation type.
List of Available Scopes
Group/Module scope provides complete access to all functions the user can perform on the particular module.
For instance, a group scope can allow a user to read, create, update, and delete records in a module.
Assets Scopes
| Operation Type | Scope Example | Description |
|---|---|---|
| ALL | SDPOnDemand.assets.ALL | To access Asset module related all APIs |
| CREATE | SDPOnDemand.assets.CREATE | To create Asset module related records |
| READ | SDPOnDemand.assets.READ | To read Asset module related records |
| UPDATE | SDPOnDemand.assets.UPDATE | To update Asset module related records |
| DELETE | SDPOnDemand.assets.DELETE | To delete Asset module related records |
CMDB Scopes
| Operation Type | Scope Example | Description |
|---|---|---|
| ALL | SDPOnDemand.cmdb.ALL | To access CMDB module related all APIs |
| CREATE | SDPOnDemand.cmdb.CREATE | To create CMDB module related records |
| READ | SDPOnDemand.cmdb.READ | To read CMDB module related records |
| UPDATE | SDPOnDemand.cmdb.UPDATE | To update CMDB module related records |
| DELETE | SDPOnDemand.cmdb.DELETE | To delete CMDB module related records |
Contracts Scopes
| Operation Type | Scope Example | Description |
|---|---|---|
| ALL | SDPOnDemand.contracts.ALL | To access Contracts module related all APIs |
| CREATE | SDPOnDemand.contracts.CREATE | To create Contracts module related records |
| READ | SDPOnDemand.contracts.READ | To read Contracts module related records |
| UPDATE | SDPOnDemand.contracts.UPDATE | To update Contracts module related records |
| DELETE | SDPOnDemand.contracts.DELETE | To delete Contracts module related records |
Purchases Scopes
| Operation Type | Scope Example | Description |
|---|---|---|
| ALL | SDPOnDemand.purchases.ALL | To access Purchases module related all APIs |
| CREATE | SDPOnDemand.purchases.CREATE | To create Purchases module related records |
| READ | SDPOnDemand.purchases.READ | To read Purchases module related records |
| UPDATE | SDPOnDemand.purchases.UPDATE | To update Purchases module related records |
| DELETE | SDPOnDemand.purchases.DELETE | To delete Purchases module related records |
Custom Module Scopes
| Operation Type | Scope Example | Description |
|---|---|---|
| ALL | SDPOnDemand.custommodule.ALL | To access Custom module instance all APIs |
| CREATE | SDPOnDemand.custommodule.CREATE | To create Custom module instance records |
| READ | SDPOnDemand.custommodule.READ | To read Custom module instance records |
| UPDATE | SDPOnDemand.custommodule.UPDATE | To update Custom module instance records |
| DELETE | SDPOnDemand.custommodule.DELETE | To delete Custom module instance records |
Setup Scopes
| Operation Type | Scope Example | Description |
|---|---|---|
| ALL | SDPOnDemand.setup.ALL | To access Admin module related all APIs |
| CREATE | SDPOnDemand.setup.CREATE | To create Admin module related records |
| READ | SDPOnDemand.setup.READ | To read Admin module related records |
| UPDATE | SDPOnDemand.setup.UPDATE | To update Admin module related records |
| DELETE | SDPOnDemand.setup.DELETE | To delete Admin module related records |
General Scopes
| Operation Type | Scope Example | Description |
|---|---|---|
| ALL | SDPOnDemand.general.ALL | To access all General APIs |
| CREATE | SDPOnDemand.general.CREATE | To create General records |
| READ | SDPOnDemand.general.READ | To read General records |
| UPDATE | SDPOnDemand.general.UPDATE | To update General records |
| DELETE | SDPOnDemand.general.DELETE | To delete General records |
One or more scopes can also be mentioned as comma separated in scope.
Example:
scope=SDPOnDemand.assets.ALL,SDPOnDemand.contracts.READ,SDPOnDemand.setup.READ,SDPOnDemand.setup.CREATE
Here, Asset, Contract and Admin modules are included in scope. So this will provide complete access for asset module and read access for contract module and read and create access for Admin module.
API endpoints by data center
When making API calls, you must use the base URL corresponding to your user’s data center. The correct URL is returned as api_domain in the access token response.
Important
Never hardcode a single region’s URL. Always use the api_domain from the access token response
For more details about Data Centres, see Multi-DC Support.
