Kaizen #116 - Client Types in Zoho API Console

Kaizen #116 - Client Types in Zoho API Console

Hello everyone!
Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.

Available client types

  1. Server-based
  2. Client-based
  3. Self client
  4. Non-browser-based
  5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:
  1. Users visit your website where you have the Login with Zoho button.
  2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
  3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
  4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
  5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
  6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
  7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
  8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.


You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.


For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
  1. Your app redirects the user to Zoho Accounts.
  2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
  3. The user is shown the data that your webpage would use.
  4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
  5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
  6. Your app must then make API calls to Zoho with this access token to fetch data.
  7. When the access token expires, your app must take care of regeneration and storage.


As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.
  1. You register your app as self client in Zoho API Console.
  2. You will get the client details such as ID and secret.
  3. You provide the scopes required for your app to access CRM data.
  4. You will receive the grant token.
  5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
  6. Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
  1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
  2. Users install a dedicated Zoho ShowTime application on their smart TVs.
  3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
  4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
  5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
  6. When the user enters the user code, Zoho Accounts sends the access token to your app.
  7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.

Here is the protocol flow. For more details, refer to this doc.


5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.



Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.


Cheers!

    • Sticky Posts

    • Kaizen #198: Using Client Script for Custom Validation in Blueprint

      Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

    • Kaizen #226: Using ZRC in Client Script

      Hello everyone! Welcome to another week of Kaizen. In today's post, lets see what is ZRC (Zoho Request Client) and how we can use ZRC methods in Client Script to get inputs from a Salesperson and update the Lead status with a single button click. In this

    • Kaizen #222 - Client Script Support for Notes Related List

      Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore how

    • Kaizen #217 - Actions APIs : Tasks

      Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

    • Kaizen #216 - Actions APIs : Email Notifications

      Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

      • Recent Topics

      • Rich Text Type Format for Notes Field

        Has it been discussed or is there a way to insert a table in the notes field? We sometimes receive information in a table format, and it would be beneficial to have it in the same format as a note on a record.

      • Can not send or reply to mails

        Hello, I can not send mails or reply. If I try to send a mail i get "Unable to send message;Reason:553 Replaying disallowed. Invalid Domain - invata-programare.ro" Can you help me, please? Thank you!

      • Urgent: Subscription Correction Needed - Org ID 805493328

        Dear Zoho Billing Team, I am writing to request an urgent correction regarding a recent renewal for my account, Master Bed Trading (Organization ID: 805493328). Due to a mistake during the checkout process, I accidentally renewed our Zoho Forms subscription.

      • Zoho Sites Designer/Developer

        Hello, Besides Upwork, are there any other places to find experienced Zoho Sites designers/developers? I couldn't seem to find a page on Zoho that lists these professionals that are certified with Zoho Sites.

      • HTML PDF Templates / Build From Scratch option not visible for Custom Modules

        Hi everyone, I am working with Zoho Books Custom Modules and trying to create a custom 4x4 package label PDF template using HTML/CSS. According to the official Zoho Books documentation for HTML PDF Templates, there should be an option like: Settings →

      • Marketing Tip #32: Improve SEO and customer confidence with an FAQ section

        Before making a purchase, customers often have simple questions about delivery times, returns, product usage, or sizing. If they can’t quickly find answers, they may leave your store without buying. Adding a clear FAQ (Frequently Asked Questions) section

      • Activate python application

        Is it possible for a deluge code to activate a python application ? Say i create a deluge program, in that deluge program, i need it to activate a python application stored on my drive Would that be possible, and if so, what would the code look like

      • Execution Trace & Root Cause Analyzer in Zia

        Integrating this capability into Zia would significantly enhance debugging and transparency. 1. Execution Trace Timeline A visual, step-by-step timeline of system activity for any event (e.g., form submission), including: Sequence of triggered workflows

      • Has anyone integrated Zoho with Go High Level (GHL)? Looking for guidance

        Hi everyone, I’m exploring the possibility of integrating Zoho applications with Go High Level (GHL) and wanted to check if anyone in the community has experience with this. Specifically, I’m interested in understanding: Whether a direct integration is

      • Add Ability to Reset Help Center User MFA in Zoho Desk

        Hello Zoho Desk Team, First of all, thank you for recently adding support for Multi-Factor Authentication (MFA) in the Zoho Desk Help Center. We’re very happy to see this enhancement go live, especially since this was a highly requested security feature.

