Kaizen #191: Implementing "Login with Zoho" using Python SDK

      

Welcome back to another week of Kaizen!!

This week, we are diving into how to implement secure user authentication using Login with Zoho and integrate it with Zoho CRM through our Python SDK.

To ground this in a real-world scenario, we will look at how Zylker Academy, a training institute offering web design and development courses, uses an internal portal that connects directly to Zoho CRM. This setup allows course coordinators to manage student data without maintaining a separate backend database.

Zylker receives frequent student enquiries and uses Zoho CRM to manage all related information. Every course coordinator, academic advisor, and support staff member who needs access to student information is added as a user in Zoho CRM, with access permissions aligned to their role. Instead of using Zoho’s interface directly, Zylker’s team works through a custom internal web portal, tailored to their workflow. This portal connects directly to Zoho CRM, reading from and writing to it, but does not have its own database.

But before this portal can access any CRM data, it must authenticate itself securely. Every time a user opens the portal, they must log in with their Zoho account. Once authenticated, they will be granted access to the CRM modules and records they are authorized to work with. That is where Login with Zoho comes in.

What is "Login with Zoho"?

Login with Zoho is Zoho’s implementation of the OAuth 2.0 Authorization Code flow. It allows applications to authenticate users and access their Zoho CRM data without ever handling their passwords.

Instead of asking users for their Zoho credentials directly, the app redirects them to Zoho’s login screen. Here is how it works:

1. The app redirects the user to Zoho’s login page.
2. The user logs in and approves the requested permissions (scopes).
3. Zoho sends back an authorization code.
4. The backend exchanges this code for access and refresh tokens.
5. These tokens are used to make authenticated API calls.

This flow ensures that users maintain full control over their data. They can revoke access at any time, and your application never handles or stores passwords. 

In Zylker’s case, every time a coordinator opens the portal, they are prompted to log in with their Zoho account. Once authenticated, they can immediately begin working with student records—all backed by Zoho CRM.

Use Case Implementation: Zylker’s Student Management Portal

To demonstrate how this login flow works, we have built a stripped-down version of Zylker's portal:

• A front-end form to enter and view student data
• A backend server that interacts with Zoho CRM via the Zoho CRM Python SDK

The application includes a simple form for capturing student details—name, college, course, email, and phone number. Submitted data is treated as a Lead in Zoho CRM.

The app allows users to:

• Add new leads
• View a list of all registered leads
• Edit an existing lead’s information
• Delete records if necessary

All actions go straight to Zoho CRM using its Python SDK. But before any of this can happen, the user must complete the login flow.

Sample Project Structure

Before going into the implementation details, let us briefly define the components of the project.

Frontend

The frontend is a simple static web interface built with HTML, CSS, and JavaScript. It runs in the browser and handles user interactions and triggers backend API calls. These are the main files:

• index.html : Main UI for login, data entry, and record viewing.
• script.js : Contains the client-side logic to trigger login, submit data, and render records.
• redirect.html :  A minimal page used to capture the authorization code returned by Zoho after login.

The frontend is served using any static server (e.g., Live Server in VS Code) and runs on http://localhost:5501/ in our example. 

Download the files from here.

Configuration Notes:

• In script.js, update the redirect_url value in the login request to match your actual domain or port if you’re not using localhost:5501.
• Ensure the URL in the Zoho API Console matches this redirect URI and port.

Backend

The backend is a Python server that handles all interactions with Zoho CRM via the Python SDK. It includes:

• server.py : A custom HTTP server that:
• Generates the Zoho login URL
• Exchanges the authorization code for tokens
• Initializes the SDK
• Exposes endpoints like /create, /get_records, /update, and /delete
• record.py : Contains functions to create, fetch, update, and delete records in CRM modules like Leads. Each function uses the Zoho Python SDK methods to perform a specific operation.

This server runs on http://127.0.0.1:8085/ in our example. 

