Kaizen #168 - Incremental Authorization
Welcome to this week's post in the Kaizen series. In this post, we will discuss Incremental Authorization.
What is Incremental Authorization?
Incremental Authorization is an OAuth strategy that allows a client to request specific authorization scopes as and when needed. This means that the client does not have to request every possible scope that might be needed upfront, which might result in a bad user experience. Incremental Authorization is considered a best practice in Oauth Authorization Request as:
- Users are not overloaded with scopes in the initial stage
- Users can control the amount of data they share
Who can use Incremental Authorization?
Server-based applications can make use of incremental authorization
Incremental Authorization Flow
Incremental Authorization FlowWhen a user first signs into the application, the application requests only the essential permissions needed. The user may trigger features that require additional permissions as they engage with the application. When the application identifies this, it follows the below steps:
Initiation Request (Step 1: Get Scope Enhancement Token )
The application makes a POST request to the endpoint /oauth/v2/token/scopeenhance, including the existing refresh token as a parameter. This request is aimed at obtaining a scope enhancement token, which is necessary for requesting additional permissions.
Scope Enhancement Request (Step 2)
After receiving the scope enhancement token, the app then makes a request to the endpoint /oauth/v2/token/addextrascope. In this request, it specifies which additional scopes are needed.
User Consent
The user is presented with a consent screen that details the new permissions being requested. This screen will only show the new permissions required and not those already granted.
If the user approves these new permissions, the refresh token (used in Step 1) and its associated access tokens will be updated to include the newly granted scopes.
Success Response
Upon successful approval by the user, a success response is returned, confirming that the additional scopes have been appended to the existing refresh token.
When is Incremental Authorization Useful?
Let us take a look at two scenarios where incremental authorization is particularly useful.
Scenario 1
Zylker Marketing, a marketing agency, utilizes a custom in-house marketing tool that integrates with Zoho CRM. Initially, the tool has permission to read Leads in Zoho CRM. However, as the marketing team expands their operations, they realize that they require to create new Contacts based on sign-ups and retrieve existing deals data for analysis. The tool is then revamped to create Contacts and view Deals data.
When a marketer who uses the tool tries to create a Contact for the first time, the incremental authorization method is called in the backend. The marketer is redirected to the Zoho login page. Once logged in, the marketer is prompted to give access to the new resources. This enhances the refresh token, and the tool can continue using the same refresh token.
Scenario 2
Consider that you want to use a new Zoho CRM API that just got released as part of the version release. Your refresh token does not have the required scope to access the new API. You can make use of incremental authorization to append the required scope to the same refresh token in these cases.
How can you use Incremental Authorization?
Step 1: Initiation Request
First, you need to send a request to get the scope enhancement token along with the refresh token for which the extra access is required.
Request format
POST {accounts-url}/oauth/v2/token/scopeenhance ?grant_type=update_scopes_token &client_id={client_id} &client_secret={client_secret} &refresh_token={refresh_token} |
The accounts-url is specific to the location (i.e., datacenter) where the client is registered. See all the server-specific URLs.
Request Parameters
You should send the initiation request with the below parameters. All parameters are mandatory
- grant_type: Specify the value as "update_scopes_token".
- client_id: Specify the client-id obtained from the API console.
- client_secret: Specify client-secret obtained from the API console.
- refresh_token: Specify the refresh token to which the additional scopes should be appended.
You will receive a response in the below format
{ "access_token": "{scope_enhancement_token}", "token_type": "update_scope", "expires_in": 600 } |
The scope_enhancement_token received in this response should be passed as a parameter in the next step - scope enhancement request.
Step 2: Scope enhancement request
This request appends the refresh token with additional scopes.
Request format
GET {accounts-url}/oauth/v2/token/addextrascope ?response_type=update_scopes &client_id={client_id} &redirect_uri={redirect_uri} &scope={required_scopes} &enhance_token={scope_enhancement_token} &logout=true |
Parameters
- response_type: Specify the value as "update_scopes".
- client_id: Specify the client-id obtained from the API console.
