Kaizen #191: Implementing "Login with Zoho" using Python SDK

      

Welcome back to another week of Kaizen!!

This week, we are diving into how to implement secure user authentication using Login with Zoho and integrate it with Zoho CRM through our Python SDK.

To ground this in a real-world scenario, we will look at how Zylker Academy, a training institute offering web design and development courses, uses an internal portal that connects directly to Zoho CRM. This setup allows course coordinators to manage student data without maintaining a separate backend database.

Zylker receives frequent student enquiries and uses Zoho CRM to manage all related information. Every course coordinator, academic advisor, and support staff member who needs access to student information is added as a user in Zoho CRM, with access permissions aligned to their role. Instead of using Zoho’s interface directly, Zylker’s team works through a custom internal web portal, tailored to their workflow. This portal connects directly to Zoho CRM, reading from and writing to it, but does not have its own database.

But before this portal can access any CRM data, it must authenticate itself securely. Every time a user opens the portal, they must log in with their Zoho account. Once authenticated, they will be granted access to the CRM modules and records they are authorized to work with. That is where Login with Zoho comes in.

What is "Login with Zoho"?

Login with Zoho is Zoho’s implementation of the OAuth 2.0 Authorization Code flow. It allows applications to authenticate users and access their Zoho CRM data without ever handling their passwords.

Instead of asking users for their Zoho credentials directly, the app redirects them to Zoho’s login screen. Here is how it works:

1. The app redirects the user to Zoho’s login page.
2. The user logs in and approves the requested permissions (scopes).
3. Zoho sends back an authorization code.
4. The backend exchanges this code for access and refresh tokens.
5. These tokens are used to make authenticated API calls.

This flow ensures that users maintain full control over their data. They can revoke access at any time, and your application never handles or stores passwords. 

In Zylker’s case, every time a coordinator opens the portal, they are prompted to log in with their Zoho account. Once authenticated, they can immediately begin working with student records—all backed by Zoho CRM.

Use Case Implementation: Zylker’s Student Management Portal

To demonstrate how this login flow works, we have built a stripped-down version of Zylker's portal:

• A front-end form to enter and view student data
• A backend server that interacts with Zoho CRM via the Zoho CRM Python SDK

The application includes a simple form for capturing student details—name, college, course, email, and phone number. Submitted data is treated as a Lead in Zoho CRM.

The app allows users to:

• Add new leads
• View a list of all registered leads
• Edit an existing lead’s information
• Delete records if necessary

All actions go straight to Zoho CRM using its Python SDK. But before any of this can happen, the user must complete the login flow.

Sample Project Structure

Before going into the implementation details, let us briefly define the components of the project.

Frontend

The frontend is a simple static web interface built with HTML, CSS, and JavaScript. It runs in the browser and handles user interactions and triggers backend API calls. These are the main files:

• index.html : Main UI for login, data entry, and record viewing.
• script.js : Contains the client-side logic to trigger login, submit data, and render records.
• redirect.html :  A minimal page used to capture the authorization code returned by Zoho after login.

The frontend is served using any static server (e.g., Live Server in VS Code) and runs on http://localhost:5501/ in our example. 

Download the files from here.

Configuration Notes:

• In script.js, update the redirect_url value in the login request to match your actual domain or port if you’re not using localhost:5501.
• Ensure the URL in the Zoho API Console matches this redirect URI and port.

Backend

The backend is a Python server that handles all interactions with Zoho CRM via the Python SDK. It includes:

• server.py : A custom HTTP server that:
• Generates the Zoho login URL
• Exchanges the authorization code for tokens
• Initializes the SDK
• Exposes endpoints like /create, /get_records, /update, and /delete
• record.py : Contains functions to create, fetch, update, and delete records in CRM modules like Leads. Each function uses the Zoho Python SDK methods to perform a specific operation.

This server runs on http://127.0.0.1:8085/ in our example. 

Download the files from here.

Configuration Notes:

• In server.py, replace the client_id with your actual client ID from Zoho's API Console.
• In record.py, replace the client_secret with your actual client secret.
• If required, change the front-end server’s host and port in the run() function at the bottom of server.py:
  def run(server_class=HTTPServer, handler_class=SDKInitialize, port=xxxx):

Sample project flow

      

Step 1: Register the application with Zoho API console

To initiate the login process, you need to register your application on the Zoho API Console. This is a one-time setup that provides your app with a Client ID and Client Secret, both of which are required to authenticate users and exchange authorization codes for tokens.

