Kaizen #2 - OAuth2.0 and Self Client #API

Kaizen #2 - OAuth2.0 and Self Client #API

Hi everyone!

Welcome back to another week of Kaizen! 

In this post, we will shed some light on the OAuth2.0 protocol and how you can use Zoho's Self Client option to authenticate your application and generate the tokens.

What is OAuth2.0?
OAuth 2.0 is an industry standard protocol specification that enables third-party applications (clients) to gain delegated access to protected resources in Zoho via an API.

Why should we use OAuth2.0?
  • Clients are not required to support password authentication or store user credentials.
  • Clients gain delegated access, i.e., access only to resources authenticated by the user.
  • Users can revoke client's delegated access anytime.
  • OAuth access tokens expire after a set time. If the client faces a security breach, user data will be compromised only until the access token is valid.

To use the Zoho CRM APIs, you must authenticate the application to make API calls on your behalf with an access token.

The access token, in return, must be obtained from a grant token (authorization code).

Zoho CRM APIs use the authorization code grant type to provide access to protected resources.
In this type,
  1. The web application redirects the user to the OAuth server.
  2. The user sees the authorization prompt and approves the app's request as shown in the below image.

  3. The user is redirected back to the application with an authorization code in the query string.

  4. The application exchanges the authorization code for an access token.
As you can see, this involves user intervention while authorizing your application.

When should you use Self Client?

If your application is a stand-alone application that performs only back-end jobs like data-sync(without any manual intervention), you cannot use this authorization code flow. 

In the below example image, the data sync happens between Zoho CRM and your legacy Product Management system. So, it is perfect to use the Self Client option as it does not need an UI for this type of application. Using this flow, you can generate the grant token, access, and refresh tokens.


How to use Self Client?
1. Go to Zoho Developer Console and log in with your Zoho CRM username and password.

2. Choose Self Client from the list of client types.


3. Click Create on the Create New Client page and click OK in the pop up to enable a self client for your account.

4. Now, your client ID and secret is displayed under the Client Secret tab.


5. Click the Generate Code tab to generate the Grant token.
The grant token is a temporary token generated by the authorization server (Zoho CRM, here) to generate access and refresh tokens.
Before generating the grant token, you must decide the scope you need. Scope decide the level of access a client can have to a resource.
Refer to our list of scopes, for more details.

a. Click the Generate Code tab and enter the required scope separated by commas.
b. Select the Time Duration for which the grant token is valid. Please note that after this time, the grant token expires.
c. Enter a description and click Generate.
d. The generated code for the specified scope is displayed. Copy the grant token.
e. Please note that generating grant token is a one-time process, provided you generate the access and refresh tokens within the time the grant token is valid for.

6. Generate the Access and Refresh tokens using Postman or any REST client.
a. Open Postman.
b. Make a POST request with the following URL.
"{{accounts-domain}}/oauth/v2/token"
{{accounts-domain}} is the domain-specific URL in which you registered your client.
c. Pass the below keys and their values in the body of the request.



d. Hit Send. The access and refresh tokens are displayed in the response.

 e. The access token is valid for an hour from generation. 
 f. The refresh token does not expire. You can use this to refresh your access token when they expire.

Quick tip: Enter all the required keys and values in Postman before you generate the token. This way, you will only have to paste the grant token after its generation, thereby reducing the risk of its expiration before you generate the tokens.

7. Store the access and refresh tokens and use the access token when you make API calls.

​8. Write a script that will call the below token refresh URL before the time the access token expires.
"{{accounts-domain}}/oauth/v2/token?client_id={{client_id}}&client_secret={[client_secret}}&refresh_token={{generated_refresh_token}}&grant_type=refresh_token"


Other useful links:
Bulk Read API to export data in bulk from CRM
Bulk Write API to import data from a database to CRM

We will meet you next week with another exciting topic!


Cheers!