- redirect_uri : Specify the URI to which the authorization server will redirect the browser back with success or failure response. It has to be the same URI which is provided when registering the app in the API console.
- scope: Specify the scopes of the additional resources for which access is required.
- enhance_token: Scope enhancement token received in the response of the previous initiation request.
- logout: Specify as true if the user's session should be terminated after the permission is granted or rejected.
When this request is called, the application redirects the user to the Zoho Login page, and the user enters the Zoho credentials. Then, the permissions required are displayed once the user is authenticated.
The refresh token will be appended with the additional scopes, and a success response will be returned when the user grants permission. The user will be redirected to the redirect_uri with params status as success and scope_enhanced as true. The user can continue using the same refresh token can be used. If the user rejects the authentication, the system returns a failure response. The user will be redirected to the redirect_uri with params error as access_denied.
You will receive a response in the below formats:
Success Response
{redirect_uri}?status=success&scope_enhanced=true |
Failure Response
{redirect_uri}?error=access_denied |
We hope you found this post useful. We will meet you next week with another interesting topic!
If you have any questions, let us know in the comment section.
Cheers!
Previous Kaizen: Kaizen #167 - Configuration and Initialization of Zoho CRM Python SDK (V7) for different client types |
Kaizen Collection: Directory | Help document link: Incremental Authorization
Access your files securely from anywhere
Centralize Knowledge. Transform Learning.
All-in-one knowledge management and training platform for your employees and customers.
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Mable Mary M P
Sticky Posts
Kaizen #198: Using Client Script for Custom Validation in Blueprint
Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Kaizen #226: Using ZRC in Client Script
Hello everyone! Welcome to another week of Kaizen. In today's post, lets see what is ZRC (Zoho Request Client) and how we can use ZRC methods in Client Script to get inputs from a Salesperson and update the Lead status with a single button click. In thisKaizen #222 - Client Script Support for Notes Related List
Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore howKaizen #217 - Actions APIs : Tasks
Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.Kaizen #216 - Actions APIs : Email Notifications
Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
IA ou je peux trouver comment utiliser IA
Je voudrais utiliser IA dans l'interface zoho pour m'aider quand j'ai des questions de rôle partage ou autre configuration d'automatisation, j'utiliser ChatGPT externe mais il ne connait pas toujours l'interface zoho et les réponses sont parfois longueData Processing Basis
Hi, Is there a way to automate the data processing for a candidate every time an application arrives from job boards, without requiring manual intervention? That is, to automatically acquire consent for data processing. I've seen a workflow that allowsZoho vault instal on windows
I am trying to use Zoho Vault Desktop for Windows, but I am unable to complete the sign-in process. Problem description After logging in to my Zoho account and clicking Accept on the authorization page, nothing happens. The application does not proceedZOHO GLITCHES
Ok, you guys have done a great job at building a platform that has the potential to surmount the competition but these glitches are becoming more than frustrating! This is beyond annoying, I'm trying draft lawsuits and type up privacy and refund policiesNotification to customers when I use a Zoho function
Hi all, I tried searching the community but couldn't find anything about it. I noticed that the customer receives the notification of reopening the old ticket but does not receive the notification of opening a new ticket when I use the function: "separateDate Filters in Zoho Desk Dashboard
Hello Team, Currently, in the Zoho Desk dashboard, the date filter is available only for daily, weekly, and monthly views. Could we also add a yearly date filter to allow filtering by an entire year? Additionally, in the custom date filter, it is currentlyMobile app - offline
If I made a couple of forms and my field guys had the mobile app and were somewhere without signal, could they open the app, complete and sumbit a form and have it upload when they are back in signal (we need different info at different jobs and I'm tryingZoho Survey reminder settings are extremely confusing
Hi, I just want to set 3 reminders, one week apart from the first email out. Your form is too confusing and I don't understand. Can you simplify and be more specific regarding the language used on the form ?Zobot drop down list
