Org-specific OAuth2.0 Tokens in Zoho CRM
Hello everyone!
This post is to inform you that there is an update to the OAuth2.0 flow for CRM while generating the authorization code (grant token).
Web-based Clients
The Current Flow
- The user clicks the Login with Zoho button on any third-party app.
- The app redirects the user to the Zoho Login page, and the user enters the Zoho credentials.
- A pop-up, similar to the one below, appears asking for the user's consent that the app wants to access certain user data.
- When the user clicks the Accept button, Zoho Accounts redirects the user to the app with the authorization code (grant token) in the URL.
- Using this grant token, the app owner generates access and refresh tokens to access user's data.
- The app can use the same access and refresh token regardless of the environment (Production, Sandbox, or Developer) in which the user data is present. All the app owner has to do is change the API domain URL in the API requests.
In the current flow, the app owner can use a single access and refresh token for a user and make API calls to any environment. It is sufficient just to change the API domain URL in the API requests.
The New Flow
- The user clicks the Login with Zoho button on any third-party app.
- The app redirects the user to the Zoho Login page, and the user enters the Zoho credentials.
- A new pop-up, similar to the one below, appears to ask the user to choose the environment-specific org, such as Production, Sandbox, or Developer, whose data the app can access.
- The user selects one of the orgs from the available ones and clicks Submit.
- Zoho Accounts now takes the user to the consent page that displays the chosen org and the data (scope) that the app wants to access.
- When the user clicks Accept, Zoho Accounts redirects the user to the app with the authorization code in the URL.
- Using this grant token, the app owner generates access and refresh tokens to access user data specific to the environment.
In this flow, the user can choose to grant access to the application only to a particular org (either in the Production, Sandbox, or Developer instance of CRM). Therefore, the access and refresh token generated for a user becomes org-specific in an environment. For instance, the app cannot use tokens generated for an org in the Production environment to make API calls to the orgs in the sandbox or developer accounts.
Self Clients
The Current Flow
- Go to Zoho developer console.
- Choose your self client.
- Enter the scope, choose the time duration the authorization code is valid for, and enter a description.
- Click Create.
- The authorization code will be displayed.
- Use this code to generate access and refresh tokens.
Here, you can use the same access and refresh tokens to make API calls irrespective of the org or the environment. You must only change the API domain URL.
The New Flow
- Go to Zoho developer console.
- Choose your self client.
- Enter the scope, choose the time duration the authorization code is valid for, and enter a description.
- Click Create. A pop up displays the list of portals as shown below.
- Choose a portal. This displays the list of environments and different orgs under each environment.
- Select the org in an environment you want to generate the authorization code for.
- Click Generate. The authorization code will be displayed.
In this flow, the access and refresh tokens are specific to only the org and the environment they were generated for. You cannot use the org-specific tokens in an environment to make calls to another org in an environment.
Why are we making this change?
Increased security and restricted data access.
In this flow, the user can grant access to the app only to a particular org in an environment. Therefore, when the access token is breached, the data in the orgs under other environments are still safe.
Who should be concerned?
The application owners who use the same access and refresh tokens to make API calls to more than one environment, must ensure to use tokens specific to the org and the environment they were generated for.
This update will be opened to customers in phases from today (May 07, 2020).
Write to us at support@zohocrm.com if you have any questions.
Cheers!
Shylaja
Zoho CRM
Access your files securely from anywhere
Centralize Knowledge. Transform Learning.
All-in-one knowledge management and training platform for your employees and customers.
