Kaizen #116 - Client Types in Zoho API Console

Kaizen #116 - Client Types in Zoho API Console

Hello everyone!
Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.

Available client types

  1. Server-based
  2. Client-based
  3. Self client
  4. Non-browser-based
  5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:
  1. Users visit your website where you have the Login with Zoho button.
  2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
  3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
  4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
  5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
  6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
  7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
  8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.


You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.


For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
  1. Your app redirects the user to Zoho Accounts.
  2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
  3. The user is shown the data that your webpage would use.
  4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
  5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
  6. Your app must then make API calls to Zoho with this access token to fetch data.
  7. When the access token expires, your app must take care of regeneration and storage.


As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.
  1. You register your app as self client in Zoho API Console.
  2. You will get the client details such as ID and secret.
  3. You provide the scopes required for your app to access CRM data.
  4. You will receive the grant token.
  5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
  6. Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
  1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
  2. Users install a dedicated Zoho ShowTime application on their smart TVs.
  3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
  4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
  5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
  6. When the user enters the user code, Zoho Accounts sends the access token to your app.
  7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.

Here is the protocol flow. For more details, refer to this doc.


5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.



Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.


Cheers!

      • Recent Topics

      • Zoho Calendar 2024: A Year in Review

        Hello, community members! Happy new year from all of us here at Zoho Calendar. As we turn the page to a new year, we extend our heartfelt gratitude to every member of our Zoho Calendar community for your continued support and enthusiasm. Your feedback

      • Zoho Calendar not syncing correctly with personal Google Calendar

        Coming to this forum as Zoho Calendar support team is not responding, any more. For the past 8 weeks, I have been having an issue with Zoho Calendar not syncing with my personal Google Calendar correctly. I subscribed to Zoho Calendar iCal in my personal

      • MTA - BAD IP reputation by outlook/hotmail

        Messages to Microsoft email servers are bouncing back due to poor reputation. Message: 4.7.650 The mail server [136.143.188.206] has been temporarily rate limited due to IP reputation. For e-mail delivery information see https://postmaster.live.com (S775)

      • Zeptomail API error 500 internal server error

        Hi Everyone, getting this eror continuously! Can anyone please guide around the same! Zeptomail API error 500 internal server error Best Regards

      • Waiting multiple days to buy credits, causing my website to suffer

        So I own a fairly large website that gets a lot of registered users. I use transmail send activation emails, and also forgot password emails. I sent an email to zoho's presales team when I was only at 4K/10K emails sent, hoping to buy more credits before

      • Follow up

        Hello, I sent a message 2 days ago but I don't receive any response and I cannot find my ticket here. this is the ticket: Your ticket has been created with the ticket ID 68925465 and subject "Fwd: Fishing-alert" looking forward to seeing your response.

      • What's new in TransMail!

        Note: TransMail is now ZeptoMail. Click here to know more. Hello again, everyone! We've recently crossed the 6 months mark of TransMail's launch. In this time post our launch, we have been constantly working on updating our platform and adding new features

      • June 2021 in TransMail!

        Note: TransMail is now ZeptoMail. Click here to know more. Hello again, everyone! Hope you and your loved ones are doing well. If you're doing less than fine, we truly hope that things only get better for you.  We've had a few updates in the past month

      • TransMail has a new name—ZeptoMail!

        Tried navigating to TransMail's community forum but see a different name now? That's because TransMail has a new name. TransMail is now ZeptoMail! As we’ve grown from an internal service used mainly by other Zoho products to an up-and-coming competitor

      • July 2021 in ZeptoMail!

        Note: TransMail is now ZeptoMail. Click here to know more. Hello again, everyone! Hope you and your loved ones are doing well.  We've had a few updates in the past month in ZeptoMail—some new features and some important announcements. Take look at what

      • Send Email From the ZeptoMail BY API

        What is Zeptomail:- Transactional email service with reliable and fast delivery How we can Create a Connection for Zeptomail in Zoho CRM Go to the Setup Click on Connection Enter Connection Details:- Generate Consumer Key & Consumer Secret Using Zoho

      • Customer email on Opencart 3

        When I place an order, 2 emails are sent: 1) administrator 2) to the user The administrator receives a beautiful letter, but the user receives a damaged letter (see screenshot). What could be the problem?

      • [Announcement] Insert image from URL changes in Zoho Writer

        Hi Zoho Writer users! We'd like to let you know that we've changed the behavior of the Insert image from URL option in Zoho Writer for security reasons. Earlier behavior Once you inserted an image URL in a Writer document, the image would be fetched from

      • Dynamic Signature - Record owner

        Hi everyone, I’m using Zoho Writer merge templates from Zoho CRM and have two questions: Owner signature: How can I automatically insert the CRM record owner’s signature in the merged document? I’m not sure where this signature is stored or how to reference

      • Writer sing up problom

        Zoho writer sing up prolom face

      • Unable to copy into a new document

        Whe I create a new Writer doc and attemp to copy and past I get this message. The only way to copy into a document is I duplicate an existing document, erase the text and save it under a different name and then paste the information. Not ideal. Can you

      • [Webinar] Live demos and user Q&A with Zoho Writer product experts

        Join us on June 12, 2025 for live demos based on your use cases and real-world scenarios raised via form. This is also an opportunity to get your questions answered directly by product experts from the Zoho Writer team. Webinar agenda Live demos based

      • Zoho Writer's built-in citation and bibliography generator

        Hey researchers and writers! Do you manually format citations and bibliographies, spending hours jumping between apps and tabs? If so, then check out Zoho Writer's built-in "Citations and Bibliography" feature. Imagine you're writing a thesis on the future

