Kaizen #116 - Client Types in Zoho API Console

Kaizen #116 - Client Types in Zoho API Console

Hello everyone!
Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.

Available client types

  1. Server-based
  2. Client-based
  3. Self client
  4. Non-browser-based
  5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:
  1. Users visit your website where you have the Login with Zoho button.
  2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
  3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
  4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
  5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
  6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
  7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
  8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.


You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.


For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
  1. Your app redirects the user to Zoho Accounts.
  2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
  3. The user is shown the data that your webpage would use.
  4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
  5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
  6. Your app must then make API calls to Zoho with this access token to fetch data.
  7. When the access token expires, your app must take care of regeneration and storage.


As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.
  1. You register your app as self client in Zoho API Console.
  2. You will get the client details such as ID and secret.
  3. You provide the scopes required for your app to access CRM data.
  4. You will receive the grant token.
  5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
  6. Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
  1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
  2. Users install a dedicated Zoho ShowTime application on their smart TVs.
  3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
  4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
  5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
  6. When the user enters the user code, Zoho Accounts sends the access token to your app.
  7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.

Here is the protocol flow. For more details, refer to this doc.


5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.



Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.


Cheers!

    • Sticky Posts

    • Kaizen #198: Using Client Script for Custom Validation in Blueprint

      Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

    • Kaizen #226: Using ZRC in Client Script

      Hello everyone! Welcome to another week of Kaizen. In today's post, lets see what is ZRC (Zoho Request Client) and how we can use ZRC methods in Client Script to get inputs from a Salesperson and update the Lead status with a single button click. In this

    • Kaizen #222 - Client Script Support for Notes Related List

      Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore how

    • Kaizen #217 - Actions APIs : Tasks

      Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

    • Kaizen #216 - Actions APIs : Email Notifications

      Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

      • Recent Topics

      • Subscription went to default (@zoho.com) address instead for custom domain

        Hello! So I bought a lite sub to test things out, wanting to use my own domain. However, after passing through all the verification steps (completed now), it seems that the sub I bought was assigned to the default email that I already had with Zoho and

      • Canvas templates and font-family

        i dont understant why its always the smallest things that waste all of my time! why in some videos i see they have tamplates in the Canvas editor and i cant seem to fint it? and why oih why cant i cange the font? i just want simple Arial! help meeeeeeeeee

      • Re: Ca.gory groups and not all email addresses being added to a group emails

        Hi, I have added emails under 'Contacts' into categories but when sending a group email and putting the category name in not all email addresses go onto the email. I have refreshed the page, deleted and redone the info etc with no luck. I only found out

      • IMPORTANT

        Dear Zoho Support Team, I am currently experiencing an issue when trying to send emails from my Zoho Mail account. Each time I attempt to send a message, I receive the following error: "Unable to send message; Reason: 554 5.1.8 Email Outgoing Blocked."

      • Able to Send Emails from Zoho but Not Receiving Emails from Gmail

        Hello, I am experiencing an issue with my shopify domain email setup and would appreciate your help. Current situation: I can successfully send emails using Zoho. I can receive emails from some services (for example, Facebook). However, I cannot receive

      • URGENTImpossible to book an appointement

        J'essaie plusieurs fois mais aucun créneau n''est disponible Message d'erreur lorsque j'essaie de sélectionner une date

      • Antispam validation failed for your domain in Accounts

        I tried adding a domain to zeptomail.zoho.com, but the “add domain” operation failed. The front‑end error reads: “Domain could not be added. Please contact support@zeptomail.com.” The back‑end API returned: ``` { "error": { "code": "TM_3601", "details":

      • Announcing new features in Trident for Windows (v.1.38.5.0)

        Hello Community! Trident for Windows just received a major update, with a range of capabilities that focuses on strengthening and enhancing communication. Let’s dive into what’s new! View complete technical email details. For those who need deeper visibility

      • Windows Desktop App - request to add minimization/startup options

        Support Team, Can you submit the following request to your development team? Here is what would be optimal in my opinion from UX perspective: 1) In the "Application Menu", add a menu item to Exit the app, as well as an alt-key shortcut for these menus

      • Accounting of Amazon

        I have recently started selling on Amazon.in and I am facing issues with different types of transactions: What entry to do in case of return? If I had sent two products and customer returned both the products but I had received only one and got the claim

      • Compose Emails Faster Using Templates and Snippet

        Hello everyone, We have made an enhancement to the Send as Email option in Tickets. Agents can use templates and snippets to draft their response, which helps save time and maintain consistency. The Send as Email page will display the available templates

      • Customize Colors used on graphs and charts according to users desire.

