Kaizen 116 - Client Types in Zoho API Console

Hello everyone!

Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.

Let us discuss the available client types and how authorization is handled for each.

Available client types

1. Server-based
   
2. Client-based
   
3. Self client
   
4. Non-browser-based
   
5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.

This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.

In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.

During the registration process in Zoho API Console, you would choose the "Web-based" client type.

OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:

1. Users visit your website where you have the Login with Zoho button.
   
2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
   
3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
   
4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
   
5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
   
6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
   
7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
   
8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
   

Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.

You can use any of our server-side SDKs to simplify this process.

When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.

Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.

For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.

This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.

This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.

Here is a gist of what happens when a user clicks it.

1. Your app redirects the user to Zoho Accounts.
   
2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
   
3. The user is shown the data that your webpage would use.
   
4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
   
5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
   
6. Your app must then make API calls to Zoho with this access token to fetch data.
   
7. When the access token expires, your app must take care of regeneration and storage.
   

As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.

When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.

Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.

1. You register your app as self client in Zoho API Console.
   
2. You will get the client details such as ID and secret.
   
3. You provide the scopes required for your app to access CRM data.
   
4. You will receive the grant token.
   
5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
   
6. Your app can then use this access token to make API calls to Zoho CRM and use data.
   

You can refer to our older Kaizen post on this topic for more details.

Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.

Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.

Here is how authentication is handled:

1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
   
2. Users install a dedicated Zoho ShowTime application on their smart TVs.
   
3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
   
4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
   
5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
   
6. When the user enters the user code, Zoho Accounts sends the access token to your app.
   
7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
   

Here is the protocol flow. For more details, refer to this doc.

5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.

Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.

If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.

Cheers!

• Topic Participants

• Shylaja S

  

• Piyush Dwivedi

• Ishwarya SG

  

• Onur Gulay - Smile Center Turkey®

  

• Sunderjan Siddharth

  

• Sticky Posts

• Client Script | Update - Introducing Commands in Client Script!

  Have you ever wished you could trigger Client Script from contexts other than just the supported pages and events? Have you ever wanted to leverage the advantage of Client Script at your finger tip? Discover the power of Client Script - Commands! Commands

• Kaizen #165 : How to call Zoho CRM APIs using Client Script

  Welcome back to another exciting Client Script post! In this post, we will discuss one of the most frequently asked questions: How do you call Zoho CRM APIs from Client Scripts? In this kaizen post, 1. Ways to make calls to Zoho CRM APIs using Client

• Kaizen#162 : Add Tags and Open Pre-filled Email Drafts via Client Scripts

  Hello everyone! Welcome to another informative Kaizen post. In this post, let us see how to accomplish the following using Client Script. 1. How to auto-tag a record based on field update? 2. How to Open a pre-filled email draft This post will provide

• Extension Pointers - JS SDK series #4: Managing data from a widget using ZOHO.CRM.HTTP

  Handling and managing the data between two applications is a major factor for an efficient business. There are a variety of ways to handle data between Zoho CRM and other third-party applications. You can use deluge CRM tasks, create connectors, use API

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Recent Topics

• Sum Total of various fields in child module and add value to parent module field

  Hi! Having trouble with a custom function, im trying to calculate the total of all the rent and sqm fields of our offices in Products module and have them transfer to the parent module Location. The API names are as below: Child module Products = "Products"

• View Expenses in Zoho Books Without Approval or Reports in Zoho Expense

  Hello, I’m using both Zoho Books and Zoho Expense (on the free plan for both). I would like to view the expenses recorded in Zoho Expense within Zoho Books, but I read that they need to be approved first. Since I manage a small freelance business, I don’t

• One notebook is on my Android phone app, but not on Web or PC app.

  This problem started in stages. At first my phone was occasionally failing to sync. Then I noticed two things added to my Phone App. One was an existing notebook had a new cover, and the other was a new Note Card with an odd text in it. These were only

• Customers not receiving emails

  So, a little backstory, we have been using Zoho Forms for the past eight years. And when we initially started, we would have email notifications be sent from inside Zoho Forms after a submission. We recently started using Zoho CRM as we wanted a better

• Ajust quantities in another form based on subform, on form submission

  Hello, I have an Order form with a LineItems subform. The LineItems subform has many lookups that import data from various other forms. I want to deduct the quantity offered in one of those other form, called Offer. In another application I used the following

• Workdrive connection in Zoho CRM not working

  Hi, in https://crm.zoho.com.au/crm/orgXXXXXX/settings/connections i have set up the connection for WorkDrive which is pretty much setting up the name and the scopes. But I get "WorkDrive API test response: {"errors":[{"id":"F7003","title":"Invalid OAuth

• Best Way to Update Subscriber Preferences for an Existing List?

