Kaizen #116 - Client Types in Zoho API Console
Hello everyone!
Welcome back to another post in the Kaizen series!
This week, we will discuss different client types available in Zoho API Console, and when to use each.
When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.
Available client types
- Server-based
- Client-based
- Self client
- Non-browser-based
- Mobile-based
1. Server-based
If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.
Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.
Here is a gist of what happens:
- Users visit your website where you have the Login with Zoho button.
- When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
- Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
- When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
- The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
- Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
- You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
- Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.
The following image shows the protocol flow.
You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.
Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.
For more details, you can refer to the Accounts guide and CRM help doc.
2. Client-based applications
This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.
Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
- Your app redirects the user to Zoho Accounts.
- Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
- The user is shown the data that your webpage would use.
- When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
- You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
- Your app must then make API calls to Zoho with this access token to fetch data.
- When the access token expires, your app must take care of regeneration and storage.
As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.
As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.
3. Self Client Applications
When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.
A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.
Here is a gist of what happens.
- You register your app as self client in Zoho API Console.
- You will get the client details such as ID and secret.
- You provide the scopes required for your app to access CRM data.
- You will receive the grant token.
- Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
- Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.
4. Non-browser applications
This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
- You must register your smart TV app in Zoho API Console with the type "Non-browser application".
- Users install a dedicated Zoho ShowTime application on their smart TVs.
- When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
- When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
- Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
- When the user enters the user code, Zoho Accounts sends the access token to your app.
- Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
Here is the protocol flow. For more details, refer to this doc.
5. Mobile-based applications
You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.
Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.
We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.
Cheers!
Access your files securely from anywhere
Centralize Knowledge. Transform Learning.
All-in-one knowledge management and training platform for your employees and customers.
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Shylaja S
Piyush Dwivedi
Ishwarya SG
Onur Gulay - Smile Center Turkey®
Sunderjan Siddharth
Sticky Posts
Kaizen #198: Using Client Script for Custom Validation in Blueprint
Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Kaizen #226: Using ZRC in Client Script
Hello everyone! Welcome to another week of Kaizen. In today's post, lets see what is ZRC (Zoho Request Client) and how we can use ZRC methods in Client Script to get inputs from a Salesperson and update the Lead status with a single button click. In thisKaizen #222 - Client Script Support for Notes Related List
Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore howKaizen #217 - Actions APIs : Tasks
Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.Kaizen #216 - Actions APIs : Email Notifications
Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
What's New in Zoho Inventory | April & May 2026
Hello users, We're excited to roll out the latest Zoho Inventory updates for April and May 2026. These enhancements are designed to make your daily operations smoother and more efficient, from advanced inventory management and flexible pricing to automatedAbility to Use Both AND and OR When Creating Rules (Advanced Conditions)
I'd like to be able to use more complicated logic when setting up rules. E.g. in Zoho Mail, I can choose "Advanced conditions (AND/OR) to create a rule that can be applied to multiple subject lines from the same sender. But in Zoho TeamInbox, I will have"Make online" not clearing previously downloaded files from disk
I downloaded a large folder via "Make offline" so I could copy it to another location. This worked. When I was done I hoped that "Make online" would restore it to the previous state where those files are not stored locally in TrueSync. This did not work—FinderPermission Denied for Worklogs URL
We're attempting to pull worklogs data from service desk plus and when using the below URL we are met with a message stating we do not have permission. https://sdpondemand.manageengine.com/api/v3/requests/xxxxxx/worklogs/ We used SDPOnDemand.requests.ALLAnyone in Australia using Zoho Books AND has their account with NAB?
Hi I have an account with both NAB and Suncorp. Suncorp transaction come in the next day however NAB transactions take 4-5 business days to appear. eg: A deposit made today in my Suncorp will be imported into Zoho tomorrow. A deposit made today to the NAB account will be imported maybe Saturday (Friday overnight). I have contacted both Zoho and NAB but noone seems to know why. I was just wondering if anyone else in Australia uses NAB and has this issue (or doesn't) maybe we could compare notes andPartner with HDFC And Sbi Bank.
Hdfc and sbi both are very popular bank if zoho books become partner with this banks then many of the zoho books users will benefit premium features of partnered banks.#12 Never Leave a Billable Hour Behind
A client approves a website redesign project. The estimated effort? 40 hours. The project is going well. A few additional review meetings are scheduled. Several rounds of content changes are requested. A few "quick fixes" get added along the way. TheClose task on Completion Date entry
This discussion is similar to my issue: "backdated-task-completion-date" discussion Scenario: A bunch of tasks have been completed. But, they have not been closed. Time goes by You finally get around to closing those tasks Projects assigns the date theCan I add Conditional merge tags on my Templates?
