Authorizing OAuth CRMs
Cloud CRMs authenticate with OAuth rather than a pasted API key: you register Exovo as an app in the CRM, then click Authorize and log in once. Tokens are stored encrypted and refreshed automatically from then on.
The general shape
- Register an app in your CRM (a "connected app", "private app" or "OAuth client",
depending on the vendor). The one value every CRM asks for is the redirect/callback URL —
the CRM template page shows yours (
https://<your-fqdn>/api/crm/oauth/callback) ready to copy. - Enter the app's client ID and secret into the template fields on Admin → Integrations → CRM.
- Click Authorize. You're sent to the CRM's own login, grant access, and land back in the console with the status chip flipped to Authorized.
The Re-authorize button repeats step 3 whenever needed — after changing the CRM app's permissions, or if the CRM invalidates tokens (password resets and admin changes on some platforms).
Notes per provider family
- Salesforce — create a Connected App with OAuth enabled and API scope; users need API access in their profile.
- HubSpot — a private app with CRM scopes is the quickest route.
- Zoho / Kommo / Pipedrive / Zendesk / Dynamics — standard OAuth client registration in each platform's developer/admin console; grant contact read (and write, if you want journaling and contact creation) scopes.
Troubleshooting
- Bounced straight back with an error — the redirect URL registered in the CRM doesn't exactly match the one shown on the template page (scheme and host must match your FQDN).
- Authorized but lookups fail — the granted scopes are too narrow; check the test panel trace for a 401/403 and widen the app's scopes, then re-authorize.
- Works, then stops weeks later — the CRM revoked the refresh token (commonly after the authorizing user's password change). Re-authorize; consider a dedicated integration user.