In this week's post in the Kaizen series, we will discuss self client and server-based clients in Zoho CRM. We will explain these two client types in separate videos, along with their practical application using
Java SDKs.
How authorization is done in Zoho CRM?
In Zoho CRM, the protocol used for authorization is OAuth 2.0. OAuth 2.0 is an industry standard protocol specification that enables third-party applications or clients to gain delegated access to protected resources in Zoho via an API.
You can use self client when the app you develop is intended to communicate with your own Zoho account and it doesn't have a domain and redirect URL. You can also use this option when your application is a standalone server-side application performing a back-end job.
Scope
Scope is a set of permissions for which the token has to be generated for a client. OAuth2.0 scopes in Zoho CRM determine a client/web app's access rights to specific resources. Scopes dictate:
- Resource accessed (e.g., Users, Modules, Files)
- Permissible operations (e.g., ALL, READ, WRITE, CREATE, UPDATE, DELETE)
When you register an app in Zoho API Console, you typically choose a client type based on the type of usecase which you are trying to solve using the ap. The different client types available are
- Server-based
- Client-based
- Self client
- Non-browser-based
- Mobile-based
Self Client
When your application does not have a redirect URL or a web UI, operating solely in the backend without requiring user interaction, self client type is the appropriate choice. Consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.
A self-client is commonly employed when both the application and Zoho services are managed by the same person, aiming to establish secure communication between them.
Here's a summary of the process of using self client type:
- Register your app as a self-client in the Zoho API Console.
- Obtain client details such as client ID and client secret.
- Specify the necessary scopes for your app to access CRM data.
- Obtain the grant token.
- Your app should then initiate API calls to Zoho Accounts to create access & refresh tokens using Zoho CRM SDKs
- Utilize this access token for API calls to Zoho CRM.