Kaizen 116 - Client Types in Zoho API Console
Hello everyone!
Welcome back to another post in the Kaizen series!
This week, we will discuss different client types available in Zoho API Console, and when to use each.
When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.
Available client types
- Server-based
- Client-based
- Self client
- Non-browser-based
- Mobile-based
1. Server-based
If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.
Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.
Here is a gist of what happens:
- Users visit your website where you have the Login with Zoho button.
- When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
- Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
- When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
- The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
- Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
- You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
- Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.
The following image shows the protocol flow.
You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.
Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.
For more details, you can refer to the Accounts guide and CRM help doc.
2. Client-based applications
This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.
Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
- Your app redirects the user to Zoho Accounts.
- Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
- The user is shown the data that your webpage would use.
- When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
- You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
- Your app must then make API calls to Zoho with this access token to fetch data.
- When the access token expires, your app must take care of regeneration and storage.
As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.
As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.
3. Self Client Applications
When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.
A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.
Here is a gist of what happens.
- You register your app as self client in Zoho API Console.
- You will get the client details such as ID and secret.
- You provide the scopes required for your app to access CRM data.
- You will receive the grant token.
- Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
- Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.
4. Non-browser applications
This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
- You must register your smart TV app in Zoho API Console with the type "Non-browser application".
- Users install a dedicated Zoho ShowTime application on their smart TVs.
- When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
- When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
- Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
- When the user enters the user code, Zoho Accounts sends the access token to your app.
- Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
Here is the protocol flow. For more details, refer to this doc.
5. Mobile-based applications
You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.
Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.
We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.
Cheers!
Access your files securely from anywhere
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Shylaja S
Piyush Dwivedi
Ishwarya SG
Sticky Posts
Client Script | Update - Introducing Commands in Client Script!
Have you ever wished you could trigger Client Script from contexts other than just the supported pages and events? Have you ever wanted to leverage the advantage of Client Script at your finger tip? Discover the power of Client Script - Commands! CommandsKaizen #165 : How to call Zoho CRM APIs using Client Script
Welcome back to another exciting Client Script post! In this post, we will discuss one of the most frequently asked questions: How do you call Zoho CRM APIs from Client Scripts? In this kaizen post, 1. Ways to make calls to Zoho CRM APIs using ClientKaizen#162 : Add Tags and Open Pre-filled Email Drafts via Client Scripts
Hello everyone! Welcome to another informative Kaizen post. In this post, let us see how to accomplish the following using Client Script. 1. How to auto-tag a record based on field update? 2. How to Open a pre-filled email draft This post will provideExtension Pointers - JS SDK series #4: Managing data from a widget using ZOHO.CRM.HTTP
Handling and managing the data between two applications is a major factor for an efficient business. There are a variety of ways to handle data between Zoho CRM and other third-party applications. You can use deluge CRM tasks, create connectors, use APIKaizen #152 - Client Script Support for the new Canvas Record Forms
Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho DataPrep Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho Campaigns Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Zoho Creator - Zoho Analytics
I am facing an issue in Zoho Analytics where I am still seeing deleted data from the Zoho Creator form I created. Could you please look into this and let me know what needs to be done?Unable to send emails
I have this email parth@mrcolumbus.in, but I couldnt send outgoing email. Can you please help?Notifications push : Encourager le réengagement et renforcer la fidélité des utilisateurs efficacement
Vous avez déjà souhaité engager et communiquer de manière proactive avec les utilisateurs, y compris lorsqu'ils utilisent votre application de manière peu active ? Zoho Apptics vous offre déjà des fonctionnalités qui vous permettent d'évaluer la performance,Easy way to delete attachments
I've reached my data limit and would like to run a view/report, and mass delete attachments. Is there an easy, fast way to do this? Moderation Update: Post Summary: There are two features the post discusses a) Easy way to remove Email attachments WillHow to add new deal to existing contact
Hi, I want to add new deal to existing contact.Domain verification is in progress... (How long do I need to wait?)
