Announcement: Upcoming changes to the permission grant flow for OAuth apps

This announcement is intended for app developers who use the Zoho API console.

We're going to implement an important update to the way users grant permission for the OAuth apps created through the API console.

What’s changing?

Currently, users can grant access to your app even if they do not have an account in any of the Zoho apps included in the requested OAuth scopes. Starting February 10, 2025, this will no longer be allowed when certain apps are included in the request. These apps include the below:

- Bigin	- PhoneBridge
- Campaigns	- QEngine
- CRM	- Recruit
- Desk	- Solution
- IOT	- ZeptoMail
- Marketing Automation

From the effective date, when scopes of any of the above apps are included in a request:

• Users must have an account in the specified Zoho apps requested by your OAuth app to grant access to the required permissions.
  
• If a user doesn't have an account in even one of the Zoho apps mentioned, they will be unable to grant permission.
  
• The "Accept/Reject" buttons will be replaced with the "Back to app" button. When users click this, "error=no_org" will be sent as response to your app's redirect URL.
  

Why this change?

This change is to make sure the users don't encounter any issues with the apps they've granted access to. If there is no resource to access, the app will not work properly even if the user has granted the necessary permission. This results in poor user-experience.

Also, when an OAuth app requests specific permissions, it indicates those scopes are essential for the app to function. If any scope is not relevant for the app, those permissions shouldn't be requested to the user.

Recommended actions for app developers

The existing refresh tokens generated for such cases will continue to work. But if the user revokes the permission, they won't be able to grant access to the app again (if they still don't have accounts in the required Zoho apps).

Hence, make sure to audit your apps to ensure they only request scopes that are essential. And, update your app to handle the scenario where authorization fails due to users not having required accounts.

If you have any questions or need support regarding this change, please reach out to us at support@zohoaccounts.com.

• Topic Participants

• Abdul Aleem

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• 554 5.1.8 Email Outgoing Blocked.

  Hi guys, I just singed up for mateusz.nowicki@zoho.com mail and I can't send any mails.. Why? Everytime I try to send something I got error like the one in the screenshot. Please, help me.

• Zoho IP blocked by SpamHaus

  ERROR CODE :550 - 5.7.0 Your server IP address is in the SpamHaus SBL-XBL database, bye

• File Upload in Creator's Subfrom

  Hello Sir/Madam, Here is a Problem......... Scenario: In CRM One Custom Module (Payments) have one File Upload Field now we have to Upload that File into Creator's Custom Form (Documents) have one Subform (Documents) in Document Upload Field using Deluge

• Trigger workflow base on email clic

  Searching the help and forum, I see that there were workflow trigger rules based on email. But now, I can't find this type of trigger when I create a custom workflow. What I'm looking for would be to automate the sending of an email for a new prospect,

• Bigin Form Acknowledgement

  How to troubleshoot and find out why form acknowledgement is not sending emails after form submission?

• Option to Customize Career Site URL Without “/jobs/Careers”

  Dear Zoho Recruit Team, I hope you are doing well. We would like to request an enhancement to the Career Site URL structure in Zoho Recruit. In the old version of the career site, our URL was simply: 👉 https://jobs.domain.com However, after moving to

• Zoho Mail POP & IMAP Server Details

  Hello all! We have been receiving a number of requests regarding the errors while configuring or using Zoho Mail account in POP/ IMAP clients. The server details vary based on your account type and the Datacenter in which your account is setup. Ensure

• Ever since the new Android App udpates notifications are not working

  notifications are not working for the app is its closed I followed the tutuorial to the notificaction fixed and everythig seems to be right but notifications are not workig

• Zoho Analytics & Zoho Desk - but not all desks

  I have several desks in our company and one of those is used by our HR department. I want to bring through the data to the shared Zoho Analytics workspace - except for the HR desk. Can this be excluded at data import stage ?