      • Allow 2 logos for Branding, one for Light Mode and one for Dark Mode?

        Our logo has a lot of black text on it. If we leave the background transparent, per recommendation of Zoho, when a user is viewing a file and turns on dark mode, our logo is not really visible and looks really weird. It would be really great if we could

      • Very limited support for MCP

        Has anyone else noticed how limited the MCP support for Zoho People currently is? Right now only a small set of read-only actions (exactly 15) seem to be available. At the same time Zoho CRM supports over 700+ functions. It makes it almost impossible

      • New UI for Writer - Disappointed

        I've been enjoying Zoho Writer as a new user for about 6 months, and I really like it. One of my favorite things about it is the menu bar, which you can hide or leave out while still seeing most of your page because it is off to the left. I think this

      • ZOHO Desk attachments support

        Hi I just setup MCP with claude, it works well, but it can't read attachments... which makes it kind of useless... Will you be adding attachment capabilities anytime soon?

      • HOW I CAN GET BETA VERSION FOT TESTING

        HI. ZOHO I AM INTERESTED IN YOUR BETA SOFTWARE TO EXPERIENCE NEW FEATURES.

      • How to Generate Separate Labels for Each Invoice SKU Line Item in Zoho Books?

        Hi everyone, I’m trying to implement a requirement in Zoho Books where separate labels need to be generated for each SKU/item from an invoice. Scenario: One invoice can contain multiple products/SKU items Each item/box should have its own separate label

      • Updating Sales orders on hold

        Surely updating irrelevant fields such as shipping date should be allowed when sales orders are awaiting back orders? Maybe the PO is going to be late arriving so we have to change the shipment date of the Sales order ! Not even allowed through the api - {"code":36014,"message":"Sales orders that have been shipped or on hold cannot be updated."}

      • Direct Integration Between Zoho Cliq Meetings and Google Calendar

        Dear Zoho Team, We’d like to submit the following feature request based on our current use case and the challenges we’re facing: 🎯 Feature Request: Enable meetings scheduled in Zoho Cliq to be automatically added to the host's Google Calendar, not just

      • billable_expense_id in Invoice API does not set invoiced=true on bill line items — causes duplicates in Projects > Create Invoice

        Hi Zoho Community, We are running an automated batch invoicing system using the Zoho Books API and have hit two critical bugs that are causing duplicate invoice risk in production. Raising this here for visibility alongside a support ticket already filed.

      • New fields : radio button

        Hi, when customizing a module (eg: Candidates), we are able to select different types of fields (check box, currency, list, ...). However there is no "radio-button" component. This type of fields is often used in Web pages and will be certainly a plus-value

      • Choice Availability Reset

        If an entry is deleted which included a response to a field with choice availability enabled does that increase the number of remaining times the choice can be selected?

      • [Heads Up] Upcoming update to field values in Zoho Books - Zoho Analytics integration

        Hello Users, We'd like to inform you of an upcoming update to the Account Type field values in the Zoho Books integration for Zoho Analytics from June 1, 2026. What's Changing? The following values under the Account Type field are being renamed to align

      • Important update: Migrate to the new SalesIQ live chat widget before May 15, 2026

        The old SalesIQ live chat widget will be deprecated on May 15, 2026. This is a final reminder to migrate to the new SalesIQ live chat widget before this date. After May 15, 2026, the old widget will no longer be maintained, which can lead to slower performance

      • Zia Agent built in ChatKit UI does not render markdown

        Hi, You have a major shortcoming in the Zia Agent UI. The test UI that is embedded in agents.zoho.com allows you to test the agent has full support for rendering markdown, but your ChatKit UI does not have support for rendering markdown. If I embed it

      • Team folder not created when creating project using zoho flow

        When I try to automate project creation using zoho flow, and I have enabled workdrive integration to automatically create team folders to attach to the project, this only works when I create a new project through the UI. But I am trying to automate project

      • Zoho Projects - Email notification relabelling of modules not present on default templates

        Hi Projects Team, I noticed that in the default email template notification, the word "bug" was not renamed to the lable I am using in my system. As many users may used the Bugs modules for various purposes including Changes, Revisions, Issues, etc...

