Kaizen #116 - Client Types in Zoho API Console

Kaizen #116 - Client Types in Zoho API Console

Hello everyone!
Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.

Available client types

  1. Server-based
  2. Client-based
  3. Self client
  4. Non-browser-based
  5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:
  1. Users visit your website where you have the Login with Zoho button.
  2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
  3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
  4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
  5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
  6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
  7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
  8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.


You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.


For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
  1. Your app redirects the user to Zoho Accounts.
  2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
  3. The user is shown the data that your webpage would use.
  4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
  5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
  6. Your app must then make API calls to Zoho with this access token to fetch data.
  7. When the access token expires, your app must take care of regeneration and storage.


As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.
  1. You register your app as self client in Zoho API Console.
  2. You will get the client details such as ID and secret.
  3. You provide the scopes required for your app to access CRM data.
  4. You will receive the grant token.
  5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
  6. Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
  1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
  2. Users install a dedicated Zoho ShowTime application on their smart TVs.
  3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
  4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
  5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
  6. When the user enters the user code, Zoho Accounts sends the access token to your app.
  7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.

Here is the protocol flow. For more details, refer to this doc.


5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.



Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.


Cheers!

    • Sticky Posts

    • Kaizen #198: Using Client Script for Custom Validation in Blueprint

      Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

    • Kaizen #226: Using ZRC in Client Script

      Hello everyone! Welcome to another week of Kaizen. In today's post, lets see what is ZRC (Zoho Request Client) and how we can use ZRC methods in Client Script to get inputs from a Salesperson and update the Lead status with a single button click. In this

    • Kaizen #222 - Client Script Support for Notes Related List

      Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore how

    • Kaizen #217 - Actions APIs : Tasks

      Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

    • Kaizen #216 - Actions APIs : Email Notifications

      Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

      • Recent Topics

      • Access images from form submission in power automate

        Images from form submission show up as links in power automate. How do I access the image data?

      • Add personal Facebook to Zoho Social

        Hi. is there any way i can post to my business and personal Facebook and Instagram at the same time when I make or schedule a post?

      • Need help to evaluate if Commerce is good for me

        Hi, I just want to quickly check if Zoho Commerce can fulfill my needs. Here is what I am looking for: - Multi-vendor plateform : We will be 3-4 different farms that will offer similar products (ex. tomatoes) to few selected customers (retaurants). All

      • Smart Feature Compatibility Indicators for CRM Field

        Zoho CRM offers a wide range of field types and advanced customization options. However, several field types have feature-specific limitations that are currently documented only in help articles. For example, while configuring a Rich Text field, admins

      • Ask the Experts: A Live Q&A Session

        Session Closed We've locked this post as the session has ended. We'll see you again in the next session! We’re back with another exciting edition of the Ask the Experts series, this time exclusively for our Zoho Recruit users from the USA & Canada regions!

      • T&C acceptance gate before estimate Accept, with audit trail

        We had to settle a Florida small-claims case in 2025 because we couldn't prove our customer was bound to the venue clause in our Terms & Conditions. The estimate footer mentioned the T&Cs, and Zoho Books logged the customer's IP and timestamp when they

      • Contract to payment flow

        Hi everyone, I’m trying to set up a contract-to-payment flow and want to avoid duplicating invoices or customers in Zoho Books. The flow should be: contract generated from CRM, sent via Zoho Sign, client signs, deposit is paid, and the invoice should

      • Zoho Books | Product updates | May 2026

        Hello users, We're back with the latest updates and enhancements we've rolled out in Zoho Books. From sales tax automation to scanning receipts for free, explore the updates designed to upgrade your bookkeeping experience. Sales Tax Automation [US & Canada

      • Show backordered items on packing slip

        Is it possible to show a column on the Packing Slip that shows number of backordered items when a PO is only partially filled? I would also like to see the Backordered column appear on POs after you receive items if you didn't get ALL of the items or partial amounts of items. And lastly, it would be nice to have the option of turning on the Backordered column for invoices if you only invoice for a partial order. -Tom

      • Control Fields on Mobile App

        On the mobile app, how do we control which fields appear on the screen for records that have a related list? In the example below I want the Inspection Stage and Inspection Type fields to appear, not the record owner (Dev Admin). I changed the Inspections

      • 预期结果 实际结果 "zmverify.zoho.com" "zmverify.zoho.com."

