Org-specific OAuth2.0 Tokens in Zoho CRM
Hello everyone!
This post is to inform you that there is an update to the OAuth2.0 flow for CRM while generating the authorization code (grant token).
Web-based Clients
The Current Flow
- The user clicks the Login with Zoho button on any third-party app.
- The app redirects the user to the Zoho Login page, and the user enters the Zoho credentials.
- A pop-up, similar to the one below, appears asking for the user's consent that the app wants to access certain user data.
- When the user clicks the Accept button, Zoho Accounts redirects the user to the app with the authorization code (grant token) in the URL.
- Using this grant token, the app owner generates access and refresh tokens to access user's data.
- The app can use the same access and refresh token regardless of the environment (Production, Sandbox, or Developer) in which the user data is present. All the app owner has to do is change the API domain URL in the API requests.
In the current flow, the app owner can use a single access and refresh token for a user and make API calls to any environment. It is sufficient just to change the API domain URL in the API requests.
The New Flow
- The user clicks the Login with Zoho button on any third-party app.
- The app redirects the user to the Zoho Login page, and the user enters the Zoho credentials.
- A new pop-up, similar to the one below, appears to ask the user to choose the environment-specific org, such as Production, Sandbox, or Developer, whose data the app can access.
- The user selects one of the orgs from the available ones and clicks Submit.
- Zoho Accounts now takes the user to the consent page that displays the chosen org and the data (scope) that the app wants to access.
- When the user clicks Accept, Zoho Accounts redirects the user to the app with the authorization code in the URL.
- Using this grant token, the app owner generates access and refresh tokens to access user data specific to the environment.
In this flow, the user can choose to grant access to the application only to a particular org (either in the Production, Sandbox, or Developer instance of CRM). Therefore, the access and refresh token generated for a user becomes org-specific in an environment. For instance, the app cannot use tokens generated for an org in the Production environment to make API calls to the orgs in the sandbox or developer accounts.
Self Clients
The Current Flow
- Go to Zoho developer console.
- Choose your self client.
- Enter the scope, choose the time duration the authorization code is valid for, and enter a description.
- Click Create.
- The authorization code will be displayed.
- Use this code to generate access and refresh tokens.
Here, you can use the same access and refresh tokens to make API calls irrespective of the org or the environment. You must only change the API domain URL.
The New Flow
- Go to Zoho developer console.
- Choose your self client.
- Enter the scope, choose the time duration the authorization code is valid for, and enter a description.
- Click Create. A pop up displays the list of portals as shown below.
- Choose a portal. This displays the list of environments and different orgs under each environment.
- Select the org in an environment you want to generate the authorization code for.
- Click Generate. The authorization code will be displayed.
In this flow, the access and refresh tokens are specific to only the org and the environment they were generated for. You cannot use the org-specific tokens in an environment to make calls to another org in an environment.
Why are we making this change?
Increased security and restricted data access.
In this flow, the user can grant access to the app only to a particular org in an environment. Therefore, when the access token is breached, the data in the orgs under other environments are still safe.
Who should be concerned?
The application owners who use the same access and refresh tokens to make API calls to more than one environment, must ensure to use tokens specific to the org and the environment they were generated for.
This update will be opened to customers in phases from today (May 07, 2020).
Write to us at support@zohocrm.com if you have any questions.
Cheers!
Shylaja
Zoho CRM
Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Shylaja S
Marco Carolli
Christopher Clement Soris J
Krunal Panchal
Praveen Sankar
Sticky Posts
Kaizen #197: Frequently Asked Questions on GraphQL APIs
🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Kaizen #198: Using Client Script for Custom Validation in Blueprint
Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Celebrating 200 posts of Kaizen! Share your ideas for the milestone post
Hello Developers, We launched the Kaizen series in 2019 to share helpful content to support your Zoho CRM development journey. Staying true to its spirit—Kaizen Series: Continuous Improvement for Developer Experience—we've shared everything from FAQsKaizen #193: Creating different fields in Zoho CRM through API
🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.Client Script | Update - Introducing Commands in Client Script!