Download the files from here.

Configuration Notes:

• In server.py, replace the client_id with your actual client ID from Zoho's API Console.
• In record.py, replace the client_secret with your actual client secret.
• If required, change the front-end server’s host and port in the run() function at the bottom of server.py:
  def run(server_class=HTTPServer, handler_class=SDKInitialize, port=xxxx):

Sample project flow

      

Step 1: Register the application with Zoho API console

To initiate the login process, you need to register your application on the Zoho API Console. This is a one-time setup that provides your app with a Client ID and Client Secret, both of which are required to authenticate users and exchange authorization codes for tokens.

To register your application:

• Go to https://api-console.zoho.com
• Click Add Client
• Choose Server-based Applications
• Enter:
• Client Name: Zylker Academy
  
• Homepage URL: Use http://127.0.0.1:5501/index.html for local testing. In production, you must use a live HTTPS URL.
• Redirect URI: For instance, use http://127.0.0.1:5501/redirect.html for local testing. This is the endpoint to which Zoho redirects you and sends the authorization code after login. 
• Save the generated Client ID and Client Secret

We will be using these values in the backend script (server.py)  that handles token exchange.

NOTE: To support users from multiple data centres, make sure to enable multi-DC support for your application. You can do this by going to your app’s settings in the Zoho API Console and turning on the Multi-DC option.

Step 2: Implementing the login flow

Here is a walkthrough of the flow implemented in the project:

1. Page loads and triggers login

When a user opens the portal, the frontend automatically initiates the login sequence. It first makes a call to the backend to retrieve the Zoho authorization URL. 

In index.html, this triggers getRecords() on page load:

1. <body onload="getRecords();">

In script.js, getRecords() calls the login() function:

1. async function getRecords() {
2.     login();
3. }

The login() function sends a request to the backend to get the Zoho OAuth authorization URL.

2. Backend builds login URL

The backend responds with an OAuth URL that includes:

• Your client ID
• Scopes like ZohoCRM.modules.ALL
• The redirect URI

In server.py, under do_GET, the /login endpoint generates the OAuth URL:

1.    if parsed_url.path == '/login':
2.             redirect_url = query_params.get('redirect_url', [''])[0]
3.             scope = "ZohoCRM.settings.fields.ALL,ZohoCRM.modules.ALL,ZohoCRM.users.READ,ZohoCRM.org.READ"
4.             url = "https://accounts.zoho.com/oauth/v2/auth?scope=" + scope + "&client_id=" + self.client_id + \
5.                   "&redirect_uri=" + redirect_url + "&response_type=code&access_type=offline"
6.             self._set_headers()
7.             # Send response
8.             response = {"url": url, "redirect_url": redirect_url}
9.  self.wfile.write(json.dumps(response).encode('utf-8'))
   

Once the frontend (script.js) receives the login URL, it opens it in a popup window.

1. const response = await fetch('http://127.0.0.1:8085/login?redirect_url=http://127.0.0.1:5501/redirect.html');
2. const data = await response.json();
3. const popup = openCenteredPopup(data.url, "PopupWindow", 600, 400);
   

Here's an example of the Zoho OAuth authorization URL format:

      https://accounts.zoho.com/oauth/v2/auth?

      scope=ZohoCRM.modules.ALL&

      client_id=YOUR_CLIENT_ID&

      response_type=code&

      access_type=offline&

      redirect_uri=YOUR_REDIRECT_URI

3. User logs in on Zoho

The user logs in with their Zoho credentials and is prompted to approve the app's access. Once they approve, Zoho redirects them to the specified redirect URI along with an authorization code and location parameter. The location parameter indicates which data centre the user belongs to.

