Kaizen #116 - Client Types in Zoho API Console

Kaizen #116 - Client Types in Zoho API Console

Hello everyone!
Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.

Available client types

  1. Server-based
  2. Client-based
  3. Self client
  4. Non-browser-based
  5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:
  1. Users visit your website where you have the Login with Zoho button.
  2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
  3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
  4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
  5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
  6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
  7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
  8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.


You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.


For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
  1. Your app redirects the user to Zoho Accounts.
  2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
  3. The user is shown the data that your webpage would use.
  4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
  5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
  6. Your app must then make API calls to Zoho with this access token to fetch data.
  7. When the access token expires, your app must take care of regeneration and storage.


As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.
  1. You register your app as self client in Zoho API Console.
  2. You will get the client details such as ID and secret.
  3. You provide the scopes required for your app to access CRM data.
  4. You will receive the grant token.
  5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
  6. Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
  1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
  2. Users install a dedicated Zoho ShowTime application on their smart TVs.
  3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
  4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
  5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
  6. When the user enters the user code, Zoho Accounts sends the access token to your app.
  7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.

Here is the protocol flow. For more details, refer to this doc.


5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.



Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.


Cheers!

      • Recent Topics

      • unblock my zoho mail account. outlines@zoho.com

        please unblock my zoho mail account, outlines@zoho.com

      • Unable to see free plan option

        Hello Zoho Support Team, I hope you are doing well. I am trying to sign up for Zoho Mail, but I am unable to see the option for the free plan. Could you please guide me on how I can access or activate the free plan? Thank you for your assistance.

      • Outgoing blocked: Unusual activity detected.

        I just made payment for my Zohomail Today and have been debited so i will like to be Unblocked because this is what it says (Outgoing blocked: Unusual activity detected) Thank you i await your swift responses

      • How to remove some users in zoho accounts

        How to remove some users in Zoho accounts.

      • Forwarder

        Hi, I tried to add a forwarder from which emails are sent to my main zoho account email . However, it asks me for a code that should be received at the forwarder email, which is still not activated to send to my zoho emial account. So how can I get the

      • Forwarder

        Hi, I tried to add a forwarder from which emails are sent to my main zoho account email . However, it asks me for a code that should be received at the forwarder email, which is still not activated to send to my zoho emial account. So how can I get the

      • DKIM cannot be enabled for the domain as no verified default selector present

        Hi Support Team, For Domain DKIM record trying to enable status. but showing error "DKIM cannot be enabled for the domain as no verified default selector present" So, please resolve the issue. Thank you.

      • I can't log in to my account on Thunderbird

        I've just had to rebuild my PC (calamitous mess from Microsoft with Win10/Win 11 'upgrade' - they confirmed I had to start with a new build). I have used Zoho mail for years via Mozilla Thunderbird, but now I've had to download the latest version of TBird,

      • Sorten the domain of zoho mail ids

        I recently created zoho mail id and am quite excited with the features. But one issue ig nobody wanna type this big zohoaccounts.com I mean silly bold Suggestion zmail.com (sound gmail) (attraction) or some genz words looks cool

      • Weekly Tips : Customize your Zoho Mail Notifications

        In a professional context, email communication remains one of the most crucial channels for staying connected and managing workflows. Keeping track of your emails, task updates, or important announcements can be overwhelming—especially if you are juggling

      • How to move emails to Shared Mailbox?

        Hello, I created a Shred Mailbox instead of using a distribution group. But I cannot move previous emails to certain shared mailbox. Is it possible move some emails from inbox to shared mailbox?

      • Email task creator when task is updated/marked complete

        I am looking for a way to notify the creator of a task in zoho todo when - Task is updated Task is closed Comments entered 1 and 2 are critical, and I cannot find a zoho flow to do this. There is no way that as a manager I will know when someone has completed

      • The attendees will now be redirected to the landing webpage when they exit the webinar, set by the organizer.

        Hello All, In the latest version of the Zoho Meeting iOS mobile app (v1.3.16), we have brought in the below enhancements:   Post Webinar Re-direction Revamped exit UI for Webinar Post Webinar Re-direction:  The attendees will now be redirected to the

      • Download API file contents from browser

        Hi Team - is there something being planned to be able to trigger file downloads from the browser via a deluge script? i.e. retrieve a file via API, trigger the file download directly from the browser. Or... using the convertToPdf function (https://www.zoho.com/deluge/help/functions/file/convert-to-pdf.html)

      • When using "locations" in zoho books, can you keep the two locations totally separate from each other?

        I am looking to add a location but I don't want to intermingle the banking or other accounts. I want that to be like two separate independent branches that use different banking accounts, accounts payable, and accounts receivable. The people who are in

      • Adding a Channel to SalesIQ

        I have a client that currently uses Zoho CRM and Zoho Desk. They would like a live chat to place on their website that has a mobile app and chat bots (something like SalesIQ). However, they would also like to have all this work over SMS as well. Does the SalesIQ API allow this? Can I add visitors without them being a visitor on a website? Thanks! Bryan Redeagle

      • How Do I Refund a Customer Directly to Their Credit Card?

