Secure Webhook Integrations with Connections | Zoho Bot Builder

Connections in Webhook Block

When you’re working with webhooks in a bot flow, whether you’re retrieving data, updating a record, or triggering a third-party service, you often need to establish a secure connection with an external application. That’s where Connections come into play.

Connections act as a secure bridge between your bot and the service you’re calling. Let’s explore what Connections are, why you need them, how to set one up, and where they fit into the larger webhook configuration.

Learn more about webhooks: Introduction to Webhook Block in GC 

What is a Connection?   

A Connection is a secure authentication setup that allows your webhook to interact with another service, like Zoho Desk, CRM, Google Sheets, or a custom API (Check this case), without you having to enter your credentials every time.

When you configure a webhook block, instead of hard coding sensitive details like access tokens or API keys directly into the request, you can simply link to a Connection. This makes your setup safer and easier to manage.

You can create Connections for:
  1. Zoho’s own services (using Zoho OAuth)
  2. Third-party applications like Slack, Google (Built-in)
  3. Stripe and others (as custom Connections)
  4. Internal or custom APIs used by your organization

Why are Connections important?   

Here’s why using a Connection is strongly recommended (and often mandatory):
  1. Keeps sensitive data like tokens, secrets, and API keys hidden and encrypted.
  2. Reuse the same Connection across multiple flows or webhook blocks. No need to configure authentication every time.
  3. If your API token or scope changes, you only need to update it in one place.
  4. When multiple users build bots or flows, everyone can use the same Connection without needing access to sensitive credentials.

Where are Connections used?   

Every time your bot wants to:
  1. Fetch a ticket from the Zoho Desk
  2. Push a new lead into your CRM
  3. Query order status from an external API
… a secure handshake must happen between your bot and the target service. That handshake, whether through OAuth, API key, or another method, is what the Connection handles for you.
This is especially crucial for protected endpoints that require authentication. Without a valid Connection, the API will deny your request.

Types of authentication you can use   

Authentication
Authentication
When creating a Connection, the authentication method depends on the service you’re connecting to:

Service Type
Authentication Method
Example Use Case
Zoho Services
Zoho OAuth
Fetching tickets from Zoho Desk
Third-party APIs
OAuth 2.0
Posting updates to Slack or Google Sheets
Custom APIs
API Key / Basic Auth
Accessing internal databases

For Zoho services, Zoho OAuth is the default and most secure method. 

How to create a connection  

Let’s say you want to get ticket details from Zoho Desk using the Webhook block. Here’s how to set up a Connection:
Set Up Connections
1. Go to the Webhook Block
2. In your bot builder, add a webhook block where the action will take place.



3. Click Add in the Connections section. 

 
4. You’ll be redirected to the Data Retrieval Engine (DRE).
5. Click Create Connection  



6. Choose your service. For Zoho apps, select Zoho OAuth.
7. Enter a Connection Name. Make sure it's something easy to identify, like “ZohoDesk_TicketReader.”
8. The system will auto-generate a Link Name based on your input.
9. Select Scopes.
10. Scopes define what your bot is allowed to do. (For example: ZohoDesk.tickets.READ, allows your bot to read ticket information.       ZohoCRM.modules.ALL, allows access to all CRM modules.)
11. Click Create and Connect once you're done.



12. Complete Authorization  
13. A pop-up will ask you to authorize access: Click Connect



14. When prompted, click Accept to grant the bot permission to perform actions via the API
15. Once accepted, your Connection will be established.



16. Return to Webhook Block.
17. Click Refresh next to the Connection dropdown to see your new Connection listed.
18. Select it and hit Save.



You’re now ready to authenticate securely using this Connection.


Example Use Case
Example Use Case
Imagine your support bot needs to fetch ticket details from Zoho Desk based on a user’s input. Instead of adding a raw token to your webhook

URL like this:
https://desk.zoho.com/api/v1/tickets?ticketNumber=12345

You simply configure the URL, add query params as needed (e.g., ticketNumber = @input.ticketNumber), and choose your pre-configured “ZohoDesk_TicketReader” Connection.

Zoho will authenticate the request using the OAuth token in your Connection. No need to expose or manage tokens manually! 
Learn more about Desk Connections