Kaizen #2 - OAuth2.0 and Self Client #API

Hi everyone!

Welcome back to another week of Kaizen! 

In this post, we will shed some light on the OAuth2.0 protocol and how you can use Zoho's Self Client option to authenticate your application and generate the tokens.

What is OAuth2.0?

OAuth 2.0 is an industry standard protocol specification that enables third-party applications (clients) to gain delegated access to protected resources in Zoho via an API.

Why should we use OAuth2.0?

• Clients are not required to support password authentication or store user credentials.
  
• Clients gain delegated access, i.e., access only to resources authenticated by the user.
  
• Users can revoke client's delegated access anytime.
  
• OAuth access tokens expire after a set time. If the client faces a security breach, user data will be compromised only until the access token is valid.
  

To use the Zoho CRM APIs, you must authenticate the application to make API calls on your behalf with an access token.

The access token, in return, must be obtained from a grant token (authorization code).

Zoho CRM APIs use the authorization code grant type to provide access to protected resources.

In this type,

1. The web application redirects the user to the OAuth server.
   
2. The user sees the authorization prompt and approves the app's request as shown in the below image.
   
   
   
3. The user is redirected back to the application with an authorization code in the query string.
   
   
   
4. The application exchanges the authorization code for an access token.
   

As you can see, this involves user intervention while authorizing your application.

When should you use Self Client?

If your application is a stand-alone application that performs only back-end jobs like data-sync(without any manual intervention), you cannot use this authorization code flow. 

In the below example image, the data sync happens between Zoho CRM and your legacy Product Management system. So, it is perfect to use the Self Client option as it does not need an UI for this type of application. Using this flow, you can generate the grant token, access, and refresh tokens.

How to use Self Client?

1. Go to Zoho Developer Console and log in with your Zoho CRM username and password.

2. Choose Self Client from the list of client types.

3. Click Create on the Create New Client page and click OK in the pop up to enable a self client for your account.

4. Now, your client ID and secret is displayed under the Client Secret tab.

5. Click the Generate Code tab to generate the Grant token.

The grant token is a temporary token generated by the authorization server (Zoho CRM, here) to generate access and refresh tokens.

Before generating the grant token, you must decide the scope you need. Scope decide the level of access a client can have to a resource.
Refer to our list of scopes, for more details.

a. Click the Generate Code tab and enter the required scope separated by commas.

b. Select the Time Duration for which the grant token is valid. Please note that after this time, the grant token expires.

c. Enter a description and click Generate.

d. The generated code for the specified scope is displayed. Copy the grant token.

e. Please note that generating grant token is a one-time process, provided you generate the access and refresh tokens within the time the grant token is valid for.

6. Generate the Access and Refresh tokens using Postman or any REST client.

a. Open Postman.

b. Make a POST request with the following URL.

"{{accounts-domain}}/oauth/v2/token"

{{accounts-domain}} is the domain-specific URL in which you registered your client.

c. Pass the below keys and their values in the body of the request.

d. Hit Send. The access and refresh tokens are displayed in the response.

 e. The access token is valid for an hour from generation. 

 f. The refresh token does not expire. You can use this to refresh your access token when they expire.

Quick tip: Enter all the required keys and values in Postman before you generate the token. This way, you will only have to paste the grant token after its generation, thereby reducing the risk of its expiration before you generate the tokens.

7. Store the access and refresh tokens and use the access token when you make API calls.

​8. Write a script that will call the below token refresh URL before the time the access token expires.

"{{accounts-domain}}/oauth/v2/token?client_id={{client_id}}&client_secret={[client_secret}}&refresh_token={{generated_refresh_token}}&grant_type=refresh_token"

Other useful links:

API Documentation

List of Scopes

Bulk Read API to export data in bulk from CRM

Bulk Write API to import data from a database to CRM

We will meet you next week with another exciting topic!

Cheers!

• Topic Participants

• Shylaja S

  

• alexb

• Praveen Sankar

  

• Vyas

• martin wheeler

• Sticky Posts

• Kaizen #217 - Actions APIs : Tasks

  Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

• Kaizen #216 - Actions APIs : Email Notifications

  Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

  Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

• Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

  Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

• Recent Topics

• Change scheduling emails time

  When sending an individual email there is a great feature to schedule them to send later. I could only use the one time that is suggested. Is there a way to select another time? Regards, Glenn

• Zoho CRM: how can I control which contacts to sync with Outlook?

  I was just playing around syncing contacts from Zoho to MS Outlook (MS365 account.) The problem is our firm has hundreds of thousands of contacts and I don't want to bury my contacts list in outlook. Any help with this is greatly appreciated.