To register your application:

• Go to https://api-console.zoho.com
• Click Add Client
• Choose Server-based Applications
• Enter:
• Client Name: Zylker Academy
  
• Homepage URL: Use http://127.0.0.1:5501/index.html for local testing. In production, you must use a live HTTPS URL.
• Redirect URI: For instance, use http://127.0.0.1:5501/redirect.html for local testing. This is the endpoint to which Zoho redirects you and sends the authorization code after login. 
• Save the generated Client ID and Client Secret

We will be using these values in the backend script (server.py)  that handles token exchange.

NOTE: To support users from multiple data centres, make sure to enable multi-DC support for your application. You can do this by going to your app’s settings in the Zoho API Console and turning on the Multi-DC option.

Step 2: Implementing the login flow

Here is a walkthrough of the flow implemented in the project:

1. Page loads and triggers login

When a user opens the portal, the frontend automatically initiates the login sequence. It first makes a call to the backend to retrieve the Zoho authorization URL. 

In index.html, this triggers getRecords() on page load:

1. <body onload="getRecords();">

In script.js, getRecords() calls the login() function:

1. async function getRecords() {
2.     login();
3. }

The login() function sends a request to the backend to get the Zoho OAuth authorization URL.

2. Backend builds login URL

The backend responds with an OAuth URL that includes:

• Your client ID
• Scopes like ZohoCRM.modules.ALL
• The redirect URI

In server.py, under do_GET, the /login endpoint generates the OAuth URL:

1.    if parsed_url.path == '/login':
2.             redirect_url = query_params.get('redirect_url', [''])[0]
3.             scope = "ZohoCRM.settings.fields.ALL,ZohoCRM.modules.ALL,ZohoCRM.users.READ,ZohoCRM.org.READ"
4.             url = "https://accounts.zoho.com/oauth/v2/auth?scope=" + scope + "&client_id=" + self.client_id + \
5.                   "&redirect_uri=" + redirect_url + "&response_type=code&access_type=offline"
6.             self._set_headers()
7.             # Send response
8.             response = {"url": url, "redirect_url": redirect_url}
9.  self.wfile.write(json.dumps(response).encode('utf-8'))
   

Once the frontend (script.js) receives the login URL, it opens it in a popup window.

1. const response = await fetch('http://127.0.0.1:8085/login?redirect_url=http://127.0.0.1:5501/redirect.html');
2. const data = await response.json();
3. const popup = openCenteredPopup(data.url, "PopupWindow", 600, 400);
   

Here's an example of the Zoho OAuth authorization URL format:

      https://accounts.zoho.com/oauth/v2/auth?

      scope=ZohoCRM.modules.ALL&

      client_id=YOUR_CLIENT_ID&

      response_type=code&

      access_type=offline&

      redirect_uri=YOUR_REDIRECT_URI

3. User logs in on Zoho

The user logs in with their Zoho credentials and is prompted to approve the app's access. Once they approve, Zoho redirects them to the specified redirect URI along with an authorization code and location parameter. The location parameter indicates which data centre the user belongs to.

4. Frontend captures the authorization code

The redirect page, a minimal HTML file (redirect.html),  reads the URL parameters and stores them in localStorage, then closes the popup:

1. function setAccessToken() {
2.     var hashProps = getPropertiesFromURL();
3.     if (hashProps) {
4.         for (var key in hashProps) {
5.             if (hashProps.hasOwnProperty(key)) {
6.                 localStorage.setItem(key, hashProps[key]);
7.             }
8.         }
9.     }
10.     setTimeout(function () { window.close(); }, 0);
11. }
    

5. Token exchange and SDK initialization

Once the popup window is closed, the main window retrieves the authorization code and location and sends them to the backend’s /initialize endpoint.

In script.js:

1. var code = localStorage.getItem("code");
2. var location = localStorage.getItem("location");
3. initialize(code, location, data.redirect_url);
4. .
5. .
6. async function initialize(code, location, redirect_url) {
7.     const response = await fetch('http://127.0.0.1:8085/initialize?code=' + code + '&location=' + location + '&redirect_url=' + redirect_url);
8. }
   

In server.py, the /initialize endpoint handles SDK initialization:

1. elif parsed_url.path == '/initialize':
2.     code = query_params.get('code', [''])[0]
3.     location = query_params.get('location', [''])[0]
4.     redirect_url = query_params.get('redirect_url', [''])[0]
5.     LeadsRecords().init(self.client_id, code, location, redirect_url)
   

In record.py, the SDK is initialized and tokens are stored.

