Kaizen #116 - Client Types in Zoho API Console

Hello everyone!

Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.

Let us discuss the available client types and how authorization is handled for each.

Available client types

1. Server-based
   
2. Client-based
   
3. Self client
   
4. Non-browser-based
   
5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.

This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.

In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.

During the registration process in Zoho API Console, you would choose the "Web-based" client type.

OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:

1. Users visit your website where you have the Login with Zoho button.
   
2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
   
3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
   
4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
   
5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
   
6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
   
7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
   
8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
   

Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.

You can use any of our server-side SDKs to simplify this process.

When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.

Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.

For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.

This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.

This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.

Here is a gist of what happens when a user clicks it.

1. Your app redirects the user to Zoho Accounts.
   
2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
   
3. The user is shown the data that your webpage would use.
   
4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
   
5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
   
6. Your app must then make API calls to Zoho with this access token to fetch data.
   
7. When the access token expires, your app must take care of regeneration and storage.
   

As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.

When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.

Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.

1. You register your app as self client in Zoho API Console.
   
2. You will get the client details such as ID and secret.
   
3. You provide the scopes required for your app to access CRM data.
   
4. You will receive the grant token.
   
5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
   
6. Your app can then use this access token to make API calls to Zoho CRM and use data.
   

You can refer to our older Kaizen post on this topic for more details.

Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.

Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.

Here is how authentication is handled:

1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
   
2. Users install a dedicated Zoho ShowTime application on their smart TVs.
   
3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
   
4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
   
5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
   
6. When the user enters the user code, Zoho Accounts sends the access token to your app.
   
7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
   

Here is the protocol flow. For more details, refer to this doc.

5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.

Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.

If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.

Cheers!

• Topic Participants

• Shylaja S

  

• Piyush Dwivedi

• Ishwarya SG

  

• Onur Gulay - Smile Center Turkey®

  

• Sunderjan Siddharth

  

• Sticky Posts

• Kaizen #216 - Actions APIs : Email Notifications

  Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

  Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

• Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

  Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

• Kaizen #197: Frequently Asked Questions on GraphQL APIs

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Recent Topics

• Add co-hosts in meetings, manage webinar registration and other enhancements

  Hello all, This month's updates allow you to add co-hosts while scheduling meetings. You can also control your webinar registrations better by allowing or blocking registrations from the domain or country of your choice. Read on to learn more. Meeting

• A new UI for distraction-free engagement in online meetings and webinars that scale up for 3000 attendees

  Hello all, We're excited to share our new, refined UI for online meetings.  Here's how the new UI will improve your experience during online meetings: We've re-designed Zoho Meeting's online meeting UI to enable users to fully engage in conversations

• I Can't Clone Webinar that I Co-Organize

  How do i get our account admin to give me permission to clone our webinars? I am a co-organizer

• Latest updates in Zoho Meeting | Calendar view, Zia integration with OpenAI, edit the recurring pattern in a recurring meeting, device error notifications revamp, and more.

  Hello everyone, We’re glad to share a few updates and enhancements in Zoho Meeting, including the Calendar view, being able to edit the recurring pattern in a recurring meeting, revamped device error notifications, and other enhancements that you’ll find

• New enhancements in the latest version of the Zoho Meeting Android mobile app.

  Hello all, In the latest version of Zoho meeting Android mobile app (v2.2.6), we have brought in support for the below enhancements. Close account: Now users will be able to close their Zoho account directly from the app. Unmute toast message: If a user

• Share material, Lock Meeting and revamped feedback UI in the latest version of the Meeting iOS app.

  Hello all, In the latest version of the Zoho Meeting iOS mobile app (v1.6), we have brought in the below enhancements. Share material in meeting: We have introduced share material during meeting that allows participants to view supported materials such

• Latest updates in Zoho Meeting | New chat feature between an organizer and co-organizer in webinars, recording consent for webinar co-organizers and attendees in the Android app, and more.

  Hello everyone, We’re excited to share a few updates for Zoho Meeting. Here's what we've been working on lately: A new chat feature between an organizer and co-organizer in webinars, recording consent for webinar co-organizers and attendees in the Android

• Latest updates in Zoho Meeting | A new Files tab to manage all your PDFs, PPTs, Video files and recordings, live transcription , ability to lock settings and adaptive echo cancellation.