• How to overcome limitations in meetings

  As a company, one of our deliverables is a meeting between two other companies, where we act as facilitators. So, if we recorded this meeting  in Zoho CRM, it should be connected to 2 accounts, 2 contacts, and 1 campaign (a campaign, in our use, is the

• Add a 'Log a Call' link to three dot icon in Canvas

  Hi, There's a three dot element when creating a canvas called 'More'. I would like to modify this to add a link that says 'Log a Call' in order to quickly record the details of a cellphone call. I'd also like this to be a simple 'contact' selection and

• Syncing Zoho Forms with Bigin - Embedding issue?

  Hello everyone, I created a Zoho Form for a page on my GoDaddy website to collect leads, which then transfers the data to Bigin. However, I'm facing an issue where it doesn't seem to work properly. I've integrated Zoho Forms with Bigin and tried embedding

• Can not add fields to a Section

  I feel like I'm missing something obvious: I can add new Sections to my form but I can not add fields to the Sections. I've tried fields already on the form as well as dragging and dropping new fields into the Section but nothing will go into it. What

• Record Logged in User while using CRM lookup field

  Is it possible, while using the Zoho CRM lookup field, to automatically use the user account logged into Zoho CRM in a hidden field? I was hoping to add employee accounts to my current plan. But would like a record on the Form submission of who submitted

• Form Rules for Suburb Categories to alternate landing pages or Making a Fields Contents ALL CAPS

  I need to send differentform submissions to two to three different thank-you URLs (for Meta/Google pixels) depending on which suburb a user selects in a form. I have ~400 suburbs split into two categories (A and B, based on business value). Current challenges:

• Collaps Notes

  There are times when long/large notes are added to a record i.e. Accounts or Deals etc. Currently, the full note is displayed in the notes related list section. It would be great if by default only 5 to 10 rows of the note are displayed when the note

• Zoho Down

  I have a drop in my Zoho One services.

• Runing RPA Agents on Headless Windows 11 Machines

  Has anyone tried this? Anything to be aware of regarding screen resolution?

• Problem for EU users connecting Zoho CRM through Google Ads for Enhanced conversions

  Has anyone else experienced this problem when trying to connect Zoho CRM through Google Ads interface to setup enhanced conversions? Did you guys get it fixed somehow? The Problem: The current Google Ads integration is hardcoded to use Zoho's US authentication

• Why am I getting event Pop-up Notification for events that have been cancelled?

  Why is Calendar Notification still popping up for events that have been cancelled or changed? Each time events are cancelled or changed, I have observed that I am still getting notifications for them. Below is a sample pop-up notification for one of the

• Create a draft in reply to an email via Emails API

  Hi, I’d like to use the outgoing webhook to automatically create a draft reply to incoming mail. How can I use the Emails API to create a draft reply that is linked to an existing email thread? I couldn’t find the relevant method in the documentation.

• India Tech Support

  Is there no phone tech support number for India? And no chat facility either?

• Billing Management: #1 Billing a Universal Business Routine

  Hello, As the saying goes, "Do the hardest job first." We started with the complex subject of finance and revenue management, which is considered the backbone of any business. Now, let's shift our focus and take a deep dive into this Billing Management,

• What is a a valid JavaScript Domain URI when creating a client-based application using the Zoho API console?

  No idea what this is. Can't see what it is explained anywhere.

• 5名限定 課題解決型ワークショップイベント Zoho ワークアウト開催のお知らせ (9/25)

  ユーザーの皆さま、こんにちは。Zoho ユーザーコミュニティチームの藤澤です。 9月開催のZoho ワークアウトについてお知らせします。 今回はZoomにて、オンライン開催します。 諸事情につき、今月の開催回は中止となりました。 次回は10/31（金）14時からの開催を予定しています。 ━━━━━━━━━━━━━━━━━━━━━━━━ Zoho ワークアウトとは？ Zoho ユーザー同士で交流しながら、サービスに関する疑問や不明点の解消を目的とした「Zoho ワークアウト」を開催します。 Zoho

• need a packing list feature

  In our business, goods listed on an invoice are packed in separate boxes and shipped off. for e.g. an invoice may have 10 items. each item could then be packed in different boxes depending on qty of each item. this packing list is as important as the invoice for purposes of shipping documents.  Request you to add this feature asap.

• Workdrive 5.0 / API Documentation Workflows

  Hi Zoho, When will the API documentation of the workflows be published? We are interested in using it to trigger manual workflows from an external application. Greetings, Justin

• How many ZOHO-Sites does the ZOHO-One Suite allow for?