• Incoming Emails Not Showing Up in Zoho Inbox

  Hi - I have my Zoho email account set up to forward a copy of all incoming emails to a secondary Gmail address, whilst retaining the original email in the Zoho inbox. However, all my incoming emails are currently not showing up in my Zoho inbox, so I'm

• Unable to Create Zoho Booking via the Book Appointment API

  Its giving the below error {     "response": {         "errormessage": "Error setting value for the variable:customer_details\n null",         "status": "Error"     } } Request: POST Url: https://www.zohoapis.in/bookings/v1/json/appointment attached Zoho-oauthtoken

• SHEET - Send email when a cell changes

  I would like to create a custom function for Zoho Sheet that triggers when a paticular cell changes to a specific value. This would result in sending an email to a recipient (this would be an address that remains the same and included in the script). Example: = IF(N4= "Drafted", <>EmailFunction) 1)     Cell N4 changes to "Drafted" 2)    Email is sent to recipient            or alternatively 3)    Post to chat channel I have found the Custom function editor in Sheet. I am not bad at scripting, but

• 【開催報告】 福岡 ユーザー交流会 2025/8/8（金）

  皆さま、こんにちは。コミュニティチームの中野です。 8/8（金）に、福岡 ユーザー交流会を開催しました。 本投稿では、その様子をお届けします。当日の登壇資料などもこちらに共有しますので、参加できなかった皆さまもご参照ください。 今年初の開催となる福岡 ユーザー交流会では、CreativeStudio樂合同会社 前田さんによるZoho CRM / Sign / Survey の事例セッションのほか、 Zoho社員セッションでは、Zoho Forms の活用法を解説。 さらに、「見込み客・顧客データの管理/活用方法」をテーマに参加者同士でZoho

• no me llegan los correos a Zoho mail

  No puedo recibir correos pero sí enviarlos, ya hice la modificación de MX y la verificación de teléfonos, qué es lo que ocurre? gracias

• Error: Invalid login: 535 Authentication Failed

  I have used zoho with nodemailer. const transporter = nodemailer.createTransport({ host: 'smtp.zoho.com', port: 465, secure: true, auth: { user: 'example@example.com', pass: 'password' } }); While sending the mail, it shows the following error: Error:

• Zoho Renewal

  Hello, If I am not going for zoho email renewal. will i get back my free zoho account? and if yes then is it possible to get back my all free user. how many user get back 10 or 25?

• Not reciving emails

  Apparently i cannot recive emails on my adress contact@sportperformance.ro I can send, but do not recive. The mail i'm trying to send from mybother adress gets sent and doesn't bounce back... but still doesn't get in my inbox. Please advise

• Not receiving MailChimp verification e-mail

  It seems that their verification e-mails are blocked. I can receive their other e-mails, but not their verification of domain ownership e-mail. I've checked and double checked how I typed the e-mail, using different e-mails (my personal e-mail can receive it), white listing the domain and all that is left is for the IP's to be white listed, but I don't have that power.  If a staff member could take a look at this -> http://mailchimp.com/about/ips/ And perhaps white list them for me, that would be

• Creating my 2nd email account

  After creating my first email address, I decided to get another email address. I would like to use this new address as the primary address too. I don't know how to set it up there doesn't seem to be an option for that

• Cannot - create more email account - Unusual activity detected from this IP. Please try again after some time

  Hello, I come across the error message in Control Panel. Unusual activity detected from this IP. Please try again after some time and i cannot create any more users We are an IT company and we provide service for another company Please unlock us.

• "Unable to send message;Reason:553 Relaying disallowed. Invalid Domain"

  Good day. When I try to send mail through ZOHO mail I get the following error : "Unable to send message;Reason:553 Relaying disallowed. Invalid Domain" I need help with this. My zohomail is : @eclipseweb.site Thank you,

• Transfert de domaine pour création des comptes emails

  Bonjour , je ne parviens point à créer des mails avec le domaine 'raeses.org' suite à la souscription du domaine auprès d'un autre hébergeur, dont j'ai fait la demande du code de transfert qui est le suivant : J2[U8-l0]p8[ En somme, attente de l'activation

• Help! Unable to send message;Reason:554 5.1.8 Email Outgoing Blocked.