  We currently have a mailing list of over 43,000 contacts in Zoho Campaigns, and we’re looking to segment our list based on subscriber content preferences—things like Free Webinars, Local Training, Store Specials, and New Product Announcements. We’d like

• How can I capture the Cliq channel name from Deluge Script?

  I am working on a chat automation with a third party tool called Make.com. Using a webhook I am relaying information from the Bot I have created in Zoho Cliq to Make.com Webhook. I am using the Mention Handler of the bot in Cliq to relay information like

• What's New in Zoho Inventory | January - March 2025

  Hello users, We are back with exciting new enhancements in Zoho Inventory to make managing your inventory smoother than ever! Check out the latest features for the first quarter of 2025. Watch out for this space for even more updates. Email Insights for

• Learning how to customize templates via code and best practices

  Hi! Our developers team want to learn how to edit our template files safely. The last time we messed with these files our site went down for a day and we had to reconfigure it from scratch. What are the best practices to do this? How can we get a template

• Inquiry: Integrating In-house Chatbot with Zoho Desk for Live Agent Support

  Hi Team, We are exploring the possibility of integrating our existing in-house chatbot with Zoho Desk to provide seamless escalation to live agents. Our requirement is as follows: within our chatbot interface, we want to offer users a "Talk to Agent"

• You are forced to store/manage custom functions redundantly | Any solutions?

  Hello there, you are forced to store code (custom functions) redundantly if you want to use the same functionality in multiple departments. I don't understand that you can't define global functions. When I make a change to a function I may have to do

• Integrating Zoho CRM with Quickbooks Enterprise?

  Does anyone have any experience of integrating Zoho CRM with Quickbooks Enterprise?  The Zoho pages refer to the Quickbooks Premier edition, and I wanted to know if the same works with the Quickbooks Enterprise version.

• in Desk - Why can't I find where to enable multi-branding?

  I'm looking at the knowledge base article & it says to go to settings / general / rebranding / multi-branding. But there's no multi-branding there!

• Edit a previous reconciliation

  I realized that during my March bank reconciliation, I chose the wrong check to reconcile (they were for the same amount on the same date, I just chose the wrong check to reconcile). So now, the incorrect check is showing as un-reconciled. Is there any way I can edit a previous reconciliation (this is 7 months ago) so I can adjust the check that was reconciled? The amounts are exactly the same and it won't change my ending balance.

• How to undo a reconciliation?

  I need to update the "Expense Account" field on a bunch of expenses that I've already reconciled.  However, the system will not allow this field the be changed since it is reconciled.  I haven't found a way to remove the reconciliation status for the

• Edit Reconciled Transactions

  I realize transaction amounts and certain accounts cannot be edited easily once reconciled, but when I audit my operational transactions quarterly and at the end of the year sometimes I need to change the expense account for a few transactions. To do

• Zoho support Can not send invitation email to portal user

  I try to use Zoho support but have a problem. I don't know why. - When a customer sign up at the portal user they don't receive the invitation email. - When I go to contact manu, choose 1 user and click invite --> they don't receive the invitation email.

• Quick Create needs Client Script support

  As per the title. We need client scripts to apply at a Quick Create level. We enforce logic on the form to ensure data quality, automate field values, etc. However, all this is lost when a user attempts a "Quick Create". It is disappointing because, from

• remove()function to remove characters

  Hi there, I'm trying to use the remove function to remove characters from a variable. I have a Lead source that comes in as [Google] or [Facebook] etc. in Flow I need te to remove the square bracket. Tried a function that looks something like this: string

• CRM HAS BEEN SOOO SLOW For Days 05/15/25

  I have fantastic Wifi speed and have zero issues with other websites, apps, or programs. It takes an excruciatingly amount of time to simply load a record, open an email, compose an email, draft a new template, etc. Am I in a subset/region of subscribers

• Sharing files without download option

  Hi Team     We want to share folders and subfolder which has files(doc, .PPT , excel and PDF) in zoho Docs. When we share the directory to a member in the organization or external to the organization There are able to download. How do we prevent users from download. Regards Krishna V.K

• Audio/video quality issues with Zoho Meeting – Any roadmap for improvement?

  Hi Zoho Team, We’ve been using Zoho Meeting for both internal and external meetings, and unfortunately, the experience has been consistently poor. The video and audio quality are so unreliable that it often renders meetings ineffective—especially with

• Automatic Display the Price from CPQ

  Is it possible to display the discounted price from CPQ that I created for my customer? For example, when the customer selects Product A, instead of showing the default price, it should display the discounted CPQ price.

