Kaizen #116 - Client Types in Zoho API Console

Hello everyone!

Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.

Let us discuss the available client types and how authorization is handled for each.

Available client types

1. Server-based
   
2. Client-based
   
3. Self client
   
4. Non-browser-based
   
5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.

This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.

In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.

During the registration process in Zoho API Console, you would choose the "Web-based" client type.

OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:

1. Users visit your website where you have the Login with Zoho button.
   
2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
   
3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
   
4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
   
5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
   
6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
   
7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
   
8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
   

Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.

You can use any of our server-side SDKs to simplify this process.

When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.

Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.

For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.

This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.

This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.

Here is a gist of what happens when a user clicks it.

1. Your app redirects the user to Zoho Accounts.
   
2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
   
3. The user is shown the data that your webpage would use.
   
4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
   
5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
   
6. Your app must then make API calls to Zoho with this access token to fetch data.
   
7. When the access token expires, your app must take care of regeneration and storage.
   

As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.

When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.

Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.

1. You register your app as self client in Zoho API Console.
   
2. You will get the client details such as ID and secret.
   
3. You provide the scopes required for your app to access CRM data.
   
4. You will receive the grant token.
   
5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
   
6. Your app can then use this access token to make API calls to Zoho CRM and use data.
   

You can refer to our older Kaizen post on this topic for more details.

Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.

Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.

Here is how authentication is handled:

1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
   
2. Users install a dedicated Zoho ShowTime application on their smart TVs.
   
3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
   
4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
   
5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
   
6. When the user enters the user code, Zoho Accounts sends the access token to your app.
   
7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
   

Here is the protocol flow. For more details, refer to this doc.

5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.

Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.

If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.

Cheers!

• Topic Participants

• Shylaja S

  

• Piyush Dwivedi

• Ishwarya SG

  

• Onur Gulay - Smile Center Turkey®

  

• Sunderjan Siddharth

  

• Sticky Posts

• Kaizen #216 - Actions APIs : Email Notifications

  Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

  Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

• Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

  Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

• Kaizen #197: Frequently Asked Questions on GraphQL APIs

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Recent Topics

• How can we disable "My Requests"?

  We are not using this functionality in our system at all and our users get confused.

• PayPal payment received recording problem

  Hi, A little while back one of our customers used the PayPal payment option to pay an invoice For some reason though the payment is showing up twice within the Payments section of the invoice! Instead of setting the invoice value to ZERO, it now shows a negative value Anyone else face this problem? I've checked PayPal and there is only 1 payment in reality... A bug? Actonia ps: for anyone from Zoho Customer Service or tech team,  its Invoice 785 in our account

• server response: 451.4.7.1

  Good day.  Some email clients of our domain receive an error about sending and receiving letters. while for the rest everything works fine. access to the mail made by pop protocol. Bless the mistakes: "server response: 451.4.7.1 System error". 

• string(87) "{"code":"INVALID_TOKEN","details":{},"message":"invalid oauth token","status":"error"} " grtting this error

  Using access token i am trying to add sales orders through api but it is throwing errors like the above i have mentioned. Please help me for that

• How to mute chat notification sound by default in Zoho SalesIQ?

  We’ve recently embedded the Zoho SalesIQ chatbot on our website, and we’ve noticed that notification sounds sometimes play even when the visitor hasn’t interacted with the chat widget yet. We’re trying to understand two things: Why do these sounds occur

• Kanban View for Projects.

  At our organization, we describe active projects with various statuses like "In Proofing" or "Printing" or "Mailing". In the Projects view, one can set these project statuses by selecting from the appropriate drop-down. While this works, it's difficult to view and comprehend the progress of all of your projects relative to each other in a table. Creating a Kanban view for projects where I can move them from one status to another allows me to see where each project is in the order of our workflow.

• How to Hide Article Links in SalesIQ Answer Bot Responses

  I have published an article in SalesIQ, and the Answer Bot is fetching the data and responding correctly. However, it is also displaying the article link, which I don’t want. How can I remove the link so that only the message is shown?