  Kindly help me resolved this issue that i am facing here.

• How are people handling estimates with Zoho inventory?

  We are often using Zoho Books for estimates that then get converted to invoices within Books. We would like the sales team to migrate entirely to Zoho Inventory and no longer need to use Zoho Books so that they are only on one system. How are people managing

• Relative Date Searches

  Currently in the search options, it has "date", "from date" and "to date". I think it would be great if there were options like "date greater than x days ago" and "date less than x days ago". I realise that as a once off you can just use the existing

• Performance is degrading

  We have used Mail and Cliq for about three years now. I used to use both on the browser. Both have, over the past 6 months, had a severe degradation in performance. I switched to desktop email, which appeared to improve things somewhat, although initial

• Ask the Experts 23: Customize, utilize, and personalize with Zoho Desk

  Hello everyone! It's time for the next round of Ask the Experts (ATE). This month is all about giving Zoho Desk a complete makeover and making it truly yours. Rebrand Zoho Desk with your organization’s details, customize ticket settings based on your

• Dear Zoho CEO: Business Growth is about how you prioritise!

  All of us in business know that when you get your priorities right, your business grows. Zoho CRM and Zoho Books are excellent products, but sadly, Zoho Inventory continues to lag behind. Just this morning, I received yet another one-sided email about

• Payroll In Canada

  Hi, When can we expect to have payroll in Canada with books 

• Please review and re-enable outgoing emails for my domain

  Hello Zoho Support, I have recently purchased a new domain and set up email hosting with Zoho. However, my account shows "Outgoing Email Blocked". I am a genuine user and not sending bulk/spam emails. Please review and re-enable outgoing emails for my

• Payroll without tax integrations (i.e. payroll for international)

  It seems as though Zoho waits to develop integrations with local tax authorities before offering Zoho Payroll to Zoho customers in a country. Please reconsider this approach. We are happy Zoho Books customers, but unhappy that we have to run payroll in

• goingout e mail block

  info@ozanrade.com.tr

• Incoming mails blocked

  Zoho User ID : 60005368884 My mail Id is marketing#axisformingtechnology.com .I am getting following message "Your Incoming has been blocked and the emails will not be fetched in your Zoho account and POP Accounts. Click here to get unblocked." Please

• Assistance Needed: Ticket Status Not Updating and Sorting by Last Customer Reply in Zoho Desk

  Hello, I’m facing two issues in Zoho Desk that I’d like your guidance on: Ticket Status Not Updating: When a customer replies to a ticket, the status does not change to Reopened. Instead, it remains in Waiting on Customer, even after the customer’s response

• Configuring Email Notifications with Tautulli for Plex

  Hi I'm new to Zoho. I am from Canada and I have a I use a web based application called Tautulli for Plex that monitors my Plex media server. It also sends a newsletter to my followers. To set this up they require a "From" email address., a smtp server

• Is there a way to automatically add Secondary Contacts (CCs) when creating a new ticket for specific customers?

  Some of our customers want multiple contacts to receive all notifications from our support team. Is there a way to automatically add secondary contacts to a ticket when our support team opens a new ticket and associates it with an account? This would

• How to Set Up Zoho Mail Without Cloudflare on My Website

  I'm having some trouble with Cloudflare here in Pakistan. I want to configure Zoho Mail for my domain, but I'm not sure how to set it up without going through Cloudflare. My website, https://getcrunchyrollapk.com/ , is currently using CF, but I'd like

• Spam is Being Forwarded

  I am filtering a certain sender directly to the Trash folder. Those messages are still being forwarded. Is this supposed to happen?

• IMAP Block

  My two accounts have been blocked and I am not able to unblocked them myself. Please respond to email, I am traveling and this is urgent.

• "DKIM not configured"

  Hello. I have been attempting get the DKIM verified but Toolkit keeps sending the message that it is not configured, but both Namecheap and Zoho show it as configured properly. What am I missing?

• Next Page