Hi, I am trying to create a drop down list in Zobot by creating a plug. I think I am close but I just can't get it over the line and was hoping that someone could help me. I had a little bit of help getting the script started (hence the comments) // DelugeHow to compare a subform lookup field that allows multiple entries when edited
I have a form with a subform with multiple fields. One of the fields is a lookup field that allows a multi select. On edit validation, I want a workflow to execute only when the entries in that subform field has changed. The old. function is not workingTranslation of Tooltip Messages
The descriptive help messages should be available to provide translations for.Business Day Logic Update: More Accurate Scheduling for Your Workflows
Hello everyone, We’re improving how business-day calculations work in workflows, especially when triggers happen on weekends. This update ensures that offsets like +0, +1, and +2 business days behave exactly as intended, giving you clearer and more predictableLead Blueprint transition in custom list view
Hi, Is It possible to insert the Blueprint transition label in a custom Canvas list view? I am using Lead module. I see the status, but it would be great if our users could execute the Blueprint right from the list view without having to enter the detailedEmail Notifications not pushing through
Hi, Notifications from CRM are not reaching my users as they trigger. We have several workflow triggers set up that send emails to staff as well as the notifications users get when a task is created for them or a user is tagged in the notes. For the past 6 days these haven't been coming through in real time, instead users are receiving 30-40 notifications in one push several hours later. This is beginning to impact our daily usage of CRM and is having a negative effect on our productivity becauseDebit opening balances of vendors
Dear colleagues: I am looking at the trial balance as on 31st March 2024, and punching opening balances (1st April 2024) in Zoho Books. Vendors have credit balances, by its nature, but some of our vendors have debit balances as well (e.g., we have paidIs there an equivalent to the radius search in RECRUIT available in the CRM
We have a need to find all Leads and/or Contacts within a given radius of a given location (most likely postcode) but also possibly an address. I was wondering whether anyone has found a way to achieve this in the CRM much as the radius search in RECRUITAllow Text within a Formula
Hi, I would like to be able to use this for others things like taking an existing Date Field and copying its value, so by entering getDay(Date)&"-"&getMonth(Date)&"-"&getYear(Date) it results in 01-02-2026. And then when the Date is changed so is thisChange Number Field to Decimal Field
Hi, It would be nice to be able to change the field type without having to delete it and create a new one, messing up the database and history. Thanks DanPipeline.Company Name field shows up as numbers! [Bigin Developer Console > Component > URL]
Hi there, I am setting up to invoke URL to send infromation zoho bigin > zoho forms with company name pre-fill in the form. however when I use : ${Pipelines.Company Name} field it shows up as a string of number instead of words. Help.Add specific field value to URL
Hi Everyone. I have the following code which is set to run from a subform when the user selects a value from a lookup field "Plant_Key" the URL opens a report but i want the report to be filtered on the matching field/value. so in the report there isHow to Move Behavior, Acquisition, Polls & Forms Data from Zoho PageSense to Zoho Analytics?
Hi Zoho Community, I'm looking for a way to transfer data from Zoho PageSense to Zoho Analytics, specifically: Behavioral data (clicks, scrolls, heatmaps, etc.) Acquisition data (traffic sources, campaigns, etc.) Polls and forms data As far as I can tell:Zoho Social - Feature Request - Non-US Date Format
Hi Social Team, I have noticed that there is no option to change the date format from US mm/dd/yyyy to others like dd/mm/yyyy. It would be great to see this added as the platform matures. Thanks for considering this feedback.In arattai received message can't be deleted
The issue has been noticed in following: arattai app (Android) arattai app (Window) arattai web While the message posted by me may be deleted, the ones received from others can't be. The item <Delete> change to <Report> when the message is a receivedZoho CRM Community Digest - December 2025 | Part 1
Hello Everyone! In the first half of December, Zoho CRM rolled out auto-invite for portals, smarter CPQ with Zia suggestions and price rules, and Query Workbench for faster query building. We also highlight other noteworthy conversations you shouldn’tZoho Flow Credits