  Hello everyone, We’re excited to share a few updates for Zoho Meeting. Here's what we've been working on lately: A new Files tab to manage all your PDFs, PPTs, Video files and recordings, live transcription during sessions, ability to lock settings and

• Latest updates in Zoho Meeting | Meeting Rooms , Pin video feeds and customize from and reply-to email addresses

  Hello everyone, We’re excited to share a few updates for Zoho Meeting. Here's what we've been working on lately: Introducing Zoho Meeting Rooms, an immersive solution for teams to connect over virtual meetings in video conference rooms. You can also pin

• Latest updates in Zoho Meeting | New top bar video layout, a revamp of our in-session settings and now import webinar registrations with a CSV file

  Hello everyone, We’re excited to share a few updates for Zoho Meeting. Here's are some of them : We have moved audio, video, virtual background and preferences under a single settings pop-up for better user navigation. You can now upload a CSV file containing

• Important update: Changes in email sender policies

  Hello, This is to announce important changes to email sender policies from Google that may impact your use of Zoho Meeting. Restriction on public domains Effective February 1, 2024, Google is implementing policies that will affect the configuration of

• Camera access

  My picture doesn't appear in a group discussion. (The audio is fine.) The guide says "Click the lock icon on address bar," but I can't find it. Advise, please

• Chat for webinar session, schedule meeting session for 24 hours - Zoho Meeting iOS app update

  Hello, everyone! In the most recent iOS version of the Zoho Meeting app, we have introduced the chat functionality for the webinar session. To access this feature, the Organizer should have the 'Public chat' option enabled on the Zoho Meeting desktop

• Invoice Copy 2005116990189

  Please provide the invoice for the trancaction 2005116990189

• Darshan Hiranandani About

  Hi, I’m Darshan Hiranandani, a dedicated software developer with a strong passion for creating efficient and user-friendly applications. With a degree in Computer Science and several years of experience in the tech industry, I specialize in full-stack

• Latest update in Zoho Meeting | On-demand webinars

  Hello everyone, We’re excited to introduce our new on-demand webinar feature, you can now provide pre-recorded sessions that your audience can access immediately, no need to wait for scheduled sessions. Benefits of On-demand webinars : Scheduling flexibility

• Zoho Meeting iOS app update - Join breakout rooms, access polls, paste links and join sessions, in session host controls

  Hello, everyone! In the latest iOS version(v1.7) of the Zoho Meeting app, we have brought in support for the following features: Polls in meeting session Join Breakout rooms Paste link in join meeting screen Foreign time zone in the meeting details screen.

• Zoho Meeting app update.

  Hello, everyone! In the latest Android (v2.3.7) and iOS (v1.7.1) versions of the Zoho Meeting app, we have brought in support for the following features: Report Abuse option. WorkDrive integration. Report Abuse option You can now report to us any deceptive

• Zoho Meeting Android app update - v2.4.0

  Hello everyone! We are excited to announce that we have brought in support for the following features in the latest version of the Zoho Meeting Android app(v2.4.0): 1. Start Personal Meeting Rooms 2. Revamp of the schedule meeting screen and meeting details

• Introducing Zoho Desk integration and a few minor enhancements

  Zoho Desk Integration We've now introduced an integration between Zoho Meeting and Zoho Desk to efficiently manage meeting-related customer inquiries. With this integration, you can track, respond to, and resolve meeting-related tickets directly from

• Zoho Meeting iOS app update: Hearing aid, bluetooth car audio and AirPlay audio support.

  Hello everyone! We are excited to announce the below new features in the latest iOS update(v1.7.4) of the Zoho Meeting app: 1. Hearing aid support: Hearing aid support has been integrated into the application. 2. Bluetooth car Audio, AirPlay audio support:

• Zoho Meeting Android app update: Breakout rooms, noise cancellation

  Hello everyone! In the latest version(v2.6.1) of the Zoho Meeting app update, we have brought in support for the following features: 1. Join Breakout rooms. 2. Noise cancellation Join Breakout rooms. Breakout Rooms are virtual rooms created within a meeting

• iOS 12 update: Introducing autofill passwords and Siri Shortcuts in Zoho Vault

  With this iOS 12 release, Zoho Vault users can now autofill usernames and passwords on Safari and other third-party apps. Users can enjoy a seamless login experience to their everyday apps without compromising security and also access passwords stored in Zoho vault with Siri Shortcuts by adding personalized phrases. How to enable autofill password on your iOS device? First, you need to update your device to iOS 12.  Apple recommends you to take a backup before you update your device to the latest

• Zoho Vault: A look at what's new for iOS, iPadOS, and macOS

  Hi everyone, At Zoho Vault, we constantly aim to improve your security experience. Based on both internal and external feedback, we have recently rolled out updates across our iOS, iPadOS, and support for macOS platforms. Introducing the desktop app for