      • Single and group checkboxes in Zoho Writer's fillable forms

        Hey Writer Fam, Are you making the most out of single and group checkboxes in fillable forms in Zoho Writer? Here is a handy tip to optimize your use of checkboxes, both single and group, and enhance your data collection process. Single checkboxes: Single

      • Collaborate efficiently with Zoho Writer's track changes feature

        Hi Zoho Writer Community, Zoho Writer's track changes feature is a simple, built-in solution that helps you and your team work together efficiently. Instead of juggling multiple versions of a document or building up a long email chain of comments, each

      • Zoho Writer's WordPress extensions

        Hey Zoho Writer users! Say goodbye to all your WordPress content publishing woes with Zoho Writer's WordPress extensions. Publish content with all your formatting and images, republish content when you update a document, and more—from a single window

      • Time-saving table hacks

        Hey Zoho Writer Community, Do you find yourself using a lot of tables in your documents? We're here to share some of our time-saving hacks that will help you work more efficiently, organize your data, and make your documents look neat and professional.

      • Automating document approval and signing with Zoho Writer and Zoho Sign

        Hey Zoho Writer Community! Here's another automation tip to make your processes more efficient! Question: Can I send a document for client approval first, then automatically send it for signing with Zoho Sign if they approve? Since it's the same person

      • Customization hacks in Zoho Writer - Part 2

        Hey community, We're back with some more tricks to personalize your documents, save time, and get in the zone when you work in Writer. Check out part 1 of this post if you haven't already. Let's dive right in! Document ruler units Imagine you're creating

      • Simplify your tax calculations with Zoho Writer

        Hello Zoho Writer Community! Tax season can be stressful, but with Zoho Writer, managing your income tax calculations becomes straightforward and efficient. Here’s an example of how you can use the tables and formulae of Zoho Writer to calculate income

      • Enhance document navigation with headings and TOC

        Hey Zoho Writer Community! We're back with some useful features in Zoho Writer that can simplify your document creation and navigation process. Let's dive right in! Check out our video on how to make the most of Zoho Writer's heading and table of contents

      • Use and download in PDF format of Zoho wirter Merge template using deluge

        Hello Zoho Developers. Here is some information about Zoho Writer. Writer is not just another online word processor, it's a powerful tool for editing, collaboration, and publishing. Even with its wide range of features, Writer's pared-down user interface

      • Customization hacks in Zoho Writer - Part 3

        Hello everyone, Welcome back to Part 3 of our customization tips in Zoho Writer! In this third installment, we'll be diving into some essential customization settings that can enhance your document creation experience. Sender email address in mail merge

      • Daytime saving timezones messing up writer pdf

        Hi, I need help for something I can't figure out. I created a Form to collect data and it is set up with my current Daylight Saving Time (GMT-3). This form is used to generate a contract (pdf Writer) with dates from an event that is being held in 4 months

      • Issue with locked content in Writer

        Hi, I have seen the documentation which outlines how to lock specific content within a Writer document so that it can't be modified by collaborators, but I have come across an issue. When the editor locks a paragraph for example, then a collaborator can't

      • Deprecation of certain URL patterns for published Zoho Writer documents

        Hi Zoho Writer users! We'd like to let you know that we have deprecated certain URL patterns for published and embedded documents in Zoho Writer due to security reasons. If the published or embedded documents are in any of these URL patterns, then their

      • Using Mail Merge Template to Print Documents with One Subform Record's Fields per Document

        Hello, We have a Mail Merge template created in Zoho Writer which is not able to perform the functionality which is currently required to automate the documentation task portion of our process. The CRM module we are primarily using is based on a "Loans"

      • Problem with Writer and Workdrive

        Hi team, I’m the super admin for our Zoho One org. WorkDrive is active, and Zoho Docs is deprecated for our org. However, Zoho Writer cannot connect to WorkDrive at all — we’ve cleared cache, tried incognito, and restarted several times. I was able to

      • Set to Review for all

        We are testing the use of Writer as part of an internal review process for statement of work documents and have found that when the document is changed from Compose to Review by one person, that is not reflected for all others who view the document. Is

      • I’ve noticed that Zoho Sheet currently doesn’t have a feature similar to the QUERY formula in Google Sheets or Power Query in Microsoft Excel.

        These tools are extremely helpful for: Filtering and extracting data using simple SQL-like queries Combining or transforming data from multiple sheets or tables Creating dynamic reports without using complex formulas Having a Query-like function in Zoho

      • Shortcut to fill a range of cells

        Good evening: I'm writing because I haven't been able to find a feature that allows you to select a range of cells, type in one of them, and then use a key combination to type in all of them. In Excel, the keyboard shortcut is Ctrl+Enter. I haven't found

      • stock

        bom/bse : stock details or price =STOCK(C14;"price") not showing issue is #N/A! kindly resolve this problem

      • SOME FEATURES ARE NOT IN THE ZOHO SHEET IN COMPARISION TO ZOHO SHEET

        TO ZOHO sir/maam with due to respect i want to say that i am using ZOHO tool which is spreadsheet i want to say that some features are not there in zoho sheet as comparison to MS EXCEL like advance filter and other Features which should be there in ZOHO

      • Zoho sheet for desktop

        Hi is zoho sheets available for desktop version for windows

      • Slicers are now available in Zoho Sheet—filter your data interactively

        At Zoho Sheet, we diligently track user requests and feedback. In line with this, based on extensive user requests, we've integrated Slicers to pivot tables and are delighted to announce its release. Slicers are interactive visual filters that have add,

      • Next Page