1. Overview

1.1 Why best practices matter

1. Improve operational efficiency by automating manual processes
   
2. Provide stronger security and compliance through role-based access and audit trails
   
3. Scale easily as business requirements grow
   
4. Deliver real-time visibility into operations through metrics and dashboards
   

1. Planning your application structure carefully
   
2. Designing for scalability from the beginning
3. Maintaining clean and well-defined data relationships
   
4. Optimizing workflows and Deluge scripts
   
5. Enforcing strong security standards
   

2. Application design

2.1 Choose the right plan

1. As a rule of thumb, it's ideal to have at least 5 - 10 percent more limits than required. This will ensure that your application can scale in case there is a spike in user activity.
   
2. Identify a pricing plan based on your organizational requirements including what type of users will be using the app. For example, if you require external customers to access your application, ensure you choose a plan that offers the customer portal feature.
   

2.2 Application structure and data

1. Before building the application, define the overall structure, design the data model including fields and relationships, identify fields that require encryption, and evaluate the pain points in the existing process.
   
2. Document the application structure. This will make it easier to include changes later.
   
3. Assign meaningful names for all components: forms, fields, reports, workflows, blueprints, pages, variables, functions, and permission sets.
   
4. Use lookup fields to create relationships between the forms to avoid redundant data across forms.
   
5. Set properties like Mandatory and No Duplicate values to fields to maintain data integrity.
   
6. Avoid using subforms to store data that should exist as a standalone entity or be reused across multiple forms. In such cases, use a separate form with lookup relationships instead. This prevents unnecessary duplication, improves data normalization, and ensures that updates to shared data are reflected consistently across the application.
   
7. Well-structured subforms help maintain clean data relationships, reduce redundancy, and improve overall app performance and maintainability.
   
8. Delete components that are not required from the application.
   
9. Specify delete behavior of records (what will happen to any related records when a particular record is deleted). For example, if an employee is deleted, what will happen to the tasks assigned to them.
   
10. Avoid overlapping or conflicting workflows and trigger workflows only when necessary.
    
11. Make and extensively test changes to the application in the development environment before publishing to stage and production.
    
12. Use the scheduled app backup feature to create periodic backups.
    
13. Ensure proper role-based access control, maintain data integrity through validations, and test thoroughly before deployment.
    
14. To implement a data lifecycle strategy in Zoho Creator, you can automate the handling of inactive or outdated records using schedule workflows. This ensures that reports remain optimized while older records are either archived or deleted periodically.
    

2.3 Usability and user experience

You can refer to our Accessibility help page to find out how to build accessible and inclusive apps.

1. Clear component names: Ensure that component names, such as names of forms, reports, pages, and so on, and their descriptions (if any) clearly convey their purpose. Additionally, provide descriptive labels and tooltips for form fields, making form submissions faster and easier.
   
1. For example, instead of "Application Form," use something more specific like "Job Application Form" or "Membership Application Form" for the form name.
   
2. A sample description in the above example could be "Fill out this form to apply for a position at our company. Provide your personal details, work experience, and qualifications."
   
3. For the Name field, you could change it from "Name" to "Enter your full name."
   
2. Keep language straightforward and inclusive: Avoid jargon, idioms, abbreviations, and uncommon phrases. Instead, use clear, straightforward language to enhance user understanding and accessibility.
   
3. Consistency: Maintain consistent and clear labeling for page titles and navigation buttons across all components.
   
4. Testing and user feedback: Periodically test your apps with users who have disabilities and incorporate their feedback into the app design process to create truly accessible user experiences.
5. Documentation standards: Maintain internal documentation and clearly document workflows and automation logic for easier maintenance, future reference, and troubleshooting. Well-documented applications also make it easier to collaborate with other developers and share relevant information with support teams when issues arise.
   
6. Localization: Use Zoho Creator’s multi-language translation support to make your applications accessible to a wider audience and enable seamless collaboration across organizational, geographical, and language barriers.
   

1. Multi-column layouts can be used to break a form into smaller parts.
   
2. Sections can be used to logically group fields based on context.
   
3. Field size and the position of field labels can be set in which the field's input area is displayed when your users access your form from a web browser.
   
4. Tooltips and help texts can be used to help the users understand the inputs required for a field.
   
5. Success messages can be added to acknowledge form submissions.
   
6. Email, SMS, and push notifications can also be configured to be sent to users on relevant actions.
   
7. Appropriate success messages and alerts can be displayed to provide visual assistance.
   

1. Contextual messages can be used to personalize the messages that appear in reports with appropriate content.
   
2. Only the most important and relevant columns should be added to the Quick View of a report.
   
3. Other information can be added to the Detail View and can be grouped logically using blocks.
   
4. Freeze columns of a report to maintain the context of the record when scrolling through a report.
   
5. Conditional formatting can be used to highlight specific records based on certain criteria.
   
6. Frequent actions can be simplified using custom action buttons in addition to the existing system actions, which include edit, delete, duplicate, and view record. These buttons can be configured to have confirmation messages before being executed.
   
