Purpose
This guide explains how to generate the required OAuth credentials in the Zoho API Console for ManageEngine Endpoint Central Cloud, and how to use those credentials in Logsign USO to ingest console audit logs (Patch Management, Configurations, Inventory, Software Metering, and other module activity) for security analytics and forensic purposes.
Endpoint Central Cloud has no customer-side server to originate outbound syslog, so this API poller is the only supported way to bring its audit logs into Logsign USO. If you run Endpoint Central on-premises instead of Cloud, use syslog forwarding rather than this integration.
Prerequisites
The Zoho account you use to generate credentials must hold the Administrator role in the Endpoint Central console. The audit log API is restricted to administrators; a technician-level account will get authorization errors.
Step 1: Identify Your Console URL and Data Center
Note the address you use to log in to Endpoint Central Cloud, for example https://endpointcentral.manageengine.com. The domain suffix tells you which data center your tenant lives in, which determines both the console URL and the Zoho accounts server you will use in the next step.
| Data Center | Console URL | Zoho Accounts Server |
|---|---|---|
| United States | https://endpointcentral.manageengine.com | https://accounts.zoho.com |
| Europe | https://endpointcentral.manageengine.eu | https://accounts.zoho.eu |
| India | https://endpointcentral.manageengine.in | https://accounts.zoho.in |
| Australia | https://endpointcentral.manageengine.com.au | https://accounts.zoho.com.au |
| Japan | https://endpointcentral.manageengine.jp | https://accounts.zoho.jp |
| Canada | https://endpointcentral.manageengine.ca | https://accounts.zohocloud.ca |
| United Kingdom | https://endpointcentral.manageengine.uk | https://accounts.zoho.uk |
Step 2: Create a Self Client in the Zoho API Console
- Go to the Zoho API Console for your data center, for example
https://api-console.zoho.comfor a .com tenant. - Choose Self Client as the client type.
- Open the Client Secret tab and copy the Client ID and Client Secret.
Step 3: Generate a Refresh Token
- In the same Self Client, open the Generate Code tab.
- Enter the scope
DesktopCentralCloud.Common.READand a short validity window (10 minutes is enough), then click Create. Copy the resulting grant code; it is only valid for about 60 seconds. - Exchange the grant code for a refresh token right away:
curl -X POST "https://accounts.zoho.com/oauth/v2/token" \ -d "code=<GRANT_CODE>" \ -d "client_id=<CLIENT_ID>" \ -d "client_secret=<CLIENT_SECRET>" \ -d "grant_type=authorization_code"
Use the accounts server for your own data center from the table above instead of accounts.zoho.com if you are not on the US tenant. The response contains a refresh_token. This value does not expire on its own and is what Logsign will use to mint access tokens going forward, so store it securely alongside the Client ID and Client Secret.
If a request later returns 401 or 403 once the integration is running, the scope above may be too narrow for the modules you are polling. Recreate the Self Client with the broader scope DesktopCentralCloud.Common.READ,DesktopCentralCloud.SOM.READ,DesktopCentralCloud.Inventory.READ,DesktopCentralCloud.PatchMgmt.READ,DesktopCentralCloud.VulnerabilityMgmt.READ and generate a new refresh token.
Step 4: Configure the Integration in Logsign USO
After obtaining these credentials, log in to Logsign USO and add a new ManageEngine Endpoint Central data source. You will be asked for:
| Field | Value |
|---|---|
| API URL | Your console URL from Step 1, for example https://endpointcentral.manageengine.com |
| Accounts URL | Your Zoho accounts server from Step 1, for example https://accounts.zoho.com |
| Client ID | From Step 2 |
| Client Secret | From Step 2 |
| Refresh Token | From Step 3 |
| Event Module (optional) | Comma-separated list of modules to limit ingestion to, for example Patch Mgmt,Configurations. Leave empty to collect all modules |
Logsign exchanges the refresh token for a short-lived access token automatically and refreshes it as needed; you do not need to generate a new access token yourself after the initial setup.
Notes and Limits
- Access tokens obtained by the integration are valid for one hour. If polling ever stops and the source logs repeated authorization errors, the most common cause is that the stored refresh token was revoked or regenerated in the Zoho API Console; generate a fresh refresh token and update the data source.
- Endpoint Central Cloud allows a maximum of 30 API requests per 5-minute window per technician account. If you see rate-limit related failures, avoid running other integrations or scripts against the same technician account at the same time.
- Make sure the API URL you enter is your Endpoint Central console address, not
zohoapis.com. Theapi_domainvalue returned in Zoho's own OAuth responses is a generic Zoho field and is not the Endpoint Central API host.