Kaizen #116 - Client Types in Zoho API Console

Kaizen #116 - Client Types in Zoho API Console

Hello everyone!
Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.

Available client types

  1. Server-based
  2. Client-based
  3. Self client
  4. Non-browser-based
  5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:
  1. Users visit your website where you have the Login with Zoho button.
  2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
  3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
  4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
  5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
  6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
  7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
  8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.


You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.


For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
  1. Your app redirects the user to Zoho Accounts.
  2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
  3. The user is shown the data that your webpage would use.
  4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
  5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
  6. Your app must then make API calls to Zoho with this access token to fetch data.
  7. When the access token expires, your app must take care of regeneration and storage.


As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.
  1. You register your app as self client in Zoho API Console.
  2. You will get the client details such as ID and secret.
  3. You provide the scopes required for your app to access CRM data.
  4. You will receive the grant token.
  5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
  6. Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
  1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
  2. Users install a dedicated Zoho ShowTime application on their smart TVs.
  3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
  4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
  5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
  6. When the user enters the user code, Zoho Accounts sends the access token to your app.
  7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.

Here is the protocol flow. For more details, refer to this doc.


5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.



Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.


Cheers!

      • Recent Topics

      • SINCH HUB MESSAGEMEDIA with ZOHO DESK

        1) what I need from MessageMedia, 2) what I want to confirm on the Zoho Desk Dev Forum. MessageMedia – needs and requirements Goal: Send SMS from a Zoho Desk widget for EU users. Auth: HTTP Basic (API Key + Secret). Keys must not live in the browser.

      • Function #46: Auto-Calculate Sales Margin on a Quote

        Welcome back everyone! Last week's function was about displaying the discount amount in words. This week, it's going to be about automatically calculating the sales margin for a particular quote, sales order or an invoice. Business scenario Where there is sales, there's also evaluation and competition between sales reps. A healthy rivalry helps to better motivate your employees to do smart work and close deals faster and more efficiently. But how does a sales rep get evaluated? 90% of the time, it's

      • Invalid URL error when embedded sending url into iframe for my website when using in another region

        Hi team, My site is currently working on integrating your signature feature as part of the system functionality, it's working great but recently there's been a problem like this: After successfully creating the document, i will embed a sending url into

      • 2024 Email Authentication Standards: Elevating Security with Google and Yahoo

        In contemporary email communication, email authentication plays a pivotal role in mitigating email fraud, spam, and phishing attacks. Brace yourself for a new level of security. Starting February 2024, Gmail and Yahoo will be implementing robust email

      • New features released: Data from Picture for Web, Pattern Fill, and Translation in Zoho Sheet!

        Hello Sheet users, In 2024, the Zoho Sheet team focused on research and development to bring new features that add to functionalities like productivity, data management, collaboration, and more. This year, we're all set to roll them out incrementally

      • Kaizen #59 - Creating alerts and custom messages using Client Script

        Hello everyone! We are happy to resume our Zoho CRM Developer Community series - The Kaizen series! Welcome back to the new start of Kaizen! This post is about Client Script and its simple use cases involving ZDK Client functions. What is Client Script?

      • [Webinar] Zoho Writer for content creators and publishing houses

        Managing multiple drafts, edits, and client reviews doesn't have to slow you down. Join our upcoming webinar to see how Zoho Writer helps content creators and publishing houses create, edit, and publish seamlessly—all in one place. You'll learn how to:

      • Universal search

        Hi, it would be useful if the search bar was universal-so if you entered a term, it would bring up results from contacts, candidates, clients etc all at the same time (but broken down under the relevant headings)

      • Attachment reminder?

        My team and I often need to attach files to our messages, e.g. an explanatory screenshot or a shipping label. More often that I want to admit I mention the attachment but forget to actually attach it. Some email clients have a check-for-missing-attachments

      • New Customization options in the module builder: Quick Create and Detail view

        Hello everyone, We have introduced two new components to the module builder: Quick create and Detail view. The Quick Create Component It is a mini form used to create a record and associate it to the parent record from a lookup field. For example, if you have a Deals lookup in the Contacts module, then you can associate existing deals or create a deal and associate it with the contact. You can customize this Quick Create form by adding standard as well as custom fields. There is no limit to the number

      • ZIA in Zoho Cliq

        Is It possible to use the ZIA feature from Zoho Analytics in the Zoho Cliq?