        My domain is tenmokucup.com, I have a TXT record, but verification failed,Please help me, my TXT record is "zoho-verification=zb03390953.zmverify.zoho.com", I have added to DNS. You can confirm it. 预期结果 实际结果 "zmverify.zoho.com" "zmverify.zoho.com."

      • Adding options in the salutation drop down list (Books)

        Hello,  I am a new user still in the trial phase so I apologize if I have missed this. I did search the knowledge base and community first. I need to add a "Mr and Mrs" option in the salutation drop down options in Books. I have tried to find the edit

      • How to make the birthday date field available without the year?

        Hello, I wonder if I can have the date of birthday field without the year. A lot of people dont like to say the year they were born. 

      • Google Drive shared folder

        My deluge script has stopped working, no longer collecting files from Google Drive - have these connections finally been deprecated ?? They seem to be active but errors occur when updating them ?

      • Journal Entries Do Not Show Multiple Entries to the Same Account

        Another basic accounting function that Books ... Accountants sometimes write journal entries, debiting and/or crediting the same account in the same entry. This is due to the need to record specific activity in an account when we pull reports especially

      • How to setup pricing in Zoho

        Hi everyone, I am relatively new here and have just moved from my old inventory system to the Zoho one. I am trying to get my head around how it all works. I am mostly setup connected to a shopify store, but I do manual sales also For manual invoicing,

      • Work Orders / Bundle Requests

        Zoho Inventory needs a work order / bundle request system. This record would be analogous to a purchase order in the purchasing workflow or a sales order in the sales cycle. It would be non-journaling, but it would reserve the appropriate inventory of

      • Windows agent 2026_M06 release notes

        Agent Version: 2026.03.19.0 Release date: 21 April, 2026 Major Enhancement: Connect as Individual Active users allowing you to connect to the same computer as different users in different tabs. Internal tool implementation to check for vulnerability in

      • Windows agent 2026_M05 release notes

        Agent Version: 111.0.3.335 Release date: 25 March, 2026 Major Enhancement: Quick Support feature compatibility code released. Code refactoring and removal of old code. Minor Enhancement: Updates to trackpad functionalities during remote session. Calendar

      • Windows agent 2026_M04 release notes

        Agent Version: 111.0.3.334 Release date: 10 March, 2026 Agent stickiness on multiple Windows Desktops to avoid confusion. Various other bug fixes and performance improvements.

      • Notes - Reaction Buttons

        Using the native notes option within CRM is fine, it works and the RTF features are great, however, would it be possible - if there isnt already something in place, where we can add a reactions button, similar to teams/whatsapp to show that its been read

      • Can't add my domain to Zoho zeptomail because of error code DE_150

        Hello there, I'm trying to add my domain to ZeptoMail but it's rejected I checked the network tab and I'm getting { "error": { "code": "TM_3601", "details": [ { "code": "DE_150", "message": "Antispam validation failed for your domain in Accounts." } ],

      • Proforma Invoice

        Is there an option to create proforma and advance invoices in professional

      • Rename system-defined labels in Zoho CRM

        Renaming system-defined labels is now available across all DCs. Hello everyone, Zoho CRM includes predefined system fields across modules to support essential CRM operations. Until now, the labels of these fields were fixed and could not be edited from

      • Windows agent 2026_M03 release notes

        Agent Version: 111.0.3.333 Release date: 19 February, 2026 Event Viewer Windows agent code release. Optimised the unattended agent uninstallation process to properly cleanup residual files and registry entries to prevent registry orphans.