• Add RECURRING option when adding email to calendar events

  When you add an email to a calendar event, there is no option to make that new calendar event into a recurring event.  It is counterproductive to make an event from your email to then have to go to your calendar, find the event, and make it recurring. 

• Free Plan mail accounts details

  In the zoho mail pricing there's a free plan that includes: FREE PLAN Up to 25 Users 5GB* /User, 25MB Attachment Limit Webmail access only. Single domain hosting. I need to make sure that I'm able to create multiple email accounts in the form of: name@domain.com

• LINE Auto Message Connect to Zoho

  When I integrated LINE into the CRM, I was prompted to disable “Chat,” “Auto Response,” and “Greeting Messages,” and to enable the webhook. However, since I have already set up some auto-reply features in LINE, including Rich Messages and greeting automation,

• Option to block bookings from specific email address or ip adresss in zoho booking

  Sometime few of our client keep booking irrelevant booking service just to resolve their queries and they keep booking it again and again whenever they have queries. Currently its disturbing our current communication process and hierarchy which we have

• Threaded conversations for emails sent via automation

  Hi Guys, I hope you are doing well. Don't you guys think we should have an option in a workflow to notify users either as a new email or the previous email thread. For example, if you have one deal in the process and there are 10 different stages during

• Create folder is fetch fails

  coming from zapier... zapier has a google drive task that searches for a specific folder in google drive, and if it fails to find the folder it will create a folder based on the search criteria, and contine along the singluar path of the flow. Trying

• Meetups de Usuarios de Zoho - Noviembre 2025

  ¡Hola, Comunidad! Durante el mes de noviembre celebraremos los Meetups de usuarios de Zoho, encuentros presenciales pensados para quienes queráis mejorar vuestras estrategias de lead nurturing y aprender a sacar el máximo partido a herramientas como Zoho

• Introducing 8 New Connectors in Zoho DataPrep!

  We’ve just made data management even easier - Zoho DataPrep now supports 8 new external connectors to help you build more robust, scalable ETL pipelines. Why it matters: ✅ Broader data access ✅ More automation, less manual work ✅ Smarter pipelines, better

• Sales Order, Invoice and Payment numbers

  Hi zoho friends, it is me again, the slow learner. I'm wondering if there is a way to have it so the Sales order, invoice and payment numbers are all the same? It would be easier for me if they were the same number so there is not so many reference numbers

• First day of trying FSM in the field.

  What we found. 1. with out a network connection we were unable to start a service call? 2. if you go to an appointment and then want to add an asset it does not seem possible. 3. disappointed not to be able to actually take a payment from within the app

• Zoho Desk app update: AI powered features

  Hello everyone! We’ve introduced various AI-powered services on the Zoho Desk app. Let's take a look at what's new. Generate Content: Generate Content uses AI to formulate responses based on the your query and provides a ready-to-use reply which can be

• How to Automate Email Sequence

  I'm having trouble trying to set up a workflow to automate an email sequence. Once a group of emails in a Task has been tagged by a certain tag, I want an instant email template to be sent. After 7 days with no response, another email template would be

• Turning off the new UI

  Tried the new 'enhanced' UI and actively dislike it. Anyone know how to revert back?

• Zoho Sprints Android v2.0.4 app update: Item reminders, archive Epics, Kanban projects, Epic progress

  Hello everyone! In the latest version(v2.0.4) of the Zoho Sprints Android app update, we have introduced various new features. Let's take a look at what's new! Item Reminder Stay organized and never miss an important date with the all-new Item Reminder

• Credit Management: #3 Setting Credit Limit for Customers

  Think about that one familiar customer of yours who always buys on credit. They usually pay on time, maybe a little late here and there, but not alarming. So, you are fine saying, "Sure, pay later." Then, one day, they place a significantly bigger order

• Adding Reports to Portals

  Is there a way to add Reports to portals so only the user can see report templates relevant to them?

