Kaizen #164 : Client Credentials

Hello everyone,

Welcome back to Kaizen. 

In this post, we will discuss Client Credentials Flow and when it can be used.

What is Client Credentials Flow?

According to RFC6749, the official specification for the OAuth 2.0 authorization framework, 

"The client credentials (or other forms of client authentication) can be used as an authorization grant when the authorization scope is limited to the protected resources under the control of the client,or to protected resources previously arranged with the authorization server. Client credentials are used as an authorization grant typically when the client is acting on its own behalf (the client is also the resource owner) or is requesting access to protected resources based on an authorization previously arranged with the authorization server."

For Zoho CRM APIs, the credentials used are client id and client secret.

When can Client Credential Flow be used?

The client credentials flow is appropriate for machine-to-machine communications in which the application does not need to act on behalf of a specific user as the program can authenticate using just their own credentials to receive an access token. Here the credentials are client id and client secret.

Compared to the flow of creating access tokens in the self client flow, the client credentials flow can be used to perform one-time tasks like one-time data migration or testing Zoho CRM API calls, etc. We recommend using self client or server-based authorization for integration purposes. The main benefit of the client credentials flow is the simplicity in creating an access token, requiring only the client ID, client secret, OAuth scopes, and SOID.

If you are a first time user of Zoho CRMs, you can get started with Zoho CRM APIs by using the client credentials flow for authorization. Head over to Zoho CRM API Collection where a Client Credentials sample is added. Make sure that you have the required request parameters available in your environment for a smooth setup.

How to obtain access token in client credentials flow?

To obtain an access token using the client credentials flow, make an API call to the following endpoint

{accounts_url}/oauth/v2/token?client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials&scope={scope}&soid={org_id_or_portal_id}

Request Parameters

• grant_type: Enter the value as "client_credentials".
• client_id: Specify the client-id obtained from the connected app.
• client_secret: Specify client-secret obtained from the connected app.
• scope:  Enter the corresponding scope for the resource you want to access from the user's account. Multiple scopes can be given in comma separated format.
• soid: Enter this parameter in the format ZohoCRM.{zsoid} where zsoid is the unique ID of your org or portal. If your application has multiple orgs or portals, the token created is bound to this org or portal. For example: ZohoCRM.600xxx46

Response

If successful, the response will look something like this:

{     "access_token": "1000.b2caxxxxx3c6",     "scope": "ZohoCRM.org.ALL ZohoCRM.settings.ALL ZohoCRM.users.ALL ZohoCRM.templates.email.READ ZohoCRM.templates.inventory.READ ZohoCRM.modules.ALL",     "api_domain": "https://www.zohoapis.com",     "token_type": "Bearer",     "expires_in": 3600 }

Response Keys

• access_token: Access token to access ZohoCRM APIs.
• scope: The scope for the resource you want to access from the user's account that was provided in the parameters.
• api_domain: The domain for API requests, varies by environment (e.g., sandbox.zohoapis.{domain}).
• token_type: Type of token obtained. "Bearer" indicates this is an access token.
  
• expires_in: Time in seconds after which the access token expires.

This completes the authentication. Once your app receives the access token, send the token in your HTTP authorization header to Zoho CRM API with the value "Zoho-oauthtoken {access_token}" for each endpoint (for each request).

The response does not contain a refresh token. When an access token expires, make an API call to the same endpoint to get a new access token (if required).

We hope you found this post useful. We will meet you next week with another interesting topic!

If you have any questions, let us know in the comment section.

Cheers!

Previous Post: Kaizen #163 - Extension Widgets in Zoho CRM | Kaizen Collection: Directory | Help document link: Client Credentials

• Topic Participants

• Mable Mary M P

  

• Colin Small

• Sticky Posts

• Kaizen #216 - Actions APIs : Email Notifications

  Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

  Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

• Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

  Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

• Kaizen #197: Frequently Asked Questions on GraphQL APIs

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Recent Topics

• Send Zoho Forms Link using Zoho CRM Email Templates

  I have set up Zoho Forms and CRM integration to pre-populate data from Zoho CRM to Zoho Forms. The setup is working fine. I have also created an email template in the Zoho CRM deals module to send Zoho forms links. So when I send an email using that template

• Introducing parent-child ticketing in Zoho Desk [Early access]

  Hello Zoho Desk users! We have introduced the parent-child ticketing system to help customer service teams ensure efficient resolution of issues involving multiple, related tickets. You can now combine repetitive and interconnected tickets into parent-child

• Creator HTML page refresh

  Hi, I have added around 5 different html snippets in single creator page. I understand, I can refresh the entire page from page script using Navigational URLs https://help.zoho.com/portal/en/kb/creator/developer-guide/others/url-patterns/articles/navigational-urls

