Kaizen 116 - Client Types in Zoho API Console
Hello everyone!
Welcome back to another post in the Kaizen series!
This week, we will discuss different client types available in Zoho API Console, and when to use each.
When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.
Available client types
- Server-based
- Client-based
- Self client
- Non-browser-based
- Mobile-based
1. Server-based
If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.
Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.
Here is a gist of what happens:
- Users visit your website where you have the Login with Zoho button.
- When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
- Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
- When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
- The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
- Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
- You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
- Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.
The following image shows the protocol flow.
You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.
Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.
For more details, you can refer to the Accounts guide and CRM help doc.
2. Client-based applications
This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.
Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
- Your app redirects the user to Zoho Accounts.
- Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
- The user is shown the data that your webpage would use.
- When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
- You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
- Your app must then make API calls to Zoho with this access token to fetch data.
- When the access token expires, your app must take care of regeneration and storage.
As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.
As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.
3. Self Client Applications
When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.
A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.
Here is a gist of what happens.
- You register your app as self client in Zoho API Console.
- You will get the client details such as ID and secret.
- You provide the scopes required for your app to access CRM data.
- You will receive the grant token.
- Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
- Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.
4. Non-browser applications
This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
- You must register your smart TV app in Zoho API Console with the type "Non-browser application".
- Users install a dedicated Zoho ShowTime application on their smart TVs.
- When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
- When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
- Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
- When the user enters the user code, Zoho Accounts sends the access token to your app.
- Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
Here is the protocol flow. For more details, refer to this doc.
5. Mobile-based applications
You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.
Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.
We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.
Cheers!
Access your files securely from anywhere
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Shylaja S
Piyush Dwivedi
Ishwarya SG
Sticky Posts
Client Script | Update - Introducing Commands in Client Script!
Have you ever wished you could trigger Client Script from contexts other than just the supported pages and events? Have you ever wanted to leverage the advantage of Client Script at your finger tip? Discover the power of Client Script - Commands! CommandsKaizen #165 : How to call Zoho CRM APIs using Client Script
Welcome back to another exciting Client Script post! In this post, we will discuss one of the most frequently asked questions: How do you call Zoho CRM APIs from Client Scripts? In this kaizen post, 1. Ways to make calls to Zoho CRM APIs using ClientKaizen#162 : Add Tags and Open Pre-filled Email Drafts via Client Scripts
Hello everyone! Welcome to another informative Kaizen post. In this post, let us see how to accomplish the following using Client Script. 1. How to auto-tag a record based on field update? 2. How to Open a pre-filled email draft This post will provideExtension Pointers - JS SDK series #4: Managing data from a widget using ZOHO.CRM.HTTP
Handling and managing the data between two applications is a major factor for an efficient business. There are a variety of ways to handle data between Zoho CRM and other third-party applications. You can use deluge CRM tasks, create connectors, use APIKaizen #152 - Client Script Support for the new Canvas Record Forms
Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho DataPrep Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
ZOHO CRM API Python SDK Convert Quote to Sales Order
I can see footprints that this may be possible through Inventory Conversion. But I am unable to locate any specific details or samples on how to do this. I am using the most current Python SDK. Any support or even sample code would be much appreciatedDisplaying Notes/Description Columns in "All Expense" showing Tabs
It's surprising to see there is no option to view description columns in tab showing all expenses. There are provisions for Reference# and Status, but why not the description/notes. Please Add. Thank You.Zoho Books - uploading company logo squashed
I am trying to upload my company logo with the following dimensions - 240 x 240 pixels and a file size of 106Kb. When I look at the logo in my invoices, it is squashed and not the right size. Any idea what is going on? I've tried uploading jpeg and pngPetty cash discrepancy
How do I record a petty cash discrepancy? We had money go missing and need to document that in the books, but I'm not sure how to put that in. It's not an expense, just a loss of cash.Zoho Workdrive file versions
Hello. I have Workdrive setup to sync files offline to an external hard drive. The off line sync folder currently shows at 1.42 TB. I have a 5 TB storage limit in Workdrive. The cloud version of Workdrive says that I have used all 5 TB! I have 27, 285Visual Sync Status Indicator
I think I've see in documentation that WorkDrive had the industry standard of indicating a sync status for individual files and folders. I'm just starting with WD and synced my first test folder, but there was no way to tell what's happening by just lookingIntegration with Zoho CRM?