Trying to setup my first email domain by connecting with GoDaddy. Have been here for quite some time and the screen is not changing. How long should this take?Send DataSend Dataemail address autocomplete
Is there a way to eliminate certain addresses from showing up in auto complete when entering an address? Many old and unused addresses currently show up, many of which I would like to get rid of. ThanksLinking an email to a Contact when the email is sent in deluge via sendmail
The "to:" address in this code is a CRM Contact. Email address is forced unique in CRM This sendmail gets sent via a workflow which is in a custom module. It works, except that the outbound email does not appear (i.e, get linked to) the Contact such thatHow to restore deleted Field
I edited a field in zoho form and by accident I deleted a field (email address). The form is ongoing to be filled by respondent. Then, when I checked to the all entries and report, the email address is gone. I checked in audit log, there is a record thatHow to select multiple notes at once in the PC client?
In the PC client, you can select notes using ctr+LMB. But why can't you use shift+LMB? PC version 3.2.0How I can add customized Invoice
Hi, I wanna use a customized Invoice, how i can add thatZoho Analytics Pivot Table - How to compare month vs last year same month
Hi, I had created a pivot table with setup as below: Column: - Delivery Date Row: - Customer Group Data as column - Total amount (sum > normal) (show data of the month) - Total amount (sum > % difference from previous value) (compare between this monthRecorded imported goods
I have imported some goods from a foreign vendor called ABC. to Bahrain. My Customs duty and VAT are paid by an agency called XYZ to authorities. I have paid the amounts to XYZ and they have paid to authorities in behalf of us using our TRN Number. NowNotes created in mobile app not syncing with web notebook
I have created certain notes in a new notebook in mobile app. The new notebook is also created using mobile app and when I logged in through web I am unable to see notebook that I have created using mobile app. there is no trace of notes in which i have created in mobile app on the web even after days of creating in mobile app This is not the case vise-a-versa. the notes and note book created on web are accessible on mobile app on real time. this is very inconvenient and big demotivating factorMatch Transaction > Filter | Allow wildcards in search
The Filter function is useful for narrowing down to a specific set of transactions. It would be useful to have the ability to use wildcards in search. e.g. customer name "starts with" or " * " as a placeholder. e.g. "National * " instead of "NationalMarketing Automation Emails Going to Spam
Google is trapping all the marketing automation emails in spam. My domain has a perfect reputation and it looks like Zoho has a low reputation which is sending it to spam. When I pull the email out of spam and click on a link in the email, I get thisConvert Request to Forum Topic
I know you can convert a forum topic to a request and a request to a solution in the knowledge base, but how do you convert a request to a forum topic? Is this possible? If not is this a feature coming down the pipe in the near future? Thanks!Zoho Sign / Prefill By You - Editable by Them!
Zoho Sign seems to have two field options available - an empty field for signer(s) to complete or a field that has been prefilled by you, that becomes read only once sent. What I would like is an option on the pre-filled by you fields, to leave themIs the Contacts sync between Campaigns and CRM bi-directional?
Is the Contacts sync between Campaigns and CRM bi-directional?Task does not syncing to google calendar shedual
Hi why does the tasks activities do not syncing with the google calendar like the event option does?Bug with Zobot Human transfer
I have configured the brand, the operator, and the Zobot in Spanish. However, no matter what I do, it always says "YES" instead of "Sí" or "Sure, why not " instead of "Claro, ¿por qué no?" when asking if the user wants to contact a human operator. TheThis mobile number has been marked spam. Please contact support.
Hi Support, Can you tell me why number was marked as spam. I have having difficult to add my number as you keep requesting i must use it. My number is +63....163 Or is Zoho company excluding Philippines from their services?Something went wrong. One or more fields contain errors
I am getting this error but there is no way to debug what field is causing the issue . I have over 100 fields. Everything was working fine and then i fixed some fields that should have the same field names but had a typo and i am getting this error. ItIntegrating Zoho Desk Instances from two separate organizations
Is it possible to integrate Zoho Desk with an instance from another organization? For example, creating a ticket in one organization can cause the creation of a ticket in the second organization? Or certain tickets from one organization be viewable byKnowledge base bug - Error: Article couldn't be updated.