        It would be great if we could customize the graph's colors as we see fit. I hate that yellow is always the default color!

      • Emails not integrating

        My emails from Hubspot did not integrtate over. How do I fix that?

      • Creating meetings from an email

        Hi. Similar to Outlook, it would be helpful if a meeting can be scheduled from an email so that the attendees need not be manually entered every time it's created.

      • Importing into Multiselect Picklist

        Hi, We just completed a trade show and one of the bits of information we collect is tool style. The application supplied by the show set this up as individual questions. For example, if the customer used Thick Turret and Trumpf style but not Thin Turret,

      • Create custom rollup summary fields in Zoho CRM

        Hello everyone, In Zoho CRM, rollup summary fields have been essential tools for summarizing data across related records and enabling users to gain quick insights without having to jump across modules. Previously, only predefined summary functions were

      • Zoho Social API for generating draft posts from a third-party app ?

        Hello everyone, I hope you are all well. I have a question regarding Zoho Social. I am developing an application that generates social media posts, and I would like to be able to incorporate a feature that allows saving these posts as drafts in Zoho Social.

      • CRM Percent custom fields: When will it show the % symbol and behave like %?

        1. Actually Percent custom fields fail to show the % symbol. 2. When in formulas Percent fields work like number: 100 x 5% = 5 ideal world 100 x 5% = 500 what happens actually 3. When importing Percent fields the % symbol has to be removed and the data

      • 【Zoho CRM】商談タブへのデータインポート

        Zoho使用前にエクセルで管理していた商談情報を、Zoho一括管理のため、商談タブにインポートしたいのですが、お客さまの氏名だけが紐づけられませんでした。 「Zoho CRMにインポートする項目を関連付ける」のところが画像のようになっています。 (弊社では、「姓」を「★個人データ名」という項目名に変更し、フルネームを入れて使用しています。) どのようにしたら氏名をインポートできるかご存じの方がいらっしゃいましたら、ご教示いただきたく、よろしくお願いいたします。 (投稿先が間違っていましたらご指

      • Deprecation of the Zoho OAuth connector

        Hello everyone, At Zoho, we continuously evaluate our integrations to ensure they meet the highest standards of security, reliability, and compliance. As part of these ongoing efforts, we've made the decision to deprecate the Zoho OAuth default connector

      • Implement Date-Time-Based Triggers in Zoho Desk

        Dear Zoho Desk Support Team, We are writing to request a new feature that would allow for the creation of workflows triggered by specific date-time conditions. Currently, Zoho Desk does not provide native support for date-time-based triggers, limiting

      • Different Task Layouts for Subtasks

        I was wondering how it would be possible for a subtask to have a different task layout to the parent task.

      • RouteIQ for Zoho FSM

        Beste, Zou wel top zijn dat we een RouteIQ hebben voor FSM aangezien we constant moeten zien wat de beste route is voor onze monteurs. Nu moeten we een speciale aparte programma hebben om de beste route te berrekenen voor onze monteurs aangezien de planning

      • Let us view and export the full price books data from CRM

        I quote out of CRM, some of my clients have specialised pricing for specific products - therefore we use Price Books to manage these special prices. I can only see the breakdown of the products listed in the price book and the specialised pricing for

      • What's new in Zoho Sheet: Simplify data entry and collaboration

        Hello, Zoho Sheet community! Last year, our team was focused on research and development so we could deliver updates that enhance your spreadsheet experience. This year, we’re excited to deliver those enhancements—but we'll be rolling them out incrementally

      • Changes to the send mail Deluge task in Zoho CRM

        Hello everyone, At Zoho, we continuously enhance our security measures to ensure a safer experience for all users. As part of our ongoing security enhancements, we're making an important update on using the send mail Deluge task in Zoho CRM. What's changing?