Have you ever wished you could trigger Client Script from contexts other than just the supported pages and events? Have you ever wanted to leverage the advantage of Client Script at your finger tip? Discover the power of Client Script - Commands! Commands
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Can't change form's original name in URL
Hi all, I have been duplicating + editing forms for jobs regarding the same department to maintain formatting + styling. The issue I've not run into is because I've duplicated it from an existing form, the URL doesn't seem to want to update with the newNeed Inactive accounts to be visible in Reports in Zoho Books
I N=need Inactive accounts to be visible in Reports in Zoho Books to do recons of the accounts but when i see the same they are not visible in the Accountant - Account Transactions reportunblock e-mail
please unblock my e-mails info@meatnews.gr and myrtokaterini@meatnews.grAdd Zoho Mail for users who do not need Zoho One
We have licenses for ZOho One for teams that need to use the suite of products that Zoho One offers. We have 8 more people who only need email access and we would like to add just a Zoho Mail. They do not need the Zoho One license. We are currentlyZoho Projects - Q2 Updates | 2025
Hello Users, With this year's second quarter behind us, Zoho Projects is marching towards expanding its usability with a user-centered, more collaborative, customizable, and automated attribute. But before we chart out plans for what’s next, it’s worthZML vs HTML Snippet - which is better?
Are there certain use cases where one is better than the other?Auto CheckOut Based On Shift.
This Deluge script runs on a scheduled basis to automatically set the 'Actual_Check_Out' time for employees who haven't manually checked out. If the current time is past their scheduled 'Shift_End_Time', the script updates the check-out time to matchHow to remove some users in zoho accounts
How to remove some users in Zoho accounts.Customizing Form Questions per Recipient Group in Zoho Campaigns/Forms
Hello everyone, I would like to ask if it’s possible in Zoho Campaigns or Zoho Forms to send out a campaign where the form questions can be customized based on the group of recipients. Use case example: I have prepared 20 questionnaire questions. ForInfinite loop of account verification
Hi I can't do anything on my zoho account. I always get this message Hi Sheriffo Ceesay As a security measure, you need to link your phone number with this account and verify it to proceed further. When ever I supply the details, it displays that the number is associated with another account. I don't have any other account on zoho so this is really annoying.Load PO_Date field (Purchase Order) with current date in Deluge
Hi, I'm not a full time developer, just helping to customize our CRM, in the small company I work for. There must be something wrong with me, because I can't do something so simple as complete a field with the current date in a function using Deluge.Zoho CRM in Microsoft Power Automate Custom Connector
Hi everyone, I’m building a Power Automate flow that integrates Microsoft Bookings with Zoho CRM. The goal is to automatically create a meeting (event) in Zoho CRM whenever a new appointment is booked via Microsoft Bookings. To achieve this, I createdSpell check sucks
Come on guys, it's 2024 and your spell check is completely retarded. You gotta fix it.How to include total km for multiple trips in expense report.
Whenever I create a mileage report it only shows the total dollar amount to be reimbursed. The mileage for each individual trip is included but I also need to see the total distance for all trips in a report? How do I do this?Outgoing blocked: Unusual activity detected.
I just made payment for my Zohomail Today and have been debited so i will like to be Unblocked because this is what it says (Outgoing blocked: Unusual activity detected) Thank you i await your swift responsesZoho One Login Issue - Unable to receive OTP
Hi Support Team, I am experiencing a unique login issue with Zoho One. I am attempting to log in from India using Zoho Login credentials provided by a USA-based client. Their Zoho account is hosted on a US data center. After entering the username andQuestion Regarding Managing Sale Items in Zoho Books
Good day, I was wondering about something. Right now, Zoho Books doesn’t seem to have a way to flag certain items as being on sale. For example, if I want a list of specific items to be on sale from October 1 to October 12, the user would have to exportIn the Zoho Creator Customer Payment form i Have customer field on select of the field Data want to fetch from the invoice from based on the customer name In the Customer Payment form i Have subf
In the Zoho Creator Customer Payment form i Have customer field on select of the field Data want to fetch from the invoice from based on the customer name In the Customer Payment form i Have subform update Invoice , there i have date field,Invoice numberProblem of Import Client Users From CRM and or Expense
I am premium plan user on Projects. I have about 500 customers on Expense and CRM that integrated with each other. According to at below link, I am trying to import clients from CRM, system not allowed to select any customer. If I import from Expense,Unable to see free plan option