• Basic Lookup Field Update Function

  Hi! So I have no idea what I'm doing in Deluge but I need to get a custom function to run On Create or Edit that sets the value of a Lookup Field based on the contents of another field. Seems simple enough, but I have looked through dozens of other similar

• Introducing Zoho CRM for Everyone: A reimagined UI, next-gen Ask Zia, timeline view, and more

  Hello Everyone, Your customers may not directly observe your processes or tools, but they can perceive the gaps, missed hand-offs, and frustration that negatively impact their experience. While it is possible to achieve a great customer experience by

• How do I fix this? Unable to send message; Reason:554 5.1.8 Email Outgoing Blocked.

  How do I fix this? Unable to send message; Reason:554 5.1.8 Email Outgoing Blocked.

• Weekly Tips: Schedule Your Emails with Zoho Mail

  As a business, it is recommended to consider the best time to send an email, taking into account the recipient's time-zone or their work hours to have your email on top of their inbox. Sending an email when your recipient is most likely to check their

• Data Source Request : More Zoho Marketing Automation and Zoho Pagesense

  I'm currently trying to replicate the reports shown in ZMA for stats over time for individual forms. The reports exist only in ZMA, but I want to use in wider company presentations and can't find the relevant data in Analytics : Example I also note that

• 　【Zoho CRM】サブフォーム内にあとから追加した数式項目を一括して計算させる方法

  皆様のお知恵を拝借いたしたくご相談させてください。 【状況】 任意のタブにすでにサブフォームが設定されており、そのサブフォームを含め、既に数千件のデータが存在している。 【実施したいこと】 新たに数式項目をそのサブフォームに追加して、入力済データのレコードも含めて、その数式項目の計算結果を反映させたい。項目の更新で数式項目をサブフォームに追加しただけでは計算されません。 【わかっていること】 任意のタブのサブフォーム外にあとから数式項目を追加した場合、数式項目を追加しただけでは当然数式項目の計算結果は反映されませんが、以下の方法を実施すると数式項目が計算されます。

• Zoho Mail - support email

  Hi I sent an email to support more than 48 hours ago and still have not heard back! What's up? How long am I supposed to wait for a replay? Thanks

• ME SALE ESTE ERROR: No fue posible enviar el mensaje;Motivo:554 5.1.8 Email Outgoing Blocked

  Ayuda!! Me sale este error al intentar enviar mensajes desde mi correo electronico de Zoho! Tampoco recibo correos pues cuando me envia rebotan. Ayuda, Me urge enviar unos correo importantes!! Quedo atenta MAGDA HERNANDEZ +5731120888408

• Syntax for <criteria> field in zoho.crm.searchRecords() function when the value to check against is a variable?

  I want to search for records in the Tasks module whereby the value of a field (called field1) matches the value stored in a variable in the Deluge script (called variable1). From the sample code in https://www.zoho.com/deluge/help/crm/search-records.html,

• 554 5.1.8 Email Outgoing Blocked.

  Hi guys, I just singed up for mateusz.nowicki@zoho.com mail and I can't send any mails.. Why? Everytime I try to send something I got error like the one in the screenshot. Please, help me.

• Why hybrid project management might be the best fit for you?

  Project management techniques are designed to equip teams with proven methods for easy and efficient project execution. While management teams may have apprehensions about adopting the hybrid method of project management, we’ve compiled the top reasons

• Associating Multiple Work Orders with a Single Invoice in Zoho FSM

  Hello Everyone, Is it possible to associate multiple Work Orders with a single Invoice in Zoho FSM? Best Regards, Subhash Kumar

• Page - Gauge - Target Values

  Is there a way to make the Target and Maximum values say a formula or query?  For example, total sales for the month = 109 and I want to make my gauge today's percentage.

• Introducing Rollup summary in Zoho CRM

  ------------------------------------------Moderated on 5th July'23---------------------------------------------- Rollup summary is now available for all organizations in all the DCs. Hello All, We hope you're well! We're here with an exciting update that

• Add Desk Account comments using Flow

  The triggers and actions for Zoho Desk available in Flow are quite extensive, but I don't see anything related to Account-level Comments. There are actions to add comments to Tickets, Contacts, Tasks, and Topics, but nothing for Accounts. Am I missing

• Multiple Organizations w/Books

  Does Zoho One allow for more than 1 organization in Zoho Books? I see my default company says "Zoho One Enterprise"next to it but another company says "Trial". We have one company, but multiple lines of business that we keep separate for various financial

• Next Page