  The free version of ZOHO-Sites allows for two sites, but it seems that the professional version (which is included in the ZOHO-One Suite) only allows for two websites. Is that correct? How many sites can I have within one ZOHO-One account?

• Webhook from Zobot to Zoho Flow fails

  I'm trying to connect from zobot to zoho flow. When testing in zflow, I am receiving all entered data from the connector correctly. The SalesIQ connector's "outputreaction" is {} (is this normal or is there a problem?). But as soon as I try my chat bot

• Transition from Sole Proprietorship to GmbH (Limited Liability Company) – Best Approach in Zoho Books / Zoho One

  Hello everyone, I am currently operating under a Zoho One plan with a sole proprietorship in Switzerland. As of January 1st, 2026, I will be incorporating a new legal entity – a GmbH (Swiss equivalent of a Limited Liability Company). While the business

• Issue Connecting My Domain to Zoho Sites Despite Purchasing It from Zoho

  Hello, I am facing an issue connecting my domain to my website on Zoho Sites. Details of the issue: I purchased the domain directly from Zoho. I am already using the same domain successfully with Zoho Mail. However, when I try to assign this domain to

• Insert auto number from main form into subform rows

  Hello. I'm trying to take from my main form "order number" which i have setup as an auto generated number into every line created in my subform. So when a row is created in my subform i want the "order number " from the main form to be inserted automatically.

• Dark Mode - Font Colors Don't Work

  When editing a document in Dark Mode and selecting font colors, they don't show up on screen.  Viewing/editing the same document in Light Mode shows them just fine.

• Integrate Bunq with ZOHO Bookes

  We are new users of ZOHO Books, and our bank (BUNQ, in the Netherlands) isn't listed on the bank integrations. Is there a way to handle this?

• Access Denied

  I am iOS Developer and updating our clients project and shifted ZohoDeskPortalCore SDKs from cocoapods to SPM and changed few lines of code but now i am get access denied, the help center app is unavailable. please contact administrator.

• Using Zoho Desk to support ISMS process

  Hi, I am evaluating using Zoho Desk for security incident management. This seems to be aligned with Zoho Desk purpose as its just another type of incident. However in security incident management, ideally I can link incidents (tickets) with a risk from

• TaxJar vs Avalara

  Hi, I'm evaluating adoption of a sales-tax service for US based business. Anyone else have experience with TaxJar and Zoho Books? I am a Zoho One subscriber so anticipate needing to use Flow to make this work. It seems like Avalara are simply too expensive

• How to check Leads with no Task (open activity)

  Hi everyone, I was wondering if there’s a way to view leads that don’t have any tasks assigned or open activities linked to them.

• What can we do on our end to improve the Answer bot answers?

  Hi, I'm using the Answer bot card in the Codeless bot builder. I've input several questions and their answers in the FAQ section to feed the Answer bot. The text is all in French, as this is the language our customers communicate in. I've tried testing

• How to upload file to Connect using API?

  Hi there. I looked at the API documentation and nowhere did it mention how to use the API method to upload a file even though it is mentioned that it is possible to be done so. Please help.

• Group Tax in Service Line Items

  Hi FSM Team! I noticed that when you update a tax in the service line item the group tax is not showing up as an option. Let me know what can be done thank you!

• FSM Improvement Idea - Show an Import button when there is no data

  I am setting up FSM for a client and I noticed that there is no option to import data, see screenshot below. Even when you click Create Contact there is only an option to Import from Zoho Invoice. It is only after you add at lease 1 record that the Import

• OAUTH_SCOPE_MISMATCH Error for Marketing Automation APIs with CRM Plus Account

  I'm trying to integrate Marketing Automation journey triggering via API but getting OAUTH_SCOPE_MISMATCH errors. I need clarification on API access for CRM Plus users.

• Access token generate from the refresh token not working for API

  Dear Sir/Madam, When I use my refresh token to obtain new access_token, that token return INVALID_TOKEN when the same API is called. I made sure that my api site is correct and match the auth web site. However the original access_token work fine.

• Function #4: Schedule Customer Statements

  Regularly sending statements to customers is an imperative part of many business processes as it helps foster strong customer relationships and provides timely guidance on payments. While you can generate the statement of accounts and have it sent over

• Limiting search or dependencies with an asterisk "*".

  I have a form with several dependency fields with options still developing for each field. Since these options were developing and not yet ready to be a selection in the field, I placed a filter for the dropdown field. In this filter, I selected fields

• Cross Data Center Support for 1:1 Chats with External Users

  Hello Zoho Cliq Team, We hope you're doing well. We appreciate the recent enhancement that enables cross data center collaboration in external channels, which has already improved communication across distributed teams. However, we’ve noticed that this

• Next Page