• Biometric Access Support on Zoho Vault Desktop App

  Is there any plans to add biometric authentication (fingerprint, face recognition) for Vault desktop apps (Windows/macOS) to enhance security and ease of access. I would love to hear other members view on this

• Free webinar: Learn the benefits of migrating to Zoho Vault's new interface

  With remote work becoming more and more common across the globe, productivity and time management are now pivotal concerns for every organization. With the number of business applications employed by companies constantly increasing, a password manager like Zoho Vault saves a lot of productive hours for your team. Vault's new interface has been carefully designed to address these pressing needs, helping users increase their productivity while improving their overall online experience.  This July,

• Free Webinar: An exclusive live Q&A session with the Zoho Vault team

  As 2020 draws to an end, we're closing out a year that has seen drastic changes all around the world. Many businesses have adopted cloud solutions and a remote work culture for the first time, and this has given rise to newer cyber risks and threats that

• Why passwordless authentication should be your top security project for 2021

  Hello users! We know that nobody likes to remember passwords, yet they form an indispensable part of our lives. Many of us working with any kind of technology today manage numerous passwords for personal and business accounts. With the widespread adoption

• Free Webinar: See why Zoho Vault is the best alternative to LastPass

  When LastPass was acquired by LogMeIn in Oct 2015, we expressed our genuine concern about how this would change the LastPass business model and how customer trust would transfer from one company to another. As we suspected, LastPass doubled their pricing

• Managing cyber threats when working remotely | A Customer Survey Report

  The nearly universal adoption of remote work has changed the way businesses function. Globally, enterprises continue to work to find new ways to make life easier for employees working remotely. However, a commonly cited concern has been the lack of cybersecurity

• World Password Day: 5 interesting facts about passwords

  It's World Password Day: that time of the year when we talk about password hygiene and the importance of safe password management. World Password Day is observed on the first Thursday of every May, and this year, we'd like to talk about some of the most

• Free Webinar: Go passwordless in 2022 with Zoho Vault

  Passwords have long been the preferred authentication method, largely due to their universal appeal. While they're easy for people to use and implement, they're also convenient for hackers to exploit. Reports from 2021 state that weak and stolen passwords

• Myki has announced EOL for its services | Learn why Zoho Vault password manager is the best alternative

  Hello Myki users,   Myki has announced end-of-life for its Teams, MSP, and GUARD services, after being acquired by JumpCloud. In their recent announcement, Myki stated that they will be removing their apps and extensions from the respective stores, turning

• Join our exclusive meetup with Zoho's Real Estate community

  Hey there, The Zoho Vault team is conducting a meetup for all real-estate users from Zoho. During this session, we will be discussing the need for secure password management and how Vault can help you and your clients safely protect passwords and other

• Free webinar: A quick walkthrough of Zoho Vault and major updates in 2023

  Managing passwords is crucial for all businesses. You can securely store, share, and manage passwords effectively from anywhere with Zoho Vault. We have introduced several new features in 2023 to offer the best online experience for our users. Join our

• Free webinar: Why a password manager is a “must-have” for everyone in 2024

  In the past decade, we've witnessed numerous cybersecurity breaches globally, with a significant portion resulting from the "it won't happen to me" mindset. Shockingly, in 2023, 86% of breaches involved weak and stolen passwords. Password hygiene is crucial

• Zoho Vault - Webinars 2023 - Video Recordings and Slide Decks

  Hello, We wanted to offer a consolidated list of Zoho Vault webinar resources from 2023. Therefore, we're putting together a list that includes links to our webinar recordings and slide decks for easy access. Webinar Video recording Slide deck Getting

• Free webinar: ‌Focal point: Building a financial ecosystem with Zoho Vault and Zoho Workplace

  Hi everyone! Cyber threats against the financial sector are escalating. In the last two decades, nearly one-fifth of reported incidents targeted financial institutions, causing $12 billion in direct losses. Cybercriminals are becoming more sophisticated,

• New features in Zoho Vault

  We’re thrilled to introduce a wave of powerful updates in Zoho Vault, designed to enhance security, streamline workflows, and improve your overall experience. Let’s dive into what’s new! Folder creation restrictions Limit who can create folders in your

• Join our World Password and Passkey Day expert Q&A 2025

  Hey everyone! World Password and Passkey Day is almost here, and there's no better time to talk about something we all rely on daily—secure authentication. Did you know that a staggering 60% of hacking-related breaches are tied to weak or stolen passwords?

• Next Page