Hi I was wondering if I can use Conditional Mail Merge tags inside my Email templates/Quotes etc within the CRM? In spanish and in our business we use gender and academic degree salutations , ie: Dr., Dra., Sr., Srta., so the beginning of an email / letterRecords from ATE 29: Knowledge Base, Community, and AI for smarter User Education
Hi Everyone, "Ask the Experts 29" was an engaging session, where we explored how to utilize the Knowledge Base for customers and internal teams, as well as emphasizing the importance of our Community. This post highlights the questions and use cases discussed,Deleted User Emails
I need to delete a user as I need to re-use their license, but I'd like to keep all their emails that are attached to various contacts in the CRM. Their emails are hosted externally on an M365 license. Anyone any idea how best to engineer this? TIAIts 2022, can our customers log into CRM on their mobiles? Zoho Response: Maybe Later
I am a long time Zoho CRM user. I have just started using the client portal feature. On the plus side I have found it very fast and very easy (for someone used to the CRM config) to set up a subset of module views that make a potentially extremely usefulZoho CRM upload files error
Since today, we have been experiencing issues with uploading photos to opportunities. The message indicates that the storage is full, but as far as I can see, there is still plenty of space available. Could there be an issue or a bug?Kaizen #246 - Incoming Lead Email Intent Detection using Zia Assistant API in Zoho CRM
Hello all! Welcome back to a fresh Kaizen week. In this post, we will explore how Zia detects positive intent from incoming emails in the Leads module using the Zia Assistant API along with Workflow Rules and Custom Functions in Zoho CRM. Use Case ProblemSmart URL Determination
I would like to see Vault implement some sort of "smart" URL determination. When one starts to add a new username-password combination from a new site, Vault brings in the exact URL of the page from which this is happening. All too often, it looks somethingRemoving To or CC Addresses from Desk Ticket
I was hoping i could find a way to remove unnecessary email addresses from tickets submitted via email. For example, a customer may email the support address AND others who are in the helpdesk notification group, in either the TO or CC address. This resultsTip #76- Exploring Technician Console: Quick Launch- 'Insider Insights'
Hello Zoho Assist Community! Welcome back to our Technician Console series. Last time we explored Power Options, and this time we are turning the spotlight on a feature that quietly saves you dozens of clicks in every session by getting you exactly whereMulti-Book Accounting Support in Zoho Books
Currently, businesses that operate multiple entities, regions, or divisions need to maintain separate Zoho Books instances or resort to manual consolidation processes. This creates significant operational friction and increases the risk of errors. PROBLEM:Automated Multi-Subsidiary Consolidation Engine in Zoho Books
For organizations managing multiple subsidiaries across different geographies or business units, consolidation is a quarterly/annual nightmare. Zoho Books lacks native consolidation tools, forcing companies to export data, manipulate it in Excel, andZoho Books | Product updates | April 2026
Hello users, Welcome to our April 2026 product updates roundup! Highlights include profit margin for sales transactions, insights in reports, recording deposits from undeposited funds in banking, and faster production workflows with improved assemblyUnable to charge GST on shipping/packing & Forwarding charges in INDIA
Currently, tax rates only apply to items. It does not apply tax to any shipping or packing & forwarding charges that may be on the order as well. However, these charges are taxable under GST in India. Please add the ability to apply tax to these charges.How to add packing & forwarding charge in purchase order & quotation???
Hello Zoho Team I have just started using Zoho for my company and I wanted to make purchase order. My supplier charges fix 2% as packing & forwarding on Total amount of material and then they charge me tax. For example, Material 1 = 100 Rs Material 2How to book GST paid in zoho books
hi, i am a new user to Zoho books and not able to book GST paid in books, kindly suggest how i can book it in books. thanks, siddharth[Bug] WebAuthn passkey registration blocked on rpIds with TLDs longer than 6 characters (.accountant, .technology, etc.) — isValidDomain regex too strict
Hi, Filing on behalf of an enterprise customer where Zoho Vault is deployed across the company. The Chrome extension blocks WebAuthn passkey registration on legitimate sites whose Relying Party ID (rpId) has a TLD longer than 6 letters. This affects everyZoho Payroll: Product Updates - H1, 2026
Over the last few months, Zoho Payroll has added updates that make payroll easier to process, review, explain, and manage for businesses. The most important improvements focus on payroll flexibility, gratuity tracking, employee self-service, reporting,Pushover Notification Module
Hello, it would be good if there would be a "Pushover" (https://pushover.net/) module besides the standard SMS module. Pushover is now very well known, especially in IT, and is becoming more and more popular. The biggest advantage are the customizableE-Mail Blacklist via GUI
Hello, It would be helpful if the GUI included an option to block specific email addresses (both incoming and outgoing). I want a setting where I can completely block certain email addresses. This means that no tickets can be opened from those addresses,How to migrate cpanel mail to new zoho mail?