7. Custom layouts and record templates can be used to further customize the appearance of records based on context.
   
8. Use Canvas layout builder in Creator to design the detailed view layout of your records, corresponding to your business requirements.
   

1. Pages can be used to create customized dashboards for your applications to get a comprehensive overview of the processes in the application, so it is not advisable to overload it with multiple components.
   
2. Adding more than 10-15 components may increase the cognitive load for users.
   
3. Multiple pages can be created based on context.
   

1. Themes can be used to customize application navigation: top, left, grid navigation.
   

3. Using AI effectively

Zoho GenAI is Zoho’s in house LLM and is available at no additional cost. When using Zoho GenAI, your data remains protected within Zoho’s ecosystem.

3.1 General practices for Zia

Note: Zoho GenAI features, such as script assistance, app and form creation, do not consume Creator AI calls and is free to use. Their usage is governed by the limits of the respective LLM provider configured with Zia.

1. Keeping the following in mind when describing your business prompt:
   
1. What problem do you want the app or form to solve?
   
2. Who is this app intended to be used by?
   
3. What data needs to be processed through the app?
   
2. Don't include sensitive or confidential information in prompts while using AI features.
   
3. Use everyday words to describe what your app or form should collect, track, list, and manage while entering your prompts, such as the following:
   
1. “Create an asset management app for IT administrators to track company assets such as laptops, desktops, and mobile devices. The app should allow adding new assets, assigning assets to employees, tracking asset condition and location, recording maintenance history, and generating reports on asset status. It should include separate forms for assets, employees, asset assignments, and maintenance logs, along with a dashboard to monitor total assets, assigned vs. unassigned assets, and upcoming maintenance schedules.”
   
2. This prompt works because it clearly defines who uses the app (IT administrators), what they need to accomplish (track assets, assign to employees, log maintenance, monitor status), what outputs matter (asset reports, assignment tracking, maintenance dashboard) ”
   
4. AI-generated content may have mistakes. Ensure that the descriptional prompts provided are accurate and appropriate before using it.
   
5. Attempting to create multiple apps in quick succession may exceed the rate limits of the selected LLM and result in errors.
6. While creating scripts using Zia, you can specify the component name, link name, field name, or field link name along with the prompt to effectively utilize your created components for generating accurate scripts.
   
1. For example, if you want to send an email to specific email addresses stored in a field of a form, it’s advisable to clearly mention the form name, the email field name, the criteria for selecting the emails, and the subject content in the prompt to generate a more precise and accurate script.
   
2. An example of well-structured prompts: “Create a script for sending email notifications to the email addresses in the 'Email' field of the 'Orders' form to track the delivery of a product.”
   
7. AI features are available to all paid Zoho Creator users, but each account has a defined limit on the number of AI calls based on its subscribed plan. Monitor and optimize AI usage to stay within your allocated quota and avoid interruptions.

Info: For more best practices to be followed while describing prompts effectively, refer this page.

3.2 Deluge Zia task

1. The Zia task is subject to throttling based on the number of API calls made within a specific time period when using Zoho GenAI. Creator allows up to 7 simultaneous in-flight requests per user and 10 per organization. If this limit is exceeded, subsequent requests may be delayed or temporarily restricted until usage returns to normal.
   
2. You can set the <temperature> parameter to the minimum for higher accuracy and fewer incorrect or fabricated outputs (hallucinations).
   
3. You can also provide an additional message in the <context> parameter specifying the role to be assumed by the AI for improved clarity and more accurate responses.
   

4. Deluge

4.1 Code structure and maintainability

1. Keep the code modular and avoid heavy nesting of scripts.
   
2. Scripts can be indented and comments can be added to them to provide a short overview of the logic and purpose.
   
3. Split large code blocks into smaller, independent chunks to improve readability and maintainability.
   
4. Variables can be given meaningful names to make the script easier to understand and maintain.
   
5. Use functions to create reusable code blocks for frequently used or duplicated logic.
   

4.2 Performance optimization

1. Optimize loops by avoiding unnecessary iteration through large sets of records. Use control statements like break and continue to exit or skip iterations efficiently.
2. You can use Zia Deluge assistance to modify or optimize the existing script if required.
   
3. Use the aggregate record task effectively and fetch all records only when needed.
   
4. Use the built-in functions wherever possible, as they are optimized for performance.
   
5. Prefer using predefined Deluge functions such as equalsIgnoreCase, equals for comparison rather than "==" operator.
   
6. Using indexed fields in criteria helps with fetching relevant records faster. Indexing is a back-end process, please contact us at support@zohocreator.com for assistance in enabling it.
   

4.3 Error handling and debugging

1. Debugging statements like info can be used wherever applicable to identify and troubleshoot errors. Avoid logging sensitive or confidential data, and ensure that unnecessary info statements are removed or commented out.
2. Use try-catch statements to handle exceptions in the code.
   