        Hi, I use books to auto-charge my customers credit card. But when I create a credit note there doesn't seem to be a way to directly refund the amount back to their credit card. Is the only way to refund a credit note by doing it "offline" - or manually-

      • Zoho Flow Needs to Embrace AI Agent Protocols to Stay Competitive

        Zoho Flow has long been a reliable platform for automating workflows and integrating various applications. However, in the rapidly evolving landscape of AI-driven automation, it risks falling behind competitors like n8n, which are pioneering advancements

      • Important Features Missing

        Hey all I love linkthread, but i am missing some important features. I want to be able to include my Google Tag Manager. I have all the important stuff in my GTM Container: Facebook Pixel, LinkIn Pixel, Zoho Pagesense and so on. So i am able to do retargeting

      • Zoho SignForms: Prefill parameters with spaces render as “+” in the document (even when using %20)

        Hello Zoho Sign team, we are using SignForms with prefill parameters passed via URL. Spaces in parameter values are being rendered as “+” in the finalized document—even when we URL-encode spaces as %20. This is critical for us because we prefill addresses

      • Currency selector (based on variable) usage in comparsion

        Hi, I've developed a currency selector based on the following topic, and it's working well in pivot tables and charts: https://help.zoho.com/portal/en/community/topic/how-can-i-allow-my-users-to-choose-a-currency-for-the-dashboard I also have a comparison

      • Customize Column in Projects - Default View for Template?

        Is there a way to have the columns you'd like to see added to a template? I want my customized columns to show up every single time I create a project from that template. It appears I can customize them in the template but when I create the project they do not transfer over.  Template: See below how the columns in order are : Task, Owner, Status, Assigned, Website URL, Blog H1..etc. When I create a project from that same template it comes out as: Task, Owner, Status, Tags, Start Date, End Date, etc

      • Ask the Experts 24: Analytics, data administration, and mobile experience with Zoho Desk

        Hello Everyone! Welcome back to the Ask the Experts(ATE) series! We were so focused on our Autumn 2025 release that we didn't host an ATE session last month. In this month's ATE, we'd like to expand our areas for discussion: we'd like to listen to your

      • Multi-Page Forms in Zoho Creator!

        Let’s make long applications easier to handle by dividing them into pages, adding a progress bar, and guiding users step by step through complex data entry. This would be a total game-changer for the user experience and could significantly boost completion

      • Email login error

        Login successfully but email page error

      • Shared Mailboxes Disappeared

        Zoho Mail users in our company haven't been able to see their Shared Mailboxes for the past few hours. I've checked with App and Web Access, but they can't access them. When I send emails to their addresses, I get no error messages. They're still visible

      • Remote Server is misconfigured

        Dear Team, I am unable to use email id as remote server is misconfigured. It would be really great if you could help on this and get this resolved. Thanks & Regard Rohit Gupta

      • why cant i access my email account. it keeps asking me for reverifiying my account by entering my password.

        I cant access my account. it keeps asking me for reverifcaton by entering my password. once its entered it asks for it over and over.

      • Free webinar alert on October 16 - Less Complexity, More Security: Workplace + Directory

        Hello Zoho Workplace Community! Security and productivity shouldn't be at odds—and with Zoho, they're not. Discover how Zoho Workplace + Directory delivers seamless collaboration with enterprise-grade security, all in one integrated ecosystem. Join our

      • Email Recall Feature In Zoho Mail Which Should Also Work For Outside Organisation Members

        Add a feature to recall or undo sending an email within a configurable short time window (e.g., 30 seconds to 2 minutes) after hitting send, similar to Gmail’s undo send. Currently the sent email can not be recall If the recipient is not from within your

      • Workdrive and ChatGPT Team Synced Connectors

        Hi, we want to be able to integrate Zoho Workdrive with OpenAI’s ChatGPT Team plan. Google Drive and OneDrive both offer this, zoho please catch up asap. We dont want to have to put our company files in google drive, we want to allow chatgpt Team edition

      • Alias Name (on items) use case in Zoho inventory

        Hey, Hope everyone is well. Wondering if anyone can shed some light on the use case of Alias Names on Products in Zoho Inventory? Cheers, Chris

      • Updating an Invoice Line Item's Discount Account via API Call / Deluge Custom Function

        I need help updating an invoice line item's discount account via API. Below is a screenshot of the line item field I am referring to. Now the field to the left of the highlighted field (discount account) is the sales income account. I am able to modify

      • Send e-mail with attachments

        Dear Zoho, How is that possible in Zoho Flow to send an e-mail with attachment?  Just a simple example: Zoho Flow checks my Zoho mails and if the conditions starts the trigger then I would like to send an email with the original email's attachment. Any idea? BR, Adam

      • How to I get checkboxes on a subform to update via deluge

        Hello, would someone be able to tell me what I'm doing wrong here? I am trying to take the contents of a Deals subform and add them to an invoice then update the checkbox on each row so that 'add to invoice' is unticked and 'invoiced' is ticked. The output

      • Your bot just got smarter: AI-Powered routing that reads between the lines

        What if your bot could tell the difference? Between a visitor who just needs a quick answer, someone actively comparing options, and a frustrated customer one click away from leaving? Most bots can't. They deliver the same response to everyone, missing

      • Urgent Security Feature Request – Add MFA to Zoho Projects Client Portal Hello Zoho Projects Team,

        Hello Zoho Projects Team, We hope you are doing well. We would like to submit an urgent security enhancement request regarding the Zoho Projects Client Portal. At this time, as far as we are aware, there is no Multi-Factor Authentication (MFA) available

      • Unified customer portal login

        As I'm a Zoho One subscriber I can provide my customers with portal access to many of the Zoho apps. However, the customer must have a separate login for each app, which may be difficult for them to manage and frustrating as all they understand is that

      • Zoho Projects - Task Owner filter at Project level

        Hi Projects Team, The feature requests I would like to raise is the ability to create a custom view at the project level for projects with tasks owned by a user or users. For example "Ashley's Projects" custom view might contain a list of project in which

      • Cadences

        I have just started using Cadences for follow-up up email pipeline. Is it just me or do you find the functionality very basic? For example, it will tell me (if I go looking for it) if someone has replied to a follow-up and been unenrolled; but it won't

      • Next Page