      • Automating CRM backup storage?

        Hi there, We've recently set up automatic backups for our Zoho CRM account. We were hoping that the backup functionality would not require any manual work on our end, but it seems that we are always required to download the backups ourselves, store them,

      • Multiple upload field CRM

        I desperately need the functionality to add more than one upload field to web to contacts form. How can I do this?

      • Good news! Calendar in Zoho CRM gets a face lift

        Dear Customers, We are delighted to unveil the revamped calendar UI in Zoho CRM. With a complete visual overhaul aligned with CRM for Everyone, the calendar now offers a more intuitive and flexible scheduling experience. What’s new? Distinguish activities

      • Critical Need for Global Search in Zoho FSM

        Hello Zoho FSM Team, We are currently in the process of deciding whether to fully transition to Zoho FSM for managing our field service operations. At present, our team actively uses Zoho Desk (with over 50 users) and Service Fusion, which we are considering

      • Collections Management: # 1 Payment Collection is All About Convenience

        "Sir, can you come tomorrow? My manager wasn't available for the cheque sign-off", the customer said, avoiding eye contact. Ravi forced a polite smile, but inside, he felt a sense of defeat. He had already visited the customer's office twice in the last

      • Can the Product Image on the Quote Template be enlarged

        Hello, I am editing the Quote Template and added ${Products.Product Image} to the line item and the image comes up but it is very tiny. Is there anyway that you can resize this to be larger? Any help would be great! Thanks

      • Deleting Fields in CRM Deletes Views in Analytics

        Hey friends! I'm having some issues when we modify some fields within ZohoCRM. There are times where we need to sunset a field and eventually completely remove it. In these instances, it seems like a lot of views are removed in Analytics. This ranges

      • Updating custom fields in Zoho Projects

        Hi I am wondering if anyone has experience with custom fields in Zoho Projects. I am struggling to update the field using either deluge or the api endpoint. My code is: //custom_Map = map(); custom_Map = {"UDF_DOUBLE_1":"0.27"}; update_Map = map(); update_Map.put("custom_fields",custom_Map.toList());

      • Audio/video quality issues with Zoho Meeting – Any roadmap for improvement?

        Hi Zoho Team, We’ve been using Zoho Meeting for both internal and external meetings, and unfortunately, the experience has been consistently poor. The video and audio quality are so unreliable that it often renders meetings ineffective—especially with

      • Paste issues in ZOHO crm notes

        Hi, since a week or so I have issues with the paste function in ZOHO CRM. I use "notes" to copy paste texts from Outlook emails and since a week or so, the pasting doesnt function as it should: some text just disappears and it gives a lot of empty lines/enters.....

      • Cash based businesses cannot use the new fixed asset module

        Hello all, If your bookkeeping is reporting in cash, you cannot use the new fixed acid module, as it does all the depreciation bookings accrual and not cash. This is definitive and you can't turn them into a cash booking. They will never appear in your

      • Zoho Learn & Zoho Connect

        Hi, Is there a way to sync the knowledge base we have in Zoho Learn with the manuals section is Zoho Connect? Thanks,

      • Modifying iframe data of Zoho booking iframe

        Hello, I have integrated a Zoho Bookings embedded iframe into my website. Currently, I am pre-filling the booking form with default values as part of our process flow. However, I want to ensure that if an input field is already populated with a default

      • Apply Payment Received Amount Zoho Books Invoice

        Hello team here is the sample code How can apply the payment received record over a unpaid zoho books invoice. //......................... paymentID = customer_payment.get("payment_id"); organizationID = organization.get("organization_id"); paymentmaplist

      • Enhance Sign CRM integration

        Hello all, I'm working on a custom Deluge script to enhance the integration between Zoho CRM and Sign by using a writer merge template for additional flexibility. I want to replicate the post-sign document integration that exists between CRM and Sign