3. Ensure all syntax errors in Deluge are resolved before saving, as scripts with errors cannot be saved or executed.
4. Logical errors that occur due to poor programming practices and mistakes must be traced and fixed while testing. Any errors in Deluge scripting will only affect the application logic, and will not cause any vulnerabilities

4.4 Workflow and execution management

1. Use an Else-If structure instead of multiple standalone If conditions, so the evaluation stops as soon as a matching condition is found.
   
2. Tasks that do not need to run in real-time can be moved to Schedules or handled using the async task instead.
   

Note: The Async task (development in progress) allows the scripts to run without having to wait for a response. Track its release

1. Use the batch workflows feature to periodically, and automatically handle high-volume or repetitive operations on records. The records are processed based on the configured schedule, and you can break them down into smaller batches of up to 1000. This avoids looping through large sets of records at once, allows processing during non-business hours, and improves overall efficiency.
   

4.5 Security and API handling

1. When using the invokeURL, invoke API, and any other Deluge integration tasks to make API calls, ensure that only the required response data is handled within your script.
   
2. Make use of system variables like zoho.appuri and zoho.appname so that the application link name or the owner name changes do not affect your functionality. This is especially useful for Deluge scripts used inside HTML pages for embedding components.
   

4.6 Platform limits and throttling

1. Ensure Deluge scripts are optimized to stay within the Deluge statement limits. These limits have been set to prevent accidental misuse of resources.
   
2. Workflow execution throttle: Only 100 Deluge Workflows can be executed per IP address per minute.
   

4.7 Prefer configuration over scripting

1. Use in-built features instead of scripting wherever possible. For example:
   
1. Use bi-directional lookup through field properties instead of using scripts to reverse-assign values
   
2. Set default values using the field properties instead of assigning them through scripts
   
3. Use formula fields to perform calculations wherever possible instead of scripting
   

4.8 Deluge editor

1. Syntax assist can be used to assign predefined values and facilitate error-free scripting.
2. Versioning is available to track the various versions and code changes.
   

4.9 Scripts to be avoided

5. Security

5.1 Users and permissions

1. Only the required users should be added to the application, and only the necessary modules should be shared.
   
2. Users or developers who no longer require access to the application should be removed.
   
3. When more than one user is building the app, add the required users as developers instead of sharing the admin credentials.
   
4. Access to APIs, as well as PII (Personally Identifiable Information) and ePHI (Electronic Protected Health Information) data can be given to the necessary permission sets alone.
   
5. Export, delete, view all, and bulk edit permissions must be limited.
   
6. Permission sets that are not required for users and customers can be deleted.
   

5.2 Forms and reports

1. Fields that collect or contain PII and ePHI data should be encrypted.
   
2. Sensitive information can be masked in reports wherever applicable.
   
3. Filters and criteria can be added to reports to ensure only the required information is displayed to users.
   
4. Any sensitive information that is stored can be deleted when it is no longer required.
   
5. Confirmation messages can be associated with custom action buttons.
   
6. It is not advisable to collect or store sensitive information like SSNs or passwords. If collected, the purpose should be stated in the form.
   
7. It is best to avoid storing API credentials in the application.
   
8. Help text or tooltips can be associated with fields to elaborate on the reason for collecting the data.
   
9. Note fields can be added in forms to specify the purpose of data collection.
   
10. It is advisable to deactivate published forms when public access is no longer required.
    
11. Decision box can be used to obtain consent for data collection.
    
12. When collecting details on user location and IP addresses by enabling them in form properties, it is advisable to inform them of this and obtain their consent. IP address can also be encrypted.
    
13. Actions in reports like Add, Delete, and Duplicate must be reviewed, and can be removed if not required.
    
14. The history of changes made to records can also be tracked using the Audit trail feature.
    

5.3 Workflows and scripting

1. Optimize workflows and Deluge scripts to avoid unnecessary complexity, and automate only where it adds real value.
   
2. Use comments wherever possible.
   
3. Input validations should be done for fields wherever possible.
   
4. Any hyperlinks used in the application should be verified.
   
5. Content in SMS, Email, and push notification tasks should be reviewed.
   
6. OAuth-based authentication should be used wherever possible when invoking APIs.
7. Business logic like functions and schedule workflows can be executed inside the workflow builder itself for testing purposes before being incorporated in the main flow.
   

5.4 Pages

1. JavaScript codes used inside widgets must be reviewed.
   
2. For pages that work based on page variables, make sure to include null checks to prevent the page from displaying errors or irrelevant data.
   

6. Mobile apps

1. The actions and the events during which the actions are triggered like tap of a record, swipe left, and swipe right can be determined and changed.
   
2. Columns in the quick view and detail view of a report can be set according to the app context.
   
3. Custom logo can be uploaded to the applications.
   
4. Applications can be rebranded and published separately for users and customers.
   

7. Related topics

1. GDPR readiness
2. Best practices for platform performance
   
3. Creator help resources