• Update on the client portal URL for Guest users

  We’re updating the way Guest users access their Connect network. As part of this change, all client organization portals used by Guest users will now be accessible through a dedicated domain specific to each data center. The access URLs mentioned here

• Preserve Ticket Issue Mapping When Migrating from Jira to Zoho Projects

  Hello Zoho Projects Team, We hope you are doing well. We are currently exploring a full migration from Jira to Zoho Projects, and we identified a critical limitation during the migration process involving Zoho Desk integration. Current Situation: We use

• Unable to see Zoho contacts in Zoho app on ios

  Hi Support Team, I am a new user, I have created my account and installed zohomail app on iOS 16 which works. I was also able to import my Gmail contacts into Zoho Contacts, which I can see. The problem is that I can’t see these imported cobalts in Zohomail

• Task Due Date greater than 10 years.

  We use recurring tasks in Projects where every week, month, year etc Some of our projects are greater than 10 years and we are unable to set a new due date because the difference between start date and due date is greater than 10 years. As an example

• External User onboarding for zoho connect is not really intuitive.

  So the external user is sent an invite, which has a button that directs them to login to zoho to view the invite, but if they don't have a zoho account, they cannot access that invite, which seems kinda silly, as there is not real way on for them to create

• Hosting external websites on Zoho?

  How can I host my external website on zoho? Do we have that option? I am currently with hostinger and am looking to switch to zoho. Kindly help. Thanks.

• How to Add Time Formula Duration (hh:mm)

  Hi everyone — I’m trying to create a formula field in Zoho CRM that calculates the difference between a “Call Start Time” and “Call End Time” and displays the duration in HH:MM format (for example: 1:04 for one hour and four minutes). My current setup

• How can I calculate the physical stock available for sale?

  Hey Zoho Team,  I've tried to calculate the physical stock on hand in various ways - but always receive a mismatch between what's displayed in Zoho Inventory & analytics.  Can you please let me know how the physical stock available for sale is calculated?

• Set Custom Icon for Custom Modules in new Zoho CRM UI

• Marketing Tip #4: Build your email list early

  Email marketing has one of the highest returns on investment. Don’t wait until later; start collecting subscribers now. When you've got their attention, you can send them emails about offers, new product launches, seasonal greetings, and more. Try this

• Is anyone else having trouble saving a custom image in their email signature, or is it just me?

  When I try to save the image I get an error that says "Operation Failed" I opened a support ticket two weeks ago and received a response that it would be debugged, but it still isn’t working

• Unify Overlapping Functionalities Across Zoho Products

  Hi Zoho One Team, We would like to raise a concern about the current overlap of core functionalities across various Zoho applications. While Zoho offers a rich suite of tools, many applications include similar or identical features—such as shift management,

• Zoho Desk Domain mapping / Cloudflare CNAME not recognized

  Hello, my website is behind Cloudflare and SSL. From the Cloudflare control panel I added a CNAME record such as support.mydomain.com pointing to desk.cs.zohohost.com but I'm stuck with the message "Make sure you've mapped the CNAME entry..."

• Create an Eye-Catching Announcement Widget for Your Help Center

  Hello Everyone! In this week’s edition, let’s explore how to keep your customers updated with exciting news in the Help Center. See how ZylkerMobile wowed their customers by bringing updates right to their portal. ZylkerMobile, the renowned brand for

• I want to add my other zoho account in same pc

  why does zoho restrict me doing many things as i also want to add my second mail account bit its not allowing me to do that

• Search in Zoho Community Not Working

  I realize this is a bit of a meta topic, but the search for the various Zoho Communities appears to not be working. I'm under the impression that they run on some version of the Zoho Desk platform, so I'm posting this here.

• Capture Stripe’s Customer ID

  Does anyone know of a way to capture Stripe’s customer ID that is created when the form/payment is processed? I would like to have the customer ID stored in our CRM so we could utilize in some custom functions down the road.

• Next Page