      • Zoho Books Finance Modules Not Accessible in Zoho CRM Mobile App

        We have integrated Zoho CRM with Zoho Books using the Zoho Finance Suite integration. In the CRM web version, we can see the Finance modules (Estimates/Quotes, Invoices, Sales Orders, Items, Payments) and are able to create invoices and quotes directly

      • Does Zoho offer a full WhatsApp Marketing Platform (like WATI / GallaBox)?

        lm exploring WhatsApp marketing and I’d like to understand what options are available within the Zoho ecosystem. Currently, I see: Zoho SalesIQ has a broadcast option, but it seems very limited — for example, it doesn’t support uploading contacts via

      • Cliq iOS can't see shared screen

        Hello, I had this morning a video call with a colleague. She is using Cliq Desktop MacOS and wanted to share her screen with me. I'm on iPad. I noticed, while she shared her screen, I could only see her video, but not the shared screen... Does Cliq iOS is able to display shared screen, or is it somewhere else to be found ? Regards

      • [Live Webinar] New in Zoho WorkDrive: AI enhancements, Data Loss Prevention, Version Controls, and more

        Hello everyone, We're excited to bring you another round of powerful updates in Zoho WorkDrive! Join us on May 15 for an exclusive live webinar where we’ll unveil the latest features designed to enhance your team’s productivity, collaboration, and data

      • Live webinar: Streamlining legal operations: Leveraging Zoho WorkDrive for law firm success

        Hello everyone, Managing legal documents across departments and jurisdictions can be complex, but it doesn’t have to be. Join us on March 6 for an exclusive webinar where we’ll show you how Zoho WorkDrive empowers legal teams to stay compliant, organized,

      • Live Webinar: Optimizing back-office operations in the manufacturing industry to maximize profitability

        Hello everyone, We’re excited to invite you to our upcoming live webinar on February 6! Discover how Zoho WorkDrive can help manufacturing businesses optimize back-office operations, improve efficiency, and boost profitability. Our product experts will

      • Live webinar: 2024 recap of Zoho WorkDrive

        Hello everyone, We’re excited to invite you to our year-end live webinar! This session will take you through the transformative features and updates we’ve introduced in Zoho WorkDrive this year, helping you streamline document management like never before.

      • Live webinar: Explore WorkDrive's seamless integrations with key Zoho apps

        Hello everyone, We’re excited to invite you to our upcoming live webinar, where we'll delve into the seamless integration of WorkDrive with other key Zoho applications! This is a fantastic opportunity to enhance your productivity and streamline your workflows

      • Live webinar: Getting the most out of WorkDrive in Zoho Workplace

        Hello everyone, We’re excited to invite you to our upcoming live webinar, where we’ll explore how to maximize your use of WorkDrive as part of the Zoho Workplace bundle. This is a fantastic opportunity to elevate your productivity and streamline your

      • Live webinar: Mastering data migration, organization, and team collaboration

        Hello everyone, We’re excited to invite you to our upcoming live webinar! Discover how to seamlessly migrate your data, optimize file organization, and boost team collaboration using Zoho WorkDrive’s powerful features. This is a fantastic opportunity

      • BARCODE PICKLIST

        Hello! Does anyone know how the Picklist module works? I tried scanning the barcode using the UPC and EAN codes I added to the item, but it doesn’t work. Which barcode format does this module use for scanning?

      • Join our live webinar: Explore the WorkDrive TrueSync application!

        Hello everyone, We are thrilled to invite you to a live webinar focused on mastering the WorkDrive TrueSync application. Discover how to seamlessly sync your content between the cloud and your computer, ensuring smooth and efficient file management. Our

      • Bug tracking

        Hi, does anyone know how to track errors during picking or packing? This way I can keep track and see how to improve and prevent errors in this area.

      • Zoho Creator customer portal limitation | Zoho One

        I'm asking you all for any feedback as to the logic or reasoning behind drastically limiting portal users when Zoho already meters based on number of records. I'm a single-seat, Zoho One Enterprise license holder. If my portal users are going to add records, wouldn't that increase revenue for Zoho as that is how Creator is monetized? Why limit my customer portal to only THREE external users when more users would equate to more records being entered into the database?!? (See help ticket reply below.)

      • Next Page