4. Frontend captures the authorization code

The redirect page, a minimal HTML file (redirect.html),  reads the URL parameters and stores them in localStorage, then closes the popup:

1. function setAccessToken() {
2.     var hashProps = getPropertiesFromURL();
3.     if (hashProps) {
4.         for (var key in hashProps) {
5.             if (hashProps.hasOwnProperty(key)) {
6.                 localStorage.setItem(key, hashProps[key]);
7.             }
8.         }
9.     }
10.     setTimeout(function () { window.close(); }, 0);
11. }
    

5. Token exchange and SDK initialization

Once the popup window is closed, the main window retrieves the authorization code and location and sends them to the backend’s /initialize endpoint.

In script.js:

1. var code = localStorage.getItem("code");
2. var location = localStorage.getItem("location");
3. initialize(code, location, data.redirect_url);
4. .
5. .
6. async function initialize(code, location, redirect_url) {
7.     const response = await fetch('http://127.0.0.1:8085/initialize?code=' + code + '&location=' + location + '&redirect_url=' + redirect_url);
8. }
   

In server.py, the /initialize endpoint handles SDK initialization:

1. elif parsed_url.path == '/initialize':
2.     code = query_params.get('code', [''])[0]
3.     location = query_params.get('location', [''])[0]
4.     redirect_url = query_params.get('redirect_url', [''])[0]
5.     LeadsRecords().init(self.client_id, code, location, redirect_url)
   

In record.py, the SDK is initialized and tokens are stored.

1. token = OAuthToken(client_id=client_id,
2.                    client_secret=client_secret,
3.                    grant_token=code,
4.                    redirect_url=redirect_url)
5. Initializer.initialize(environment=environment,
6.                        token=token,
7.                        logger=logger,
8.                        store=store)  # FilePersistence or custom store
   

This exchanges the authorization code for:

• An access token (valid for one hour)
• A refresh token (used to get new access tokens)

These tokens are saved in a local file (sdk_tokens.json). This is configured using Zoho’s FilePersistence class during SDK initialization 

How are tokens linked to users?

The SDK maps each access and refresh token pair to a unique user-organization combination. This means tokens generated for different organizations by the same user are stored separately. Likewise, if a user generates new tokens for the same organization, the SDK updates the existing tokens instead of creating duplicates. This ensures that API calls always use the correct tokens tied to the authenticated user and their organization. 

To enable this mapping, the SDK retrieves the user and organization information in the background. This requires the appropriate scopes to be included during authentication, ZohoCRM.users.READ and ZohoCRM.org.READ. Without these scopes, the SDK cannot identify the user-org combination correctly, which can lead to multiple token entries for the same user. That is why, in our sample project, we have included these scopes explicitly in the server.py file during the SDK initialization.

Once the SDK is initialized, the user is logged in, and the app can begin making CRM API calls on their behalf.

Step 3: Accessing Zoho CRM

Once the user is authenticated and the Zoho SDK is initialized on the backend, the frontend can call custom backend endpoints like /create or /get_records. These endpoints use the authenticated SDK instance to make CRM API calls on behalf of the user.

• GET /get_records?module=Leads : View all students
• POST /create?module=Leads : Add new student
• PUT /update?module=Leads&id=... : Edit existing entry
• DELETE /delete?module=Leads&id=... : Remove existing entry
  

Deploying the sample project

To run this application, you will need two components:

1. A frontend server to serve your HTML files (index.html, script.js, redirect.html). This can be done using any static web server (e.g., Live Server in VS Code).
2. A Python backend server that handles login, token storage, and CRM API communication. You can run it using:
   python server.py

In the given example, both servers communicate over localhost. You should set your redirect URI accordingly when registering your app in the Zoho console.

Conclusion

Login with Zoho is a secure, OAuth-based mechanism that allows users to authorize your application to access their Zoho CRM data. In this example, we built a real-world use case, a student portal for Zylker Academy, that authenticates users and interacts with CRM directly using the Zoho CRM Python SDK.