      • Windows agent 2026_M02 release notes

        Agent Version: 111.0.3.332 Release date: 11 February, 2026 Code refactoring and removing of old unused code to optimise performance in specific versions of Windows Operating System.

      • Windows agent 2026_M01 release notes

        Agent Version: 111.0.3.331 Release date: 09 February, 2026 Enhancements and updates for improved Video Codec performance and stabler video rendering. Refactored legacy code for optimised performance with legacy devices. Upgrades to monitoring protocols

      • how to fix this error as soon as possible?

        how to fix this error as soon as possible? i have purchased it for monthly at 59₹ paid for an annum please let me know how to fix this issue as this one is urgent Server error: Message failed: 550 5.4.6 Unusual sending activity detected. Please try after

      • Transaction Rule Matching

        Q1. Is there a method to have the Transaction Rules applied across multiple Bank Accounts? Q2. To match "contains" text in Transaction Rules, is a wildcard or regular expression required? Is it case sensitive? Would searching for "issue" in the following

      • Native QuickBooks integration for Zoho CRM: Connecting sales and finance

        Greetings, I hope all of you are doing well. We're excited to announce Zoho CRM's integration with QuickBooks Web, which is designed to synchronize your CRM data with your QuickBooks accounting records and bridge the gap between sales and finance. This

      • Edit a previous reconciliation

        I realized that during my March bank reconciliation, I chose the wrong check to reconcile (they were for the same amount on the same date, I just chose the wrong check to reconcile). So now, the incorrect check is showing as un-reconciled. Is there any way I can edit a previous reconciliation (this is 7 months ago) so I can adjust the check that was reconciled? The amounts are exactly the same and it won't change my ending balance.

      • Zoho Writer extension is now available in Zoho Books!

        The Zoho Writer extension is now available in Zoho Books. With this, you can design documents your way. Create custom templates with Zoho Writer in Zoho Books. Instantly generate multiple templates for invoices, estimates, and purchase orders. Easily

      • Paste Options don't work

        I've always wondered about this, as I've experienced this issue for quite some time now. Why don't the right-click Paste options work properly in Zoho Writer? I can use Ctrl + V without any issue, but if I right-click and use one of the Paste menu options,

      • What's New in Zoho Analytics - April 2026

        Hello Users! April brings a fresh set of updates and enhanced capabilities designed to make your analytics more intuitive and efficient. Explore What's New! Zia Insights in Dashboards We’re bringing the power of Zia Insights directly into dashboards.

      • Introducing Custom Columns in Forecasts in Zoho CRM

        Release Plan: Enabling in Phased Manner, Enabled for JP DC Hello all, Forecasts in Zoho CRM help sales representatives, managers, and business stakeholders evaluate performance and plan future sales activities. While standard metrics such as Target, Achieved

      • Integrate QuickBooks with Bigin and streamline your sales and accounting!

        If your business relies on Bigin for customer management and QuickBooks for accounting and invoicing, this new integration is here to make your operations more efficient. By connecting these two platforms, you can now manage your CRM and financial processes

      • What's New in Zoho Billing | April 2026

        April 2026 brings a wide set of updates to Zoho Billing, from updated Payment Links layout and AI-powered billing workflows to smarter subscription quoting, better compliance tools for German Edition users, and more. Here's everything that's new. Connect

      • No Ability to Rename Record Template PDFs in SendMail Task

        As highlighted previously in this post, we still have to deal with the limitation of not being able to rename a record template when sent as a PDF using the SendMail Task. This creates unnecessary complexity for what should be a simple operation, and

      • Need Native Support for docx files in Zoho Writer

        Absolutely love Zoho Writer, but often need to share files by email with people who are in the Office ecosystem. Downloading a file as docx, then sending it by email, getting the comments back, converting it to Zoho format, editing it, then converting

      • Invalid value passed for line_item_category

        duplicating a previous used invoice and trying to save it (new invoice number / po number used) I keep encountering this error when trying to save the invoice Invalid value passed for line_item_category

      • Next Page