      • Kaizen #241: Automating Deal risk escalation using Workflow APIs, Connected Workflows, and Functions

        Hello everyone! Welcome to another Kaizen week. In many organizations, sales teams work in Zoho CRM, finance teams manage invoices in Zoho Books, and support teams handle customer issues in Zoho Desk. Now consider this scenario: A sales representative

      • Upload own Background Image and set Camera to 16:9

        Hi, in all known online meeting tools, I can set up a background image reflecting our corporate design. This doesn't work in Cliq. Additionally, Cliq detects our cameras as 4:3, showing black bars on the right and left sides during the meeting. Where

      • Allow Super Admins to Edit Task “Created By” and Issue “Reporter” Fields

        Hello Zoho Projects Team, We hope you are doing well. We would like to submit a feature request regarding the ability to manage and correct system ownership fields in Zoho Projects, specifically: Task → Created By Issue → Reporter / Reported By Current

      • The Social Wall: April 2026

        Hello everyone, This month, we’re excited to bring you a set of new updates for Threads in Zoho Social, designed to make publishing, monitoring, and managing your content much easier Threads updates You’ll now see a few useful improvements in the compose

      • Sort or filter CRM report by count value

        Hi there, I'm trying to create a report that will show me high frequency bookings (leads) coming through within a time period for any particular account - this is so we can proactively reach out to these accounts. I have a report that shows the information

      • Error when changing user permission from read only to user.

        Hi there, Ive tried to change one of my users to be able to edit, however i kept getting the error user license exceed.

      • Marketing Tip #30: Promote your brand differently on each social platform

        Not all social platforms work the same way. Posting the same content in the same way across every channel can limit your reach. Each platform has its own discovery system, and understanding what it prioritizes can dramatically improve how your brand is

      • Whatsapp Limitation Questions

        Good day, I would like to find out about the functionality or possibility of all the below points within the Zoho/WhatsApp integration. Will WhatsApp buttons ever be possible in the future? Will WhatsApp Re-directs to different users be possible based

      • **Building Role-Appropriate Accountability Layers in Zoho Projects - Looking for Real-World Experience**

        We're a small ISP/telecom operator on Zoho One and I'm trying to solve what I think is a common organizational problem. Would love to hear from others who've tackled it. **The Core Problem** Staff will only consistently use a project management system

      • Duplicate entries for contacts birthdays

        Good morning I have recently started to use my Zoho calendar and noticed that there are multiple birthday events showing for some of my contacts. I have checked my contacts and there were duplicates for some contacts which I have now rectified but the

      • Using IMAP configuration for shared email inboxes

        Our customer service team utilizes shared email boxes to allow multiple people to view and handle incoming customer requests. For example, the customer sends an email to info@xxxx.com and multiple people can view it and handle the request. How can I configure

      • What's New in Zoho Billing | March 2026

        March is here with a fresh wave of updates to Zoho Billing. From making compliance easier, reporting more flexible, to making day-to-day workflows smoother across the board. Here's everything that's new this month. Introducing Usage-Based Billing Reports

      • Subforms in Creator-Lookup Price

        I've got a modular called Price List with items and prices. Ive got another module called Estimates with a subform that looks up that Price List. I am trying to get the "Price" to auto-enter based on the Lookup field of the item name. Anyone know how

      • Feature request - pin or flag note

        Hi, It would be great if you could either pin or flag one or more notes so that they remain visible when there are a bunch of notes and some get hidden in the list. Sometimes you are looking for a particular name that gets lost in a bunch of less important

      • Next Page