By walking through the entire flow, you now understand:

• Why OAuth is essential for secure CRM access
• How to register an application in Zoho
• What the login and token exchange flow looks like
• How to implement "Login with Zoho" in your applications

What is next?

In this project, we have used a simple file persistence method to store the token files. But in a real world scenario, this may not always meet your business requirements. In next week's Kaizen, we will implement custom token persistence instead of file persistence in the current project. We will explain how to implement this using SQLite, In-Memory and List DBs. With that, you will be equipped to implement a persistence method that fits your application architecture and deployment environment.

We hope that you found this useful. If you have any queries, let us know the comments below, or send an email to support@zohocrm.com. As always, we would love to hear from you!!

Stay tuned for next week's Kaizen : Implementing Custom Token Persistence 

             Previous Kaizen: Kaizen #190 - Queries in Custom Related Lists |  Kaizen Directory                                  

Download Links:

• Frontend Project Files 
  
• Backend Server Files             

Further Reading:

• Configuration and Initialization of Zoho CRM Python SDK (V7) for different client types
  
• Zoho CRM Scala SDK (V6) - Configuration and Initialization
  
• Zoho CRM SDKs                                                                                                                                                    

• Topic Participants

• Anu Abraham

  

• Ashley

• Sticky Posts

• Kaizen #222 - Client Script Support for Notes Related List

  Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore how

• Kaizen #217 - Actions APIs : Tasks

  Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

• Kaizen #216 - Actions APIs : Email Notifications

  Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

  Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

• Recent Topics

• Maintain knowledge base integrity by moderating article comments

  Hello everyone, A knowledge base provides a self-service platform where customers can refer to articles, user manuals, and other resources to learn about the company's products or services and troubleshoot problems. Often, readers leave a comment on the

• Making another calendar your default calendar

  I am trying to make another calendar my default calendar when I add events to it. It keep going to a single calendar, I need it to go to my google calendar by default, as this is linked to other services / websites. I cannot find an option to make it

• Option to Delete Chats in IM

  Currently, there is no option to delete any chats in IM, regardless of their source.

• Referencing a cell from another sheet

  My workbook has multiple sheets. Each sheet has some calcluated totals in certain cells. The front master sheet has a list of everything that is detailed on the other sheets, with the totals. These could change at any time, so the totals need to be references to the other cell's value, not a fixed number. So on the master sheet, I put in =, then go the other sheet and choose the cell and hit Enter. In regular Excel, this works. But in the Zoho sheet, it doesn't work. I have to edit the result by

• Group mail for external email addresses

  Hello, I was just wondering if the Group mail feature works with external email addresses - e.g. gmail.com or a completely different domain? it seems only internal addresses (hosted with Zoho) receive the mail. Thanks, Oliver

• Dont have backup option in setting

  Hi guys. I started using zoho book a week ago. I bought premium package yet I don't have backup option in setting. I hope anyone can help me find a solution. Thanks in advance

• The email address you have entered belongs to a different deployment/region.

  Hi, I am trying to create the user - mprust@crombiecomputers.co.uk but keep getting the message below -  The email address you have entered belongs to a different deployment/region. Please contact support@zohoaccounts.com for assistance. Look forward

• Use Zoho Flow Credits for CRM ‘Actions by Zoho Flow’

  Hello Team, We would like to submit a feature request regarding credit usage for “Actions by Zoho Flow” in Zoho CRM. Use Case: We are Zoho One users and actively use Zoho Flow, where our organization has 52,000 Flow tasks per month. In Zoho CRM, we use

• Unusual activity detected from this IP. Please try again after some time.

  Hello Zoho admin and IT team We are a registered website in Eloctronic services and we been trying to add our users to the zoho system but this issue faced us ,, hope you unlocked us please.

• Alert if a field is ticked.