It took me a while to figure this out, truly one of the most irritating bugs in Zoho. I hope you find this information helpful. When using the knowledge base to create articles, make sure your keywords are in lowercase and separated by commas. Otherwise,Is this possible with Campaigns?
My company is currently moving CRM's from Monday to Zoho One. Currently, our marketing lead process is send out 7 sms messages over 14 days if the lead is in a certain status. If we don't get a response the lead is put into a "Closed" status. Do we buyHow to view two portals (Zoho CRM & Zoho Books) in single login
Hello there, I need to create a portal access for the Customers. Customer data present in two applications namely Zoho CRM & Zoho Books. My requirement is to show the two different portals(Zoho CRM Portal & Zoho books Portal) in single login. I couldUpdating Bounced Contacts in Campaigns to the CRM
The article explains how to update Opt-outs from Campaigns to CRM, but not bounces. While Campaigns will automatically remove any bounced emails from future campaigns, is there a process by which a bounce will update or make a notification in the CRMBandwidth, voice and poor video
Dear Team, The webinar has made things quite easy and convenient for educators around the world. We are an art & culture-based organization where students and researchers are our major audience. While using the Zoho webinar platform, we have observed that the audio lags and the video is of poor quality and often freezes. Some participants don't hear what is being spoken. We also found that even a slightly slow internet connection disrupts the webinar while it should be working well even on lowerZoho books and venmo
Hi, Is there a way to hook Venmo into zoho books? I have a Venmo business account and want to be able to sync that. I know you can do it with the paypal integration but I dont want to use paypal for the fees and that doesnt allow me use/integrate my currentGlobal Sets for Multi-Select pick lists
When is this feature coming to Zoho CRM? It would be very useful now we have got used to having it for the normal pick lists.550 5.4.6 Unusual sending activity detected. Please try after sometime. <a href=https://www.zoho.com/mail/help/usage-policy.html target=_blank>Learn more.</a>
Please help me with this. Sending of mails is blocked.The Social Wall: November 2024
Hey everyone, As we move into December, we're excited to share all the updates that went live in Social during November. View, monitor, and respond to your WhatsApp and Telegram messages from Inbox Take your communication a step further by integratingSegmenting Contacts Based on Product Purchased
I am trying to organize our main Marketing Automation email list in a way that segments contacts based on products they have purchased (for example in this case it is 3 different products). To my knowledge, this would require the sync from Zoho CRM toUrgent Assistance Needed with DKIM Verification
Hi, I have been trying to verify the DKIM for the past month using your instructions as well as other resources. Unfortunately, I have not been able to resolve the issue, and it remains persistent. I need to address this problem as soon as possible soHow do I attach tasks from one task to other tasks in the same project
How do I attach tasks from one task to other tasks in the same projectIncorrect Handling of XLSX data
Trying to import an XLSX schedule of bills into Zoho Books I ran across the problem of date formatting. To replicate: Build a CSV file with bill dates in whatever format you like and import it - this should work if you match the "dd/MM/yyy" etc. formatZoho Books Invoice Salesperson: requires ID but there is no "Fetch salesperson" action
Hi, I am trying to attach a Salesperson to a Zoho Books invoice. In Zoho Flow, the salesperson field required an ID. However, I only have the salesperson name, I need to fetch salesperson by name and then provide the ID. There is no option to fetch salesperson...Change format of quantity format
Hi, I would like to change the qunatity format from 1,00 to 1. Is this possible? thanks!Ticket Views: filter criteria -> dynamic date values in relation to the current date
Hello all, It would be very helpful if you could build custom views in such a way that you do not have to adjust the criteria daily or at whatever interval in order to change the fixed date value as needed. For example, I would like to create a view that,Next Page