Hello Zoho Support Team, I hope you are doing well. I am trying to sign up for Zoho Mail, but I am unable to see the option for the free plan. Could you please guide me on how I can access or activate the free plan? Thank you for your assistance.unblock my zoho mail account. outlines@zoho.com
please unblock my zoho mail account, outlines@zoho.comdomain not verified error
Hi when i try to upload a video from zoho creator widget to zoho work drive iam getting domain not verified error.I don't know what to do .In zoho api console this is my home page url https://creatorapp.zoho.com/ and this is my redirect url:www.google.com.Iamequest to Disassociate Bigin from Zoho One and Migrate to Standalone (Upgrade to Bigin Premier – 3 Seats, Annual)
Dear Zoho One Support Team, I’m writing to request your assistance to disassociate (remove) the Bigin application from our Zoho One organization while preserving all existing Bigin data. After the disconnection is successfully completed, we intend toSMTP email sending problem
Hello, I've sent emails before, but you haven't responded. Please respond. My work is being disrupted. I can't send emails via SMTP. Initially, there were no problems, but now I'm constantly receiving 550 bounce errors. I can't use the service I paidbilling
hi, I am being billed $12/year, and I can't remember why. My User ID is 691273115 Thanks for your help, --Kitty PearlHow to add receipts
How to add receiptsUnable to enable tax checkboxes
Hi Zoho Commerce Support, I'm writing to report an issue I'm having with the tax settings in my Zoho Commerce store. I've created several tax rates under Settings > Taxes, but all of them appear with the checkbox disabled. When I try to enable a checkbox,Does Zoho Learn integrate with Zoho Connect,People,Workdrive,Project,Desk?
Can we propose Zoho LEarn as a centralised Knowledge Portal tool that can get synched with the other Zoho products and serve as a central Knowledge repository?Zoho Commerce - Enable Company Name and Tax Number collection for B2B orders in Global Edition
Please enable Company Name and Tax Details option on checkout settings in Zoho Commerce Global Edition. It is still important to collect Company Name and Tax Number for B2B sales in many countries. My business is based in Ireland (in the EU) and I haveZohoSign and ZohoBooks Integration/Workflow
Hello All, We utilize ZohoSign for signatures on tax eFiles. We utilize Dynamic KBA. Additionally, we use ZohoBooks for invoicing for these services. Is there a way to accomplish the following: Send a copy of the Tax Return, Invoice and eFiles in oneManage monthly tasks with projectsf
Hi All I run a finance and operations team where we need both teams to complete monthly tasks to ensure we hit our deadlines. Can Zoho projects be used for this. There many finance focused tools but we have Zoho one so want to explore Thanks WillZoho Suite is very slow
Since today Zoho is incredibly slow over all applications! What's going on?How can I track which zoho users are actively using Zoho CRM
I have several licenses of Zoho CRM. We now need to add a new user. I could purchase a new license, but before I do, I would like to see if any of our existing users are not actively using the license assigned to them. How can I determine the activityIs anyone else having trouble saving a custom image in their email signature, or is it just me?
When I try to save the image I get an error that says "Operation Failed" I opened a support ticket two weeks ago and received a response that it would be debugged, but it still isn’t workingCombine and hide invoice lines
In quickbooks we are able to create a invoice line that combines and hides invoices lines below. eg. Brochure design $1000 (total of lines below, the client can see this line) Graphic Design $600 (hidden but entered to reporting andOption to Disable Knowledge Base Section in Feedback Widget Popup Hello Zoho Desk Team
Hello Zoho Desk Team, How are you? We are actively using Zoho Desk and would like to make more use of the Feedback Widget. One of the ways we implement it is through the popup option. At the moment, the popup always displays the Knowledge Base section,Transaction Locking with the dynamic date
Is it possible to dynamically update dates on transaction locking. We want to lock transaction x days from todayZoho Devops
We have a Zoho one account which we have integrated with an SAS educational product, sold on a subscription model, using webhooks and API calls. We make some use of custom fields and cross module lookups and relationships. We utilize CRM, Books and billingFuel up your sales with the Zoho SalesIQ + Bigin integration
Hi everyone! We’re happy to bring you the all-new Zoho SalesIQ + Bigin integration. With this, every prospect from your website instantly becomes a contact in Bigin, complete with transcripts and follow-up tasks, so you never lose a lead again. Let'sIntroducing AI-powered Assessments & Zoho's native LLM, Zia
We’ve shipped a cleaner, faster way to create assessments in Zoho Recruit. 🚀 Instead of manually building question banks or copying old templates, you can now generate ready-to-use assessments in just a few clicks, all tailored to the role you’re hiringNext Page