  Hi There, We have two modules named Opportunities (Deals) and End Users (CustomModule1), as per the image below. Within Opportunities, we have a lookup field that looks up from the End Users Module. We are looking to get an alert either via email or another

• Zoho CRM Analytics - Allow To Reorder Dashboards

  I would like to suggest that you add the ability to reorder dashboards in the Analytics Module. I can see that this has been requested some time ago, the latest 9 years ago. I am not sure if this is a big or small endeavor, but such a small fix can go

• Sending a Template to Sign

  hi, trying to send a template to be signed using this as a test: $accessToken = "1000.xxx" $templateId = "1234" $uri = "https://sign.zoho.eu/api/v1/templates/$templateId/createdocument" $payload = @{ templates = @( @{ template_id = $templateId request_name

• Adding Choices in a Sub-Form Dropdown

  Hi, Has anybody tried Adding Choices to a Dropdown in a Zoho Creator Sub-Form programmatically? My Deluge code adds rows to a subform with 2 fields A and B. A - text field. B - dropdown. My Deluge script adds the row and displays A successfully. For the

• Zoho CRM Email Templates 100% Width No Background How?

  Hi, On the Zoho CRM Email Templates in setup > customization > templates > new templates > I choose blank template, but still it puts in a gray background and a max width for the email. I just want to make an email that looks like an email I would send from gmail that has no background or max width. How do you do this? 

• Checking client unsubscribe details

  Hi team, Can you please let me know where we can check if a client has unsubscribed, along with the date and time it was done? If this information is not available at our end, please help confirm the unsubscribe date for the below email ID from the backend:

• Optimum CRM setup for new B2B business

  Can some advise the most common way to setup Zoho CRM to handle sales for a B2B company? Specifically in how to handle inbound/outbound emails. I have spent hours researching online and can't seem to find an accepted approach, or even a tutorial. I have

• Integration with...

  Dear Zoho Commerce team, Please could you consider the integration within Zoho Commerce / Inventory and Qapla'? (https://www.qapla.it/en/) This app is better than Aftership in many ways: - Aftership integration require PRO plan and price start from more

• Scan and Fill CRM Lookup Field

  Not sure if there is a reason why this isn't possible or if I'm just missing it. But I would like to be able to use the scan and fill feature on the mobile app to prefill the CRM lookup field and fetch the rest of the data in the form.

• Customer Management: #2 Organize Customers to Enhance Efficiency

  When Ankit started his digital services firm, things felt simple. A client would call, ask for a website or a one-time consultation, Ankit would send an invoice, get paid, and move on. "Just one client, one invoice. Easy.", he thought. Fast forward a

• Zoho Mail and Zoho Flow integration to automatically create ToDo tasks from outbound emails

  How do i setup Zoho Mail and Zoho Flow integration to automatically create ToDo tasks from outbound emails

• Attachments between Zoho and Clickup, using Flow.

  Olá suporte Flow, tudo bem ? Estamos usando o flow para integrar Zoho Desk com o clickup. Não localizamos a opção de integrar anexos entre do zoho Desk para o clickup. Gostaríamos de saber se migrando para o plano pago, teremos suporte para fazer a integração

• Adding an Account on Zoho Mail Trigger in Zoho Flow

  I'm trying to create a flow using the zoho mail trigger "Email Receive". My problem is that when I select this trigger, it only shows one account from the account dropdown. I'm planning to assign it on a different email. How can I add other email ad

• Linnworks

  Unless I am missing something, the Linnworks integration is very basic and limited. I have reached out to support but the first response was completely useless and trying to get a reply in a timely manner is very difficult. Surely I should be able to

• Test data won't load

  I am using a Flow to receive orders from WooCommerce and add them to a Zoho Creator app. I recently received an order which failed, and when attempting to test the order I found that it just shows a loading animation and shows up in the history as "queued."

• AddHour resets the time to 00:00:00 before adding the hour.