1. token = OAuthToken(client_id=client_id,
2.                    client_secret=client_secret,
3.                    grant_token=code,
4.                    redirect_url=redirect_url)
5. Initializer.initialize(environment=environment,
6.                        token=token,
7.                        logger=logger,
8.                        store=store)  # FilePersistence or custom store
   

This exchanges the authorization code for:

• An access token (valid for one hour)
• A refresh token (used to get new access tokens)

These tokens are saved in a local file (sdk_tokens.json). This is configured using Zoho’s FilePersistence class during SDK initialization 

How are tokens linked to users?

The SDK maps each access and refresh token pair to a unique user-organization combination. This means tokens generated for different organizations by the same user are stored separately. Likewise, if a user generates new tokens for the same organization, the SDK updates the existing tokens instead of creating duplicates. This ensures that API calls always use the correct tokens tied to the authenticated user and their organization. 

To enable this mapping, the SDK retrieves the user and organization information in the background. This requires the appropriate scopes to be included during authentication, ZohoCRM.users.READ and ZohoCRM.org.READ. Without these scopes, the SDK cannot identify the user-org combination correctly, which can lead to multiple token entries for the same user. That is why, in our sample project, we have included these scopes explicitly in the server.py file during the SDK initialization.

Once the SDK is initialized, the user is logged in, and the app can begin making CRM API calls on their behalf.

Step 3: Accessing Zoho CRM

Once the user is authenticated and the Zoho SDK is initialized on the backend, the frontend can call custom backend endpoints like /create or /get_records. These endpoints use the authenticated SDK instance to make CRM API calls on behalf of the user.

• GET /get_records?module=Leads : View all students
• POST /create?module=Leads : Add new student
• PUT /update?module=Leads&id=... : Edit existing entry
• DELETE /delete?module=Leads&id=... : Remove existing entry
  

Deploying the sample project

To run this application, you will need two components:

1. A frontend server to serve your HTML files (index.html, script.js, redirect.html). This can be done using any static web server (e.g., Live Server in VS Code).
2. A Python backend server that handles login, token storage, and CRM API communication. You can run it using:
   python server.py

In the given example, both servers communicate over localhost. You should set your redirect URI accordingly when registering your app in the Zoho console.

Conclusion

Login with Zoho is a secure, OAuth-based mechanism that allows users to authorize your application to access their Zoho CRM data. In this example, we built a real-world use case, a student portal for Zylker Academy, that authenticates users and interacts with CRM directly using the Zoho CRM Python SDK.

By walking through the entire flow, you now understand:

• Why OAuth is essential for secure CRM access
• How to register an application in Zoho
• What the login and token exchange flow looks like
• How to implement "Login with Zoho" in your applications

What is next?

In this project, we have used a simple file persistence method to store the token files. But in a real world scenario, this may not always meet your business requirements. In next week's Kaizen, we will implement custom token persistence instead of file persistence in the current project. We will explain how to implement this using SQLite, In-Memory and List DBs. With that, you will be equipped to implement a persistence method that fits your application architecture and deployment environment.

We hope that you found this useful. If you have any queries, let us know the comments below, or send an email to support@zohocrm.com. As always, we would love to hear from you!!

Stay tuned for next week's Kaizen : Implementing Custom Token Persistence 

             Previous Kaizen: Kaizen #190 - Queries in Custom Related Lists |  Kaizen Directory                                  

Download Links:

• Frontend Project Files 
  
• Backend Server Files             

Further Reading:

• Configuration and Initialization of Zoho CRM Python SDK (V7) for different client types
  
• Zoho CRM Scala SDK (V6) - Configuration and Initialization
  
• Zoho CRM SDKs                                                                                                                                                    

• Topic Participants

• Anu Abraham

  

• Ashley

• Sticky Posts

• Kaizen #222 - Client Script Support for Notes Related List

  Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore how

• Kaizen #217 - Actions APIs : Tasks

  Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

• Kaizen #216 - Actions APIs : Email Notifications

  Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

  Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

• Recent Topics

• Direct link to Record Summary

  Hi everyone, In one of my reports, I have built a Record Summary template to display the details of one record. I would like to be able to link directly to this Record Summary once I submit a new record, without having to go to the list of records first and click on View. Is there a possibility to do so ?  Should I use the URL by passing some parameters ? Thank you very much for your help ! Guillaume

• Amendment effective date

  Hi everyone, I noticed that the amendment effective date mentionned in my amendment is not right. Indeed, when a contract is amended several times, it states the previous amendment and their effective date. However, the effective date stated is always

• Show both Vendor and Customers in contact statement

  Dear Sir, some companies like us working with companies as Vendor and Customers too !!! it mean we send invoice and also receive bill from them , so we need our all amount in one place , but in contact statement , is separate it as Vendor and Customer, 

• STOCK history in zohosheets

  is it possible to get historical stock value using stock function in zoho sheets? i could not see from and to period in the helper document.