Will it be possible to integrate WorkDrive with CRM similar do Zoho Docs?How to control the # of version of files to keep?
Currently most of the WorkDrive Storage comprise of the many versions of files saved. How do I save some space and reduce the number of version of date or files saved in WorkDrive? ThanksShould I Use Zoho Mail Calendar, or Zoho CRM Calendar, or Zoho Calendar?
After a couple of dozens Zoho solopreneur products that I transitioned to after becoming a Zoho One enthusiast 5 years ago, I am finally preparing to conquer the remaining two bastions: Mail and WorkDrive (using Google Workspace at the moment). A NYCAdd comments to a form
Hello, I'm trying to add comments to a form using a subform with one field named comment, but I don't want prior comments to be editable or deleteable by anyone (except the admin). Is there a way to only display prior comments (with a datetime, user and comment field preferably) but still be able to add new ones when editing the main form? I'm not tied to subforms if there is an easier was to do this?Zoho Books | Product updates | March 2025
Hello users, We have rolled out new updates in Zoho Books to enhance your accounting experience. These include the ability to create workflow rules for manual journals and Multi-Factor Authentication (MFA) for customer and vendor portals. Explore theseTrying to export a report to Excel via a deluge script
I have this code from other posts but it gives me an error of improper statement, due to missing ; at end of line or incomplete expression. Tried lots of variations to no avail. openUrl(https://creatorapp.zoho.com/<username>/<app name>/XLSX/#Report:<reportname>,"sameWork Drive Tray Icon Missing
How can I get the tray icon back? The app froze, had to restart PC and then it's been gone since... I've re-installed the windows program and restarted my machine twice now.cant receive emails
I have checked the Dns and everything seems to be fine pls check the print screens attached below help me cause i need to solve this fastRetainer invoice in Zoho Finance modlue
Hello, Is there a way of creating retainer invoices in the Zoho Finance module? If not can I request this is considered for future updates please.iOS Widget Not Working
It appears that the iOS widget is not working, displaying a blank white screen instead of a selected note. I’m using app version 6.5.12 and iOS 18.3.1.Two Problems With Data Imported to Notes
Occasionally I want to create a note by copying and pasting a few paragraphs from an article on line. When I create a new note and paste in the section the newly created note winds up with each paragraph in white text on a dark background rather thanWorkdrive on Android - Gallery Photo Backups
Hello, Is there any way of backing up the photos on my android phone directly to a specific folder on Workdrive? Assuming i have the workdrive app installed on the phone in question. EmmaGenerate a link for Zoho Sign we can copy and use in a separate email
Please consider adding functionality that would all a user to copy a reminder link so that we can include it in a personalized email instead of sending a Zoho reminder. Or, allow us to customize the reminder email. Use Case: We have clients we need toHow to associate a document sent in Zoho Sign with an deal in the CRM?
Hi, often documents are loaded in Zoho sign and sent for signature. These sometimes are linked to a deal in the Zoho CRM and would be nice to see the status of the document within the CRM. I am aware of the integration, but that assumes that the documentPreventing auto-redirect to Parent Record on Save...