  Based on the documentation here: https://www.zoho.com/deluge/help/functions/datetime/addhour.html Here's my custom function: string ConvertDateFormat(string inputDate) { // Extract only the date-time part (before the timezone) dateTimePart = inputDate.subString(0,19);

• WhatsApp Link is not integrating

  Hello, I am using zoho flow. when new row added in google sheet it sends email to respected person. In email body I have a text "Share via WhatsApp". behind this text I putted a link. But when the recipient receives email and wants to share my given info

• Zoho flow - Webhook

  If I choose an app as a trigger in Zoho Flow, is it still possible to add a webhook later in the same flow?

• Zoho Flow + Bigin + Shopify

  We are testing Zoho Flow for the first time and want to create a flow based in first purchases. When a client makes his first order, we're going to add the "primeiracompra" (first order) tag to his account in Shopify (it's not efficient, but that's the

• Adding multiple Attendee email addresses when adding a Zoho Calendar event in Zoho Flow

  I am trying to integrate Notion and Zoho Calendar via Zoho Flow. However, the Attendee email address supported by Zoho Calendar - Create event only supports one email address, so I am having difficulty implementing automation to automatically register

• Is it The Flow? Or is it me?

  I want to do some basic level stuff, take two fields from a webhook, create a zsheet from a template using one field with date appended, create a folder using both fields as the name, and put the zsheet into that folder. I was going to elaborate - but

• Having problem with data transferring from Google sheet to ZMA

  When connecting Google sheet with Zoho marketing automation it is having the email as a mandatory field. Can I change it as non-mandatory field or is there any other way to trasnfer data from google sheet to ZMA. I have leads which we get from whatsapp,

• Dropbox to Workdrive synchronisation

  I want to get all the files and folders from Dropbox to Workdrive and each time a new file or folder is added in dropbox i want it to be available in Workdrive and wise versa. Sync Updates to Files Trigger: "File updated" (Dropbox). Action: "Upload file"

• Microsoft Planner Task to Service Desk Plus Request - error n4001

  Hi there. I'm trying to create a flow that will create a new request in ServiceDesk Plus when a new task is created in Microsoft Planner. I have succesfully connected both Planner and ServiceDesk Plus, and have configured the 'create request' section

• Trailing Space in "Date and time scheduled "

  I am trying to use the Zoho Projects - Create event action in a flow. It is failing with the output error as: "Action did not execute successfully due to an unknown error. Contact support for more details." The input is: { "Duration - Minutes": 30, "Project":

• Project name by deal name; project creation via flow

  Hello, I want to create a project in zoho projects using flow by a trigger at the crm. My trigger is the update of a deal (stage). The project name should be the account name/ deal name. But I dont find the solution to it. Can you please give me the answer

• Slack / Zoho Flow; Repl

  I am trying to add a comment in a zoho ticket when someone reply's to a message in a thread. The Message posted to public channel trigger doesn't seem to pick up thread messages. I also cannot use the thread_ts field as it doesn't seem to pull that in.

• Get Holiday ready with Zoho Mail's Templates

  As the holiday season approaches, it’s time to step away from work and unwind. You may not be able to respond to every email or send individual messages to wish everyone holidays greetings—but It is still important to stay connected. How do you send thoughtful

• Customize folder permissions in a Team Folder in a Team Folder via zoho Flow

  HI All, on the nth level folder of a team folder I would like to Customize folder permissions when it's created in the flow of Creating folders. That last level I only want to grant access to a specific group, goup ID 201XXXXXXXX. Can you help with a

• Associating a Candidate to a Job Listing

  Hello, I am trying to use Zoho Forms embedded on my website for candidates to apply for a job opening. I want the form then to tie directly with zoho recruit and have the candidate be automatically inputed into Recruit as well as associated with the specific

• Automate reminder emails for events

  Hi team, I am trying to automate send event reminders via zoho campaign to my attendees 1 day prior to my scheduled events. I used zoho flow, autoresponder in zoho campaign, as well as I used workflow and automation - but none of these methods are working.

• Next Page