• Auto sync Photo storage

  Hello I am new to Zoho Workdrive and was wondering if the is a way of automatically syncing photos on my Android phone to my workdrive as want to move away from Google? Thanks

• Agent password reset

  Hi Zoho support, I would like to ask if there is a way the admin can reset a password of an agent? Regards

• Can receive but not send messages in Zoho Mail

  Hello! I was able to configure my email client successfully in that I can receive messages just fine. However, when I send messages out, they seem to go out fine (I don't receive any errors or anything), but the recipient does NOT receive those messages.

• Mail is sent twice!

  Been using Zoho for a while now. Installed Zoho for someone else and some weird things are happening. Mails are being sent twice. He is using Thunderbird as an email client. I already read about email being duplicated in the sent folder. But in my case

• Can't login IMAP suddenly

  Since this evening I'm getting the error: You are yet to enable IMAP for your account. Please contact your administrator... IMAP always been enabled in my account and was workign fine for the past 7 years. Already tried turning IMAP off and on again.

• Sending of username did not succeed: Mail server pop.zoho.com responded: User already specified

  I am having issues receiving emails from Zoho in Thunderbird. I am getting the above error. The first error tells me Authentication failed, and prompts me to enter in my password. Then I get the above error. I can receive emails when I log in online to

• Bug tracking

  Hi, does anyone know how to track errors during picking or packing? This way I can keep track and see how to improve and prevent errors in this area.

• Migration of corporate mail environment from Yandex 360 to Zoho mail

  I have to migrate a corporate mail environment with an existing domain from Yandex 360 to Zoho mail. It is vital to migrate all users with all the data. I have read the article on this topic using MacMister Email Backup Software just now and have some

• I'm unable to send mail pthrough Zoho SMTP programmatically

  This has been working for years, but today it's been offline all day long. I see nothing anywhere on your site about this. I'm not the only one experiencing this. Downdetector has a spike of reports today

• Can no longer send email via Django site

  This was working fine as of 11/7/25. Now I am unable to send user verification emails from a Django site on a AWS lightsail sever. When a user attempts to register the following error occurs. I have also attempted to send a test email via the shell and

• unable to send email but able to receive email

  my email address is info@securityforceservices.ca

• Login to server failing

  When trying to retrieve my mail, I am getting this error message -- Login to server pop.zoho.com with username (my email address) failed. It gives me the option to retry, enter password, or cancel. Then I get this message -- Sending of username did not

• Configuration failed: 200 response not received for POST request.

  Hello, I am trying to set up a webhook to connect with an Salesforce but I receive the following error from Zoho: Configuration failed: 200 response not received for POST request I have tried testing it on webhook.site as well and receive the same error

• Zoho Migration Assistant not working

  Hello, I am trying to use you Migration assistant to migrate emails from Rediff to Zoho. I am stuck in the first step. After downloading the migration tool, I copied the link to verify user credentials, however, after pasting the link in the browser,

• Contacts Missing — PeopleSync/Zoho Mail

  English: In our company we use ManageEngine Mobile Device Manager (MDM), Free edition, to manage corporate mobile devices. Our usage policy does not allow personal Google accounts on these devices; therefore, Google account sync is blocked through MDM.

• Best way to integrate Zoho with mobile app for managing customer requests with real-time notifications?

  Hello, I'm building a solution for a travel company where customers submit requests through a website, and the sales team manages these requests through a mobile app. The Requirement: Customers fill a form on the website (name, email, number of children,

• Kaizen #57 - Mass Update API in Zoho CRM

  Hello everyone! Welcome back to yet another post in the Kaizen series. This week, we will discuss the Mass Update API in Zoho CRM. In this post, we will cover the following: 1. Introduction 2. Mass Update Records API  3. Schedule Update and Get Status

• Getting Attachments in Zoho Desk via API

  Is there a way to get attachments into Zoho Desk via an API?      We have a process by which a zoho survey gets sent to the user as a link in a notification.    The survey has several upload fields where they can upload pdf documents.    I've created

• Pincode based Product Restriction

  we have different types of products. 1) Very bulky items like plywood. 2) Too delicate items like glass These type of products we want to sell to local customers. Other products we want to supply all over India. There should be an option to restrict products

• Related Lists filter

  I have Contacts showing in our Accounts module. I customized the Contacts module with an Employment Status field, with the following picklist options: "Primary Contact", "Secondary Contact", "Active Staff(not a main contact)", and "No longer employed".