    • Sticky Posts

    • Kaizen #198: Using Client Script for Custom Validation in Blueprint

      Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

    • Kaizen #226: Using ZRC in Client Script

      Hello everyone! Welcome to another week of Kaizen. In today's post, lets see what is ZRC (Zoho Request Client) and how we can use ZRC methods in Client Script to get inputs from a Salesperson and update the Lead status with a single button click. In this

    • Kaizen #222 - Client Script Support for Notes Related List

      Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore how

    • Kaizen #217 - Actions APIs : Tasks

      Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

    • Kaizen #216 - Actions APIs : Email Notifications

      Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

      • Recent Topics

      • Inquiry regarding auto-save behavior for Zoho Sign Embedded Sending

        Dear Zoho Support Team, I am currently integrating Zoho Sign's Embedded Sending functionality using iframes on my website. I would like to know if there is a way to ensure that the document state (including any added fields) is automatically saved as

      • Introducing Connected Records to bring business context to every aspect of your work in Zoho CRM for Everyone

        Hello Everyone, We are excited to unveil phase one of a powerful enhancement to CRM for Everyone - Connected Records, available only in CRM's Nextgen UI. With CRM for Everyone, businesses can onboard all customer-facing teams onto the CRM platform to

      • Automation#17: Auto-Create Tasks in Zoho Projects Upon Ticket Creation in Zoho Desk

        Hello Everyone, This edition delivers the solution to automatically create a task in Zoho Projects when a ticket is created in Zoho Desk. Zylker Resorts uses Zoho Desk for bookings and handling guest requests. Zylker resorts outsources cab bookings to

      • Automation#20 : Auto-Add Ticket Tags based on Keywords

        Hello Everyone! Welcome to unveiling custom functions on our Community series. This week's post lets you add tags to your tickets automatically based on the keywords in the ticket subject and the ticket thread. Discover how this custom function helps

      • Automation#21: Track Ticket Transfers Across Departments

        Hello Everyone! With Halloween just around the corner, we'd like to let you know the Zoho Desk team is always there to sweep away your customer service troubles! This week, we’re excited to introduce a custom function that tracks tickets moved between

      • Email Integration - Zoho CRM - OAuth and IMAP

        Hello, We are attempting to integrate our Microsoft 365 email with Zoho CRM. We are using the documentation at Email Configuration for IMAP and POP3 (zoho.com) We use Microsoft 365 and per their recommendations (and requirements) for secure email we have

      • Homepage not assignable to group

      • MS Teams for daily call operations

        Hello all, Our most anticipated and crucial update is finally here! Organizations using Microsoft Teams phone system can now integrate it effectively with Zoho CRM for tasks like dialling numbers and logging calls. We are enhancing our MS Teams functionality

      • Automation#22 Track Ticket Duration at Specific Status

        Hello Everyone! Welcome back to the Community Learning Series! Today, we explore how Zylker Techfix, a gadget servicing firm, boosted productivity by tracking the time spent at a particular ticket status in Zoho Desk. Zylker Techfix customized Zoho Desk’s

      • Automation#23: Automate Guided Conversations in Zoho Desk with Business Hours

        Hello Everyone, This week's edition introduces a custom function designed to automate Guided Conversations in Zoho Desk, based on your business hours. With this feature, you can align the bot's behavior with your business schedule, ensuring a smooth and

      • Address changes in quote form

        When entering a quote, the first piece of information required is the Account, which properly populates the billing and shipping address fields. Then I use the lookup function to select a contact, and when I do, the billing and shipping addresses are

      • Automation#24: Auto-Update custom field from Accounts to Tickets

        Hello Everyone! Welcome back to the Community Learning Series! This episode dives into how Zylker Techfix streamlines account-related ticket references. Previously, employees had to manually check account details to retrieve specific customer information,

      • Kaizen #227 : Client Script Support for List Page (Canvas)

        Hello everyone! Welcome to another week of Kaizen. In today's post lets see how Client Script can be used in Canvas List Page to mask sensitive information from specific roles and add colors to Canvas List Page records based on custom criteria.This use