API Example
To access the ManageEngine Asset Explorer Cloud’s API, you need to send the ‘Authorization’ & ‘Accept’ headers with your request.
GET LIST Asset
https://sdpondemand.manageengine.com/api/v3/assets
Important
URI components for input_data needs to be encoded in Request Parameter.
$ curl -G <service domain|custom domain>/app/<portal>/api/v3/assets\
-X GET\
-H "Accept: application/vnd.manageengine.sdp.v3+json"\
-H "Authorization: Zoho-oauthtoken 1000.7xxx98976ab0xxxxxx19901e7551be57.bxxxx921ed64c04f79622bebcfxxxxxx"\
-H "Content-Type: application/x-www-form-urlencoded"\
--data-urlencode input_data=''
// Deluge Sample script
url = "<service domain|custom domain>/app/<portal>/api/v3/assets";
headers = {"Accept":"application/vnd.manageengine.sdp.v3+json",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Zoho-oauthtoken 1000.7xxx98976ab0xxxxxx19901e7551be57.bxxxx921ed64c04f79622bebcfxxxxxx"};
input_data = ;
params = {"input_data":input_data};
response = invokeurl
[
url: url
type: GET
parameters:params
headers: headers
];
info response;
#Powershell version - 5.1
$url = "<service domain|custom domain>/app/<portal>/api/v3/assets"
$headers = @{ "Accept" = "application/vnd.manageengine.sdp.v3+json"
"Authorization" = "Zoho-oauthtoken 1000.7xxx98976ab0xxxxxx19901e7551be57.bxxxx921ed64c04f79622bebcfxxxxxx"
"Content-Type" = "application/x-www-form-urlencoded"}
$input_data = @''@
$data = @{ 'input_data' = $input_data}
$response = Invoke-RestMethod -Uri $url -Method get -Body $data -Headers $headers
$response
#Python version - 3.8
#This script requires requests module installed in python.
from urllib.error import HTTPError
from urllib.parse import urlencode
from urllib.request import urlopen,Request
url = "<service domain|custom domain>/app/<portal>/api/v3/assets"
headers ={"Accept": "application/vnd.manageengine.sdp.v3+json",
"Authorization" : "Zoho-oauthtoken 1000.7xxx98976ab0xxxxxx19901e7551be57.bxxxx921ed64c04f79622bebcfxxxxxx",
"Content-Type" : "application/x-www-form-urlencoded"}
input_data = ''''''
url += "?" + urlencode({"input_data":input_data})
httprequest = Request(url, headers=headers)
try:
with urlopen(httprequest) as response:
print(response.read().decode())
except HTTPError as e:
print(e.read().decode())
{
"response_status": {
"status_code": 2000,
"status": "success"
},
"asset": {
"purchase_lot_id": null,
"acknowledgement": null,
"total_cost": "22100",
"device_type": null,
"type": {
"name": "Asset",
"id": "100000000000002685"
},
"lifecycle": null,
"last_updated_by": null,
"credential": null,
"workflow_instance_details": null,
"suggested_owner": null,
"id": "100000000000048265",
"state": {
"internal_name": "In Use",
"name": "In Use",
"description": null,
"id": "100000000000002848"
},
"barcode": "9TNRHJZL",
"product_depreciation": null,
"operational_cost": "0.0",
"asset_tag": "tag1",
"created_time": {
"display_value": "Mar 12, 2025 03:23 PM",
"value": "1741773223613"
},
"workflow": null,
"is_swscan_needed": false,
"created_by": {
"email_id": "test@test.com",
"is_technician": true,
"sms_mail": null,
"mobile": "11111121212222",
"last_name": "test",
"user_scope": "internal_user",
"sms_mail_id": null,
"cost_per_hour": "0",
"site": {
"deleted": false,
"name": "Base Site",
"id": "100000000000006936",
"is_default": true
},
"phone": "1.11111111111121E+016",
"employee_id": null,
"name": "test ",
"id": "100000000000041183",
"is_vip_user": false,
"department": null,
"first_name": "test",
"job_title": null
},
"linked_ci": null,
"last_updated_time": null,
"purchase_order": null,
"network_adapters": [
{
"description": "-",
"dhcp_server": "-",
"nic_lease": "-",
"ip_address": "192.100.16.21",
"type": null,
"network": "-",
"ipnet_mask": "-",
"mac_address": "00:A0:C9:14:C8:29",
"name": "-",
"id": "100000000000048275",
"asset": {
"site": {
"id": "100000000000006936"
},
"product": {
"id": "100000000000048243"
},
"product_type": {
"id": "100000000000002705"