      • How to Invoice Based on Timesheet Hours Logged on a Zoho FSM Work Order

        Hi everyone, We’re working on optimizing our invoicing process in Zoho FSM, and we’ve run into a bit of a roadblock. Here’s our goal: We want to invoice based on the actual number of hours logged by our technicians on a job, specifically using the timesheets

      • Why is my Lookup field not being set through Desk's API?

        Hello, I'm having trouble setting a custom field when creating a Ticket in Zoho Desk. The endpoint I'm consulting is "https://desk.zoho.com/api/v1/tickets" and even though my payload has the right format, with a "cf" key dedicated to all custom fields,

      • Zoho Books | Product updates | January 2026

        Hello users, We’ve rolled out new features and enhancements in Zoho Books. From e-filing Form 1099 directly with the IRS to corporation tax support, explore the updates designed to enhance your bookkeeping experience. E-File Form 1099 Directly With the

      • Inclusion is the new engagement

        When in a very challenging situation, you may have peers or friends around you saying, “Everything will be okay.” They speak to you in a way that they are connected or in a language or tone that feels close. But your inner voice comes to you in a truly

      • DKIM verification for Squarespace website - Corrections to instructions

        Zoho Campaigns DKIM TXT record instructions for Squarespace show that Host field should show: 22111._domainkey.[domain name, e.g. mywebsite.com] However, after 72hrs, I had to reach out to Squarespace tech support, and they confirmed that the domain name

      • Passing the image/file uploaded in form to openai api

        I'm trying to use the OpenAI's new vision feature where we can send image through Api. What I want is the user to upload an image in the form and send this image to OpenAI. But I can't access this image properly in deluge script. There are also some constraints

      • My client requires me to have custom pdf file names to except payment for invoices, how can I customize this before emailing.

        Hello! I love the program so far but there are a few things that are standing in the way. I hope you guys can code them in so I can keep the program for years to come. My client requires I customize the pdf file names I send in for billing. Can you please

      • Disable All

        I want to disable all the fields on the form when it loads.  I know there is a way to do this by listing all the fields as follows: disable Name; disable Address; disable City;  ... I have over 50 fields on my form and i am wondering if there is a single command or way to just disable all fields on load.   On load = disable All Thank you for any help.  

      • Migrating my email from GMAIL to ZOHO MAIL..........

        I am a long time GMAIL user and I really only understand how they operate, but after reviewing your tutorials and forums online, it is quite unbelievable how much more and how much more streamlined ZOHO mail is, not to mention ZOHO's wonderful, more advanced capabilities. I do have several questions about transitioning over to ZOHO.  Primarily, where is the best place to start, what do I do first? And how hard is it actually to move all my business and personal accounts over here?  When I sign up

      • iOS Zoho Mail App Crashesruni

        Whenever I trying to search emails via the Zoho Mail app on my iPhone the app crashes, I am running the latest version of the app and the latest iOS version. I have all set reset the app and deleted the app and still have the same issue. Thank you in

      • Assessment Answered - Automation (Related List)

        Hello everyone, We have linked a candidate assessment to our job posting. When someone applies, they are required to answer all the assessment questions. However, some candidates submit their applications without completing the questions. In such cases,

      • Rebrand your CRM with the all-new custom domain mapping setup

        UPDATES TO THIS FEATURE! 19th Jan, 2024 — Custom domain mapping has been made available for portal users in Zoho One and CRM Plus. 23rd June, 2023 — Custom domain mapping has been made available for all users, in all DCs. Hello everyone! We are elated

      • Paid Support Plans with Automated Billing

        We (like many others, I'm sure) are designing or have paid support plans. Our design involves a given number of support hours in each plan. Here are my questions: 1) Are there any plans to add time-based plans in the Zoho Desk Support Plans feature? The

      • How Does Knowledge Base Search and Article Recommendation Work?

        Hello, I would like to understand how the Knowledge Base search engine works. Specifically, does it search based on: The article title only? The full article content? Both, the article and the content? Keywords? Tags? Also, how does the system determine

      • Next Page