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Shylaja S
Marco Carolli
Christopher Clement Soris J
Krunal Panchal
Praveen Sankar
Sticky Posts
Kaizen #198: Using Client Script for Custom Validation in Blueprint
Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Kaizen #226: Using ZRC in Client Script
Hello everyone! Welcome to another week of Kaizen. In today's post, lets see what is ZRC (Zoho Request Client) and how we can use ZRC methods in Client Script to get inputs from a Salesperson and update the Lead status with a single button click. In thisKaizen #222 - Client Script Support for Notes Related List
Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore howKaizen #217 - Actions APIs : Tasks
Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.Kaizen #216 - Actions APIs : Email Notifications
Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Introducing parent-child ticketing in Zoho Desk [Early access]
Hello Zoho Desk users! We have introduced the parent-child ticketing system to help customer service teams ensure efficient resolution of issues involving multiple, related tickets. You can now combine repetitive and interconnected tickets into parent-childSeparate Items & Services
Hi, please separate items and services into different categories. Thank youLog a call: Call Duration for Inbound is mandatory but inbound is optional
Hi Team Can you advise on why the call duration for the inbound call type is a mandatory field? We have a use case where we are manually logging a call but do not use the call duration field. The field does not have the option to make it non mandatoryZoho Sign 2025–2026: What's new and what's next
Hello! Every year at Zoho Sign, we work hard to make document signing and agreement execution easy for all users. This year we sat down with our head of product, Mr. Subramanian Thayumanasamy, to discuss what we delivered in 2025 and our goals for 2026.New Account, Setting up Domain Question
Hello, I recently set up a new account with a custom domain. But after paying and setting up my account, it says OpenSRS actually owns the domain, and I have to sign up with them to host my site. But OpenSRS wants to charge me $95, which is ridiculous.【開催報告】東京 Zoho ユーザー交流会 NEXUS vol.1 ~ データドリブン経営・少人数組織のCRM活用・AIエージェントの最前線 ~
ユーザーの皆さん、こんにちは。 コミュニティグループの中野です。 2026年3月27日(金)、東京・新橋にて「東京 Zoho ユーザー交流会 NEXUS vol.1」が開催されました。 今回は「マーケティング領域のZoho 活用法 × AI」をテーマに、ユーザーさん2名による事例セッション、Zoho 社員によるAIセッションなどを実施しました。 ご参加くださったユーザーの皆さま、ありがとうございました! この投稿では、当日のセッションの様子や使用した資料を紹介しています。残念ながら当日お越しいただけなかった方も、ぜひチェックしてみてください。Monthly Webinar : Getting Started with Zoho LandingPage
Our monthly Getting Started with Zoho LandingPage webinar is back! If you're building your first page and want a little guidance, this is where to start. Learn how landing pages fit into your strategy, generate leads, and improve conversions. Here’s whatMass emails - Allow preview of which emails will receive the email based on the criteria
Feature request. Please allow us to view and confirm the exact recipients of the mass emails based on the criteria we've chosen before sending. It can be quite sensitive if you send the mass email to some wrong accounts accidently, so it would be greatLimitation in Dynamic Constant Sum Based on Previous Question Selections in Zoho Survey
Zoho Survey supports the Constant Sum question type, allowing respondents to distribute a fixed total (such as 100) across a set of options. However, it does not support dynamically populating these options based on selections made in a previous question.SAP Business One(B1) integration is now live in Zoho Flow
We’re excited to share that SAP Business One (B1) is now available in Zoho Flow! This means you can now build workflows that connect SAP B1 with other apps and automate routine processes without relying on custom code. Note: SAP Business One integrationsync two zoho crm
Hello everyone. Is it possible to sync 2 zoho crm? what would be the easiest way? I am thinking of Flow. I have a Custom Module that I would like to share with my client. We both use zoho crm. Regards.Import MSG to Yandex Mail Account | Fast & Reliable Solution
If you are facing problem to import MSG files to Yandex Mail account can be challenging if done manually, especially when handling multiple files. A reliable solution is using the MacGater Mac MSG Converter, which simplifies the entire process with accuracyCopy all reports in a folder
I currently have a database that I need to create multiple charts filtered by market. All of the charts are identical, I just change to of the filters and then I have the next market's set of charts. The only way I've been able to copy charts (reports)OpenURL working Intermittently
Never had this issue before, everything was working fine up to a few days ago. We have a buttons on reports to open forms with pre-filled fields. Now, there are instances where it will throw and error and gives no feedback. What is really strange is notZoho Recruit mailserver get blocked by Microsoft!
Hi, We have experienced this issue twice now, where Zoho Recruit outbound IP addresses are being blocked by Microsoft. We are confident that Microsoft is the blocking party, as all outbound emails to candidates with @hotmail.com, @live.com, and @outlook.comCalculate Hours Minutes Sec in Zoho Creator Using Deluge
check_In = "8-Aug-2023 10:00:00".toDateTime().toLong(); checkout = "8-Aug-2023 18:00:00".toDateTime().toLong(); //difference = start.timeBetween(end); check_In = "8-Aug-2023 17:56:50".toDateTime().toLong(); checkout = "8-Aug-2023 18:00:00".toDateTime().toLong();Build Smarter Apps with AI in Zoho Creator
Build Smarter Apps with AI in Zoho Creator This is truly the era of AI, and businesses that adapt now will lead tomorrow. Zoho is already moving ahead in this direction, continuously evolving its platform with powerful AI capabilities. With Zoho Creator,Zia Dashboard Insights : turn your dashboard into decisions
When you look at a chart or KPI in a dashboard, you would possibly see something like: Revenue: $2.4M ↓ 18% vs last month. It can be a positive growth or a negative one, or a dip in revenue, a spike in deals, a slowdown in renewals—all you usually seeTickets without registration
Hi, would it be possible to give customers the opportunity to be able to read their tickets without registration?Zoho Desk Answer Bot vs. Zia Agents – Knowledge Base & Ticket Access
Hi everyone, I’m currently evaluating AI options in Zoho Desk and ran into some limitations with the Answer Bot: Answer Bot limitations Only uses Knowledge Base articles No access to tickets Limited control over sources: Either one Help Center or allComo estruturar automações eficientes no Zoho Creator
Como estruturar automações eficientes no Zoho Creator Introdução No contexto de aplicações empresariais, automação não é apenas uma conveniência, é um fator crítico para ganho de produtividade, redução de erros e escalabilidade operacional. O Zoho CreatorChanging the status of a work-order
Is there a way to change the status of a work-order?Online Payment Fees
We don't take many online credit card payments so the merchant service provider (PayPal) charges us the 2.9% fee for processing the amount. I would like the ability for the fee to be automatically added to the total amount for "ease of payment". We'dWhat is a realistic turnaround time for account review for ZeptoMail?