Our users often create records from the related list on th left side of the screen. They click the blue "plus" button to create the record. This is handy, but for some modules, or situations, they would like to remain on the record AFTER clicking "Save",CRM Portal Help
Hello, I am trying to set up a portal to connect with our referring doctors to keep patient cases organized. I set up the accounts module as office, the contacts as doctors, the leads as patients, and the deals as treatments. Everything seems to workZoho Books (UK) needs to be able to submit a CT600 CTSA return
As well as a VAT Return, most (if not all) small businesses have to submit a CT600 Corporation Tax Self-Assessment. There are many providers who do this (like Xero) bujt not Zoho. Can you add this to the request list please? Many thanks SteveNo image image comes out in the recipient when I sent an email
Hello to the entire forum, when I send an email from Zoho, my profile picture does not come out. On the other hand, if you do, using Gmail accounts. How is it configured to leave ??? Thank you Greetings !!Zoho Desk & Tasks
Hi, I'd like to be able to create a set of tasks each time a customer request comes in, as I understand it, currently each would need to be create manually. Project is too much of an overhead for what we want to use. Effectively in various use cases wezet pack not working
We are using the zet pack command to package our Zoho extension. However, after running the command, the extension gets packed, but the resulting package is empty. We've attached a screenshot for reference. Could you please assist us with resolving thisWhile retrieving the Balance Sheet Report, there is always this "COST OF GOODS SOLD", This is not editable.
Hi Zoho & Readers, While retrieving the Balance Sheet Report, there is always this "COST OF GOODS SOLD", which is reduced from the Sales to arrive at the gross profit. The issue I face here is that Service Oriented Companies don't incur any COGS, henceChanging salesorder_number via zoho flow
For some reason updating salesorder_number via zoho flow does not stick. Flow is triggered by new sales order filtered by sales channel update sales order: PO#: CX${trigger.reference_number} Salesorder_number: CX${trigger.reference_number} PO# successfullyWorking with Products that are non-tangible
How does one create a 'service' in products? Is there a way to disable inventory functions for things like Sofware as a service? The services module doesn't look to be much help either. Not sure how to do this in CRMLoop in Blueprint but it works. Why? How should this be set?
see pictureZoho Error: This Operation has been restricted. Please contact support-as@zohocorp.com for further details
Hello There, l tried to verify my domain (florindagoreti.com.br) and its shows this error: This Operation has been restricted. Please contact support-as@zohocorp.com for further details. Screenshot Given Below - please check what went wrong. ThanksBulk Delete Images
How do I bulk Delete Images from Zoho Campaigns. We have been using the Zoho since 2019 and can still only see the option to delete images one by one and we have a lot of old Campaign imagery we don't need anymore. Thanks!Tip #5: Setting access rights at the subfolder level
Hello everyone, We hope you're finding our WorkDrive Tips and Tricks series useful. For today's tip, we'll teach you how to assign higher subfolder permissions to Team Folder members. Team Folders helps you avoid the drawbacks of traditional file sharing.I want to update the photo from the mobile app to the product tab product.
I want to update the photo from the mobile app to the product tab product. Because I want to use the CRM product tab for inventory management Contact registration can save photos from the mobile app. Attached screenshot.Setting default From address when replying to request
At the moment, if I want to reply to a request, the From field has three options, company@zohosupport.com, support@company.zohosupport.com, and support@company.com. The first two are really internal address that should never be seen by the customer andEnable Image and Hyperlink Sync in Zoho Desk - Jira Integration
Hi, We are using the Zoho Desk - Jira integration, which allows comments to sync automatically between a Zoho Desk ticket and its linked Jira issue. However, we have noticed a limitation: When adding a hyperlink or image in a Zoho Desk comment, it isDeluge Function to Update Custom Field
I'm trying to get a Deluge function (which will run as part of a Schedule in Desk) that retrieves all tickets with the status "Recurring" and updates the custom field checkbox "cf_recurring" to "true". Here's what I have, which doesn't work: searchValueImplement Date-Time-Based Triggers in Zoho Desk
Dear Zoho Desk Support Team, We are writing to request a new feature that would allow for the creation of workflows triggered by specific date-time conditions. Currently, Zoho Desk does not provide native support for date-time-based triggers, limitingHow many ZOHO-Sites does the ZOHO-One Suite allow for?
The free version of ZOHO-Sites allows for two sites, but it seems that the professional version (which is included in the ZOHO-One Suite) only allows for two websites. Is that correct? How many sites can I have within one ZOHO-One account?Zoho desk Spam Folder
Dear Zoho Support Team, We are experiencing an issue with Zoho Desk, where all emails sent to our customers are being marked as spam. As a result, they are not receiving notifications for new ticket replies. Please assist us in resolving this issue.Next Page