Hi, I have a client whose email (for his website domain) is currently on "cpanel mail". Now client wants to move to Zoho Mail. I checked migration docs and its mentioned that I can migrate using IMAP or POP but I am not getting exactly what steps should I follow in order to achieve this. As soon I will add clients domain and setup MX Records and SPF for that, I will lose access to currently setup email (cpanel mail) and without adding domain in zoho mail, I can't setup email for that. Sorry if ISalesIQ Integration with LINE: API Rate Limit Issue and Pre-Chat Flow Concerns
Hello SalesIQ Developer Team. I have investigated the issue and found that the LINE Rate Limit is being consumed unusually quickly. LINE API free usage limit: 300 messages per month per brand. This limit will be reached within the first few days. 1. LINEHow to Backup Zoho to PST?
I'm looking for a simple way to backup Zoho Mail emails to PST format. I tried the IMAP method with Outlook, but it seems slow and complicated for large mailboxes. I need a solution that can: Export Zoho emails to PST Preserve attachments and folder hierarchyWarehouse -> Locations Transition Causing Errors
After saying "okay" to the transition from 'warehouses' to 'locations', I've now got shipped Sales Orders that I cannot invoice. How does one proceed?Zoho CRM Community Digest - May 2026 | Part 1
Hello Everyone! This edition introduces the new centralized Zoho Announcements Hub, a single dashboard designed to let you track and filter live product roll-outs from across the Zoho ecosystem. Alongside the Announcements Hub, this month also featuresSalesIQ : How to disable markdown autoformatting?
Hello Is there setting to disable "Markdown Text" this feature and enter raw markdown in plain text only format it after you send the message? ThanksConverting XML to JSON
Hi! I need to convert a variable in XML to JSON. Can i do it without using an API on deluge? I looked into the documentation but couldn't get any answers to this. Thank you in advance!元問い合わせメールに返信したときの統合処理
ワークフロー作成したので備忘録です。 Zoho Desk で作成したメールアドレス宛てに既存のメールアドレスにきた問合せ先メールを転送してチケット作成を行っています。 元の問い合わせメールに返信、転送した際にRe,RE,re,Fw,FW,fwが件名の頭に付くため、その度に新規起票が乱立します。 メールの頭にRe,RE,re,Fw,FW,fwがある時それを除いた件名と同じ件名が既にチケット作成されていれば統合するワークフローを作成しました。 条件が緩いので既存チケットの検索で完了済みや5日以上前に作成したものは除いてもいいとは思います。Marketing Automation Demo Video
I would like to see a video demo for Marketing Automation. Do you have one statashed away somewhere?is it possible to add more than one Whatsapp Phone Number to be integrated to Zoho CRM?
so I have successfully added one Whatsapp number like this from this User Interface it seems I can't add a new Whatsapp Number. I need to add a new Whatsapp Number so I can control the lead assignment if a chat sent to Whatsapp Phone Number 1 then assignSupervisor Rules --> Custom Function
Hello, currently I can't add a custom function to a supervise rule. Is there a reason for this? Background: We have BluePrint managed tickets and actually we have a Supervise rule which should set the ticket to "closed" after 168 hours since the lastAutomate Backups
This is a feature request. Consider adding an auto backup feature. Where when you turn it on, it will auto backup on the 15-day schedule. For additional consideration, allow for the export of module data via API calls. Thank you for your consideration.How to record GST amount for Value of Service on Inward remittance charged by bank
Hi please advice I have a situation. 1. I have HDFC bank account 2. I have a customer who has done inward remittance for purcahses from overseas. 3. HDFC is showing Value of Service say $100 and GST @ 18%. 4. Value of Service is not charged. But CGSTNext Page