• Duplicating report but custom layout does not

  Dear Zoho Creator, I need to duplicate a report into 10 copies, but unfortunately the custom layout (detail view) doesn’t copy along with it. I tried exporting and importing the custom layout, but the field mappings are incorrect. I believe everyone are

• Download a file from within a zoho creator widget

  I have a widget running in Zoho Creator , it displays uploaded documents in a table file, and I have added a download link in the view. ( The widget is created with html, css and javascript). I do not succeed in getting the download working. Do I have

• Correlated subqueries not supported in Zoho Analytics. This creates huge limitations

  Running into a major limitation in Zoho Analytics: correlated subqueries simply don’t work, even in completely standard SQL patterns inside a JOIN. Example: LEFT JOIN "Bills" b ON d."Id" = b."Deal ID" AND EXISTS ( SELECT 1 FROM "Bill

• Zoho / Outlook Calendar sync

  The current Marketplace -> Microsoft -> Meetings integration needs 2 changes. 1. The current language for the Two-Way sync option should be changed. It currently states, "Sync both your Zoho CRM Calendar and Office 365 Calendar meetings with each other."

• Text Message

  When trying to sent a text message, it says its an error i should contact a zoho agent

• Email content just contain 'OK' ,not what we expect

  create campaign API URL: https://campaigns.zoho.com/api/v1.1/createCampaign req params: {'campaignname': 'General_Outreach_d0cfc415-43aa-4b96-bb09-558e76a3dda3_50_20251117_214806_660', 'from_email': 'admin@allinmedia.ai', 'subject': 'ALL IN MEDIA', 'list_details':

• Introducing the all-new email parser!

  Greetings, We are pleased to introduce to you, a brand-new, upgraded version of the Zoho CRM Email Parser, which is packed with fresh features and has been completely redesigned to meet latest customers needs and their business requirements. On that note,

• Possible to connect Zoho CRM's Sandbox with Zoho Creator's Sandbox?

  We are making some big changes on our CRM so we are testing it out in CRM's Sandbox. We also have a Zoho Creator app that we need to test. Is it possible to connect Zoho CRM's Sandbox to Zoho Creator's Sandbox so that I can perform those tests?

• Reopen ticket

  Hello! Can I reopen a ticket just using the API ticket/sendReply ? What's the rules to do it? I'm trying but it doesn't reopen the ticket, it just send the reply

• 60 Days Into Zoho - Tiktok Branding Startup -7 Questions?!

  Wsp Everybody I co-own a TikTok Branding / Consulting Startup & have been using Zoho for the past 60 days - Am now looking to make our overall operations & processes more Efficient & Effective! Curious to know how others are using the platform & what's

• Allow Admins to Transfer Ownership of Their Own Files & Folders

  Hi Zoho WorkDrive Team, Hope you are doing well. We would like to request an important enhancement to the ownership-transfer functionality in Zoho WorkDrive, specifically regarding administrator capabilities. As administrators, we have the ability to

• Add Support for Authenticator App MFA in Zoho Desk Help Center

  Hello Zoho Desk Team, We hope you are doing well. We would like to request an enhancement related to security for the Zoho Desk Help Center (customer portal). Currently, the Help Center supports MFA for portal users via SAML, JWT, SMS authentication,

• Tip#46: Capture accurate log hours

  Hello everyone, Use the newly introduced timer settings that will streamline the usage of timers and help admins or workspace owners to manage the time entries of the workspace users better. Check out the below mentioned timer settings added to the Timesheet

• Moving to app-specific authentication for Google integrations

  Hello everyone, We’re making an important change to how Google integrations work in our platform. Until now, we used a common Google project across Zoho to enable integrations like Google Drive, Calendar, and more. Going forward, we’ll be moving to an

• Double opt-in notifications and customizable confirmation messages for your webforms

  Dear CRM Community, We are excited to announce a major upgrade to our Webforms feature. You can now customize the confirmation message shown to your users who double opt-in from your webform and also customize your confirmation emails when they submit

• Lost the ability to sort by ticket owner

  Hi all, in the last week or so, we have lost the ability to sort tickets by Ticket Owner. Unlike the other columns which we can hover over and click on to sort, Ticket Owner is no longer clickable. Is it just us, or are other customers seeing this too?