},
"name": "5th-floor-ap",
"id": "100000000000048265"
},
"gateway": "-",
"dhcp": "false",
"dnshostname": null
}
],
"is_depreciation_configured": false,
"name": "5th-floor-ap",
"region": null,
"is_depreciation_calculated": false,
"loan": null,
"attachments": [],
"retain_user_site": true,
"is_asset_association_possible": true,
"acquisition_date": {
"display_value": "Jan 10, 2019",
"value": "1547064000000"
},
"current_cost": "0.0",
"vendor": {
"name": "Sam-vendor",
"description": "No Description",
"currency": {
"symbol": "$",
"code": "USD",
"exchange_rate": "1",
"name": "US Dollar",
"id": "100000000000004519"
},
"id": "100000000000048245"
},
"mac_address": "00:A0:C9:14:C8:29",
"purchase_cost": "22100",
"department": {
"site": {
"id": "100000000000006936"
},
"name": "Administration",
"id": "100000000000007191"
},
"depreciation": null,
"product": {
"part_no": "-",
"gl_code": null,
"product_type": {
"image": "asset_access_points",
"extension": {
"api_plural_name": "asset_access_points",
"name": "asset_access_point",
"display_name_plural": "sdp.inventory.breadcrumb.accesspoints",
"id": "100000000000002635",
"display_name": "Access Point",
"category": "ASSET",
"icon_name": null
},
"entity_category": "ASSET",
"api_plural_name": "asset_access_points",
"description": "Wireless Access Point",
"display_name": "Access Point",
"type": {
"name": "Asset",
"id": "100000000000002685"
},
"mandatory": true,
"parent_product_visibility": false,
"sibling_product_visibility": false,
"name": "Access Point",
"display_name_plural": "Access Points",
"child_product_visibility": true,
"id": "100000000000002705",
"category": {
"name": "IT",
"description": "IT Assets and Components",
"id": "100000000000002681",
"display_name": "IT"
},
"inherits": {
"extension": {
"id": "100000000000002615"
},
"api_plural_name": "assets",
"name": "All Assets",
"id": "100000000000002691",
"display_name": "All Assets"
}
},
"software": null,
"name": "Dell",
"id": "100000000000048243",
"type": {
"name": "Asset",
"id": "100000000000002685"
},
"category": {
"name": "IT",
"description": "IT Assets and Components",
"id": "100000000000002681"
},
"manufacturer": "Dell"
},
"asset_depreciation": null,
"integration_mappings": [],
"recent_scan_source": null,
"expiry_date": {
"display_value": "Jan 21, 2020",
"value": "1579550399999"
},
"used_by_asset": null,
"serial_number": "H7PM4XLG",
"warranty_expiry": {
"display_value": "Jan 21, 2020",
"value": "1579550399999"
},
"ip_address": "192.100.16.21",
"probe": null,
"site": {
"deleted": false,
"name": "Base Site",
"id": "100000000000006936",
"is_default": true
},
"product_type": {
"image": "asset_access_points",
"extension": {
"api_plural_name": "asset_access_points",
"name": "asset_access_point",
"display_name_plural": "sdp.inventory.breadcrumb.accesspoints",
"id": "100000000000002635",
"display_name": "Access Point",
"category": "ASSET",
"icon_name": null
},
"entity_category": "ASSET",
"api_plural_name": "asset_access_points",
"description": "Wireless Access Point",
"display_name": "Access Point",
"type": {
"name": "Asset",
"id": "100000000000002685"
},
"mandatory": true,
"parent_product_visibility": false,
"sibling_product_visibility": false,
"name": "Access Point",
"display_name_plural": "Access Points",
"child_product_visibility": true,
"id": "100000000000002705",
"category": {
"name": "IT",
"description": "IT Assets and Components",
"id": "100000000000002681",
"display_name": "IT"
},
"inherits": {
"extension": {
"id": "100000000000002615"
},
"api_plural_name": "assets",
"name": "All Assets",
"id": "100000000000002691",
"display_name": "All Assets"
}
},
"last_asset_audit": null,
"discovered_serial_number": null,
"location": "Alaska",
"is_loaned": false,
"is_loanable": false,
"category": {
"name": "IT",
"description": "IT Assets and Components",
"id": "100000000000002681"
},
"user": null,
"last_success_audit": null,
"last_audit": null
}
}