Hi , I would like to ask the reason why every time I added plus credit but few days later I will return back to default? (as below I add credit to 3000 but today It change back to 1000) Most important is, when the credit fully used, not any reminder toCustom Module Send Email not filling To automatically after adding Email field also
I create custom module in zohoCRM but problem is in custom module when i click send email there in popup To is filling automatic its coming empty which i need to manually add an email there. How can I fix it? I already added the Email field there, butIntroducing Intake Forms
We are excited to announce the release of Intake Forms, a new feature in Zoho Contracts designed to make contract requests simple, structured, and efficient. Intake Forms allow organization members to request new contracts through a web form instead ofeIDAS 2.0: What's changed for digital trust in Europe, and where Zoho Sign stands
Hi there! It's that time of year when many of us get our ducks in a row. A new year often makes us reassess priorities, and for businesses in the EU, it means taking a closer look at how digital identities and electronic signatures work across borders,Directly Edit, Filter, and Sort Subforms on the Details Page
Hello everyone, As you know, subforms allow you to associate multiple line items with a single record, greatly enhancing your data organization. For example, a sales order subform neatly lists all products, their quantities, amounts, and other relevantAdd Israel & Jewish Holidays to Zoho People Holidays Gallery
Greetings, We hope you are doing well. This feature request is related to Zoho People - please don't move it to zoho one! We are writing to request an enhancement to the Holidays Gallery in Zoho People. Currently, there are several holidays available,Any update on much requested feature, to delete attachments without deleting the e-mail body?
People have been requesting the ability to delete e-mail attachments without deleting the e-mail for more than ten years now. The latest I see is marked "Working On It" and a year ago it was supposedly being added, see here: https://help.zoho.com/portal/en/community/topic/is-there-a-way-to-delete-mail-attachments-without-deleting-the-textHow to delete attachments form Zoho mail accounts
I can't find a way to delete attachments from Zoho mail messages, either individually or in bulk. Searches here are providing conflicting results and often talk about workspace, whereas I am only interested in how to delete attachments that are seen withUnable to fetch ticket by custom field value
I'm trying to set up a Flow to fetch a ticket based on a custom field value. This seems like it should be pretty straightforward, but it's not working for me. I keep getting an error saying Zoho Desk says "Extra query parameter 'cf_creator_record_id'Zoho Inventory - Composite Items - Assembly - Single Line Item Quantity of One
Hi Zoho Inventory Team, Please consider relaxing the system rules which prevent an assembly items from consisting of a single line item and outputting a quantity of 1. A client I'm currently working with sells cosmetics and offers testers of their productsWhat's New in Zoho Inventory | Q2 2025
Hello Customers, The second quarter have been exciting months for Zoho Inventory! We’ve introduced impactful new features and enhancements to help you manage inventory operations with even greater precision and control. While we have many more excitingZoho POS App Hanging Issue – Sales Becoming Difficult
The Zoho POS app frequently hangs and becomes unresponsive during billing, making it very difficult to complete sales smoothly. This commonly happens while adding items, during checkout, or at payment time, especially during peak hours. These issues causeWriting by Hand in "Write" Notes
Hi there! I just downloaded this app a few moments ago, and I was wondering if there was a way to write things by hand in "Write" mode instead of just typing in the keyboard. It would make things a bit more efficient for me in this moment. Thanks!Zoho Mail Verification Following DNS Switch from Cloudflare to Hosting Provider
I initially configured my domain’s ( https://roblozapk.com/ ) email with Zoho Mail while using Cloudflare to manage my DNS records such as MX, SPF, and DKIM. At that time, all email services were working correctly without any issues. Recently, I removed"Spreadsheet Mode" for Fast Bulk Edits
One of the challenges with using Zoho Inventory is when bulk edits need to be done via the UI, and each value that needs to be changed is different. A very common use case here is price changes. Often, a price increase will need to be implemented, andSAML in Zoho One vs Zoho Accounts
What is the difference between setting up SAML in Zoho Accounts: https://help.zoho.com/portal/en/kb/accounts/manage-your-organization/saml/articles/configure-saml-in-zoho-accounts ... vs SAML in Zoho One?: https://help.zoho.com/portal/en/kb/one/admin-guide/custom-authentication/setting-up-custom-authentication-with-popular-idps/articles/zohoone-customauthentication-azureNext Page