• Using a CRM Client Script Button to create a Books Invoice

  Hello, I need help handling error messages returned to my client script from a function. The scenario I have setup a client script button which is available from each Deal. This CS executes a crm function, which in turn creates an invoice based on the

• Zoho Desk - Custom Module Related List Columns on Tickets

  I have a custom module in Zoho Desk called Asana Tasks, each task has a lookup to a Ticket. On the Ticket I want to see the columns of the Asana Tasks in the related list . Is there a way to do this? Right now it just has the name of the record and I

• How to unlink a SAML user from the existing Zoho Desk user (domain change case)

  Hi everyone, I’m trying to understand how to handle a situation where a customer changes their company domain. In our setup, users authenticate via SAML, so when the domain changes, the SAML system treats them as a new user. However, in Zoho Desk, I’d

• Standalone custom function not generating logs

  Why dont't standalone custom functions generate logs when the're called from another function? I have some functions (workflow, buttons and blueprint) that have common parts, so I put that part in a standalone function which is called from the others.

• How Can i put a form in Zobot

  Hi,how can i integrate a form which has a multiple options to choose from.the form should be opened or displayed by zobot after it meets a requirement in the conversation. Thanks in advance !

• Has Anyone successfully integrated Zoho and Sage Intact?

  Hey all, We’re evaluating Zoho One + Sage Intacct and I’m trying to connect with anyone who has actually implemented the two together.Specifically, I’d love to know: -- Which functions you kept in Zoho vs. Intacct (e.g., Product Catalog, AR/AP, invoicing,

• Admin asked me for Backend Details when I wanted to verify my ZeptoMail Account

  Please provide the backend details where you will be adding the SMTP/API information of ZeptoMail Who knows what this means?

• Playback and Management Enhancements for Zoho Quartz Recordings

  Hello Zoho Team, We hope you're all doing well. We would like to submit a feature request related to Zoho Quartz, the tool used to record and share browser sessions with Zoho Support. 🎯 Current Functionality As of now, Zoho Quartz allows users to record

• Zoho Analytics - Feature Request For Time Based Data Source Fetch

  Hi Analytics Team, I have a client using Zoho CRM and they want a weekly report at 4:30pm every Friday, emailed to the sales team showing a pie chart of Closed Won Deals for that week. This is easy to achieve in Analytics but not so easy to ensure the

• Which user's capacity is used for Shared Mailbox storage?

  We use shared mailboxes at our company, and their size is increasing daily. Which user(s)'s total mailbox limit is being used up by this space?

• Migrate data from old to new account

  Hy, Have one Old Zoho Notebook Account with Data , want to migrate that whole Data to New Zoho Notebook Account which is in Zoho One . Is that possible ? If Yes then how?

• Campaign editor overrides href value

  I've been trying to insert a deep link in an email campaign so recipients can directly open a native app on their device. My deep link looks something like "myapp://". The options to insert links in the campaign editor are limited to strict urls, emails,

• Can't login IMAP suddenly

  Since this evening I'm getting the error: You are yet to enable IMAP for your account. Please contact your administrator... IMAP always been enabled in my account and was workign fine for the past 7 years. Already tried turning IMAP off and on again.

• Cannot see correct DNS config for mail after moving domain to another provider

  I have moved my domain from one provider to another and after that zoho mail stopped working (expected). Problem is, zoho mail admin panel still shows (10 hours after move) that all records are correct while I haven't changed anything in my domain DNS

• Sending email notifications based on language

  Hello. I would like to know how we can bypass the default notifications (which are just in English) for when a ticket is created/replied to/closed, to be in other languages, based on the language field in the ticket? I can create other email templates,

• how to add subform over sigma in the CRM

  my new module don't have any subform available any way to add this from sigma or from the crm

• Zoho CRM - Option to create Follow-Up Task

  When completing a Zoho CRM Task, it would be very helpful if there was an option to "Complete and Create Follow-Up Task" in the pop-up which appears. It could clone the task you are closing and then show it on the screen in edit mode, all the user would

• Bug Report and Suggestions for Improvement in Zoho Applications

  Hi Zoho Team, I’d like to report a few bugs and improvement suggestions I’ve noticed while using Zoho products: Zoho Cliq Video Call: The camera sometimes turns off automatically during video calls. This seems to be a bug — please check and fix it. Zoho

• Super Admin Logging in as another User

  How can a Super Admin login as another user. For example, I have a sales rep that is having issues with their Accounts and I want to view their Zoho Account with out having to do a GTM and sharing screens. Moderation Update (8th Aug 2025): We are working

• Canvas Flex Box containers should not require a width/height.

  Flexbox containers are often used as organizational concepts, to ease re-flow on mobile etc. - I cannot use % for flexbox W or H - I cannot omit W or H This means that the content cannot dictate, and a Flexbox container cannot be used merely as an organizational

• Zoho Desk Android app update: Filter enhancement, Save Filters

  Hello everyone! We have now enhanced the filter section on the ticket listing screen of Zoho Desk Android app as it is on the web(desk.zoho.com). Also, we have introduced an option to save filters for tickets on the mobile app. You can easily apply, rename,

• Next Page