• Standalone custom function not generating logs

  Why dont't standalone custom functions generate logs when the're called from another function? I have some functions (workflow, buttons and blueprint) that have common parts, so I put that part in a standalone function which is called from the others.

• Add "Reset MFA" Option for Zoho Creator Client Portal Users

  Hello Zoho Creator Team, We hope you are doing well. We would like to request an important enhancement related to Multi-Factor Authentication (MFA) for client portal users in Zoho Creator. Currently, Creator allows us to enforce MFA for portal users,

• Support Bots and Automations in External Channels

  Hello Zoho Cliq Team, How are you? We actively use Zoho Cliq for collaboration, including with our external developers. For this purpose, external channels are a key tool since they work seamlessly within the same interface as all of our other channels

• Urgent Security Feature Request – Add MFA to Zoho Projects Client Portal Hello Zoho Projects Team,

  Hello Zoho Projects Team, We hope you are doing well. We would like to submit an urgent security enhancement request regarding the Zoho Projects Client Portal. At this time, as far as we are aware, there is no Multi-Factor Authentication (MFA) available

• Creator HTML page refresh

  Hi, I have added around 5 different html snippets in single creator page. I understand, I can refresh the entire page from page script using Navigational URLs https://help.zoho.com/portal/en/kb/creator/developer-guide/others/url-patterns/articles/navigational-urls

• Zoho Desk - Custom Module Related List Columns on Tickets

  I have a custom module in Zoho Desk called Asana Tasks, each task has a lookup to a Ticket. On the Ticket I want to see the columns of the Asana Tasks in the related list . Is there a way to do this? Right now it just has the name of the record and I

• What is your opinion of the new UI?

  Hi Everyone, I would like to see what everyone thinks of the new Zoho One Dashboard. I don't get it, but perhaps I'm missing something. What are your thoughts?

• What are the OAuth scopes needed to access the Zoho MCP server?

  I think I'm authenticating with the MCP server endpoint successfully using a bearer token but I can't successfully initialize an MCP session. I'm using the official MCP Python sdk (https://github.com/modelcontextprotocol/python-sdk). I get as far as here

• "Temporary Error" in Zoho CRM Data Source sync

  I edited my setup for the Zoho CRM to Zoho Analytics Data Source Import configuration to add some new fields. After I saved the changes, I clicked the (Sync Now) link. After a few minutes I got a Sync failure error. The only reason given is "A temporary

• cant upload images in signature- urgent help needed. ta!

  HI, I have been trying to insert the company logo in the signature. i have tried it several times since yesterday, the longest I waited was 1 hour and 12 minutes for the pop up window to upload a 180 KB .jpg file. what am i doing wrong..  an urgent reply will be appreciated,  Ta

• Account blocked for IMAP use

  Hello, My email client (Evolution) can't sync mail anymore. It gives the error: "Your account is temporarily blocked for IMAP use. This may happen if you exceed the maximum number of simultaneous IMAP connections allowed. Kindly try again after some time."

• Is SMTP included in the free plan?

  My client has a Zoho Mail Free 14 day trial that ends tomorrow. She has set up a domain email address with SMTP on a third party app and is wondering if it will continue working once her plan downgrades to the free forever plan. Thanks

• Zoho mail issue.

  I have verified my domain ohhoexpress.online by adding necessary TXT and MX records. But when I am sending email to any external email id, it is showing as zohomail.com. Also while I am sending mail to internal mail id, it is saying user not found whereas

• My email is blocked from sending

  I get this message when I try to send any message .. > Unable to send message, Reason 554 5.1.8 Email Outgoing Blocked We have urgent emails to send and the issue continues to persist from yesterday. Please help us with this issue as soon as possibl

• [WEBINAR] Smooth year-end closure with Zoho Books (KENYA)

  Hello there, This webinar is for all Kenyan businesses looking to wrap up their financial year smoothly! Join our free session to learn how Zoho Books can simplify your year-end process. What to expect from this webinar: - All the latest updates in Zoho

• cannot recieve or send emails

  we are not recieving or cannot send emails.Shows sysytem error

• Next Page