On signing up it said 2-3 business days. I am on business-day 6 and have had zero contact of any kind. No follow-up questions, no approval or decline. Attempts to "leave a message" or use the "Contact Us" form have just vanished without a trace. It stillZia Agents in Zoho CRM: a better way to set up digital employees
Hello everyone, If you've been using Zia Agents in Zoho CRM, so far using Connections was the only deployment method you're familiar with. You create an agent in Zia Agents (define its objective, write instructions, use tools, add knowledge base) andBank Feeds
Since Friday my bank feeds wont work. I have refreshed feeds, deactivate and reactivate and nothing is workingLogged out
Hi, just been working on a sheet when a pop up box appeared telling me I'm going to be logged out in x number of seconds and if I reload I may lose any edits, or words to that effect. It did indeed log me out and I did indeed lose my last edits. Any ideaZoho API
I have little experience with API. I'm trying to get a Custom API working with Zoho creator. I have created a Custom API and created an Endpoint URL, but i get a 9400 error code "The provided HTTP method is not valid for this custom API". Based off the#157127950
Where did my initial question go?Zoho writer unable to merge documents to PDF with basic fonts in Hebrew or fonts from my computer
I created several forms that will be merged into PDF files through Zoho Writer and I am unable to receive the PDF in the basic fonts of the Hebrew language or in the fonts I have on my computer. The writer exports to PDF an exchange font that looks veryHow I Implemented Subscription-Based Access Control and Expiry Handling in Zoho Creator
I recently worked on a use case where users come into the application to request a service, but they should only be able to continue the process after completing a subscription. The challenge was not just controlling access, but also making sure thatZoho Forms API
Is there any way to get all form entry list using API? Looking forward to hear from youZoho Projects : Task should auto-update to 'In Progress' if timer started
Namaskaram. Right now, if a Task's timer is started, the Task stays in 'Not Started' status. One has to manually update it to 'In Progress'. From a #uxdesign standpoint, it is an unnecessarily two step process to start working on a task. It would be better that, if I start the timer on a task, it should automatically change to 'In Progress' status. Crafted with ❤️ Zoho Gurus | Zoho One Practice Team @ CubeYogi Zoho Authorised Partner | 7+ Yrs | 200+ Projects | 100+ CustomersLaatste facturen en betalingen niet zichtbaar in mijn account
Wij gebruiken ZOHO invoice al jaren, maar sinds afgelopen week is mijn laatst verzonden factuur niet zichtbaar in mijn account, en tevens de laatst betaalde facturen zie ik niet. Hoe kan dit? Ik heb de pagina al diverse keren gerefreshed.Undelivered Mail uncategorized-bounce errors when sending invoices
Recently we have been getting Undelivered Mail bounce notification when sending invoices. Reason: uncategorized-bounce Some go through no problem some bounce back. We recently sent 10 invoices, 6 received bounce notifications. After reaching out to theCan I import MSG files into Microsoft 365 without Outlook?
Yes, absolutely. You do not need Outlook installed to import MSG files into Microsoft 365. Aryson MSG file Converter is a dedicated tool that eliminates the Outlook dependency entirely, making the migration process simple and efficient for all users.Feature Request - A Way To Search Item Groups
Hi Inventory Team, I can't find any way to filter or search by fields of Item Groups. It would be great to see that functionality added. I have a use case where a single product might come from 5 or more suppliers and each supplier's item is an Item inZoho Books/Inventory - Update Marketplace Sales Order via API
Hi everyone, Does anyone know if there is a way to update Sales Orders created from a marketplace intigration (Shopify in this case) via API? I'm trying to cover a scenario where an order is changed on the Shopify end and the changes must be reflectedTicket id issues
When I reply a ticket from desktop, it doesn't have ticket id in the subject and it's great. When I reply a ticket from Zoho desk mobile, Zoho adds ticket id in the subject and I don't want that. Please help in this matter.Advanced email configuration - agent's name vs. department name
We currently have all four Advanced Configuration options turned ON at the Global-level (Channels > Email > Advanced Configuration) - including the "Show Agent name in Ticket replies and outgoing emails" option. We also had that same option turned ONNext Page