      • Automation#25: Move Tickets to Unassigned When the Owner Is Offline

        Hello Everyone, Welcome to this week's Community Series! 'Tis the holiday season—a time when work often takes a brief pause. The holiday spirit is in full swing at Zylker Techfix too, with employees taking some well-deserved time off. During this period,

      • Automation#27: Retain Ticket Owner on Moved Tickets

        Hello Everyone! This week, we present to you a custom function that retains the ticket owner when a ticket is moved from one department to another. Here’s more to help you understand the custom function: At Zylker Techfix, Alex, the Support Engineer manages

      • Automation#28 Notify Agents on Article Expiry

        Hello Everyone! This week, we’re bringing you a feature that notifies your team when articles in the Knowledge Base are set to expire to keep your content relevant and helpful for customers. The Zoho Desk's Knowledge Base is an asset for customers to

      • Automation#29 Retain ticket status on moved tickets

        Hello Everyone, Hear out Zylker Techfix’s Success Story on Smoother Ticket Transitions! Zylker Techfix, a gadget servicing firm committed to quick repairs and timely deliveries, faced a challenge when ticket statuses changed automatically while moving

      • Automation#32:Auto Add New Portal Users to the Help Center User Groups

        Hello Everyone, Introducing a custom function that automates the process of adding new portal users to Help Center user groups, making user management effortless! By default, Zoho Desk allows you to assign new portal users to groups manually. But with

      • Automation#34 : Automate Email threading for Ticket notification

        Hello Everyone, It's been a while since we've presented an automation. However, our community has been buzzing with ideas, use cases, and discussions with our community experts and Ask the Experts session. So, here we are again, presenting an automation

      • Automation#35 : Auto-Add Comments under the Owner's Name in Tickets via Macros

        Hello Everyone, This week's custom function provides simple steps to configure a Macro for adding comments to tickets with the name of the Comment owner. When managing tickets, you can use the Comment feature to communicate internally with your team and

      • Automation#36: Auto-create time-entry after performing the Blueprint transition

        Hello Everyone, This week’s edition focuses on configuring a custom function within Zoho Desk to streamline time tracking within the Blueprint. In this case, we create a custom field, and request the agent to enter the spending time within the single

      • Automation#33: Automate Splitting Names for Existing Contact Records

        An organized directory – who doesn't love one? Previously, we explored how to split contact names into First Name and Last Name for new contacts in Zoho Desk. But what about existing contacts already in your database? This week, we bring you a custom

      • Workqueue

        I really like the idea of the Workqueue generally - it will be really useful. What it seems to lack however, is the ability to customise it properly. I want to be able to show a custom view rather than just "My Leads" and "Leads Assigned in Last 3 hours".

      • Webform & spam

        Hi, We set up 2 webform on our website, fowarding the content to Zoho CRM. Since it has been opened up, we are getting lot of spam message (for now about 20 a day). To lower the amount of false new leads we added the captcha field and new enquieries are

      • Zoho CRM Web form page URL

        Hi there, I am getting quite a bit of spam through my Zoho CRM Web form and want to restrict the URLs it is submittable from. I can see that I can add Location URLs but I need to be able to just add a domain so can I enter mydomain.com/* to cover all

      • Receiving too many Spam Leads. Why?

        I am receiving so many junk leads from web forms created by zoho's platform. The junk queries are increasing day by day and are affecting our business. I am continuously following up with zoho team from the past one year but not getting any satisfactory

      • Mail Merge is not working properly as far as the AUTOMATE section is concerned

        Hi there, I created a Mail Merge template for the Deal module. I would like Deal owners to mail merge their Deal records, download the Mail Merge document as a Word doc and make a few changes before sending it to the customer. Thing is, neither the "Merge

      • Canvas Detail View Related List Sorting

        Hello, I am having an issue finding a way to sort a related list within a canvas detail view. I have sorted the related list on the page layout associated with the canvas view, but that does not transfer to the canvas view. What am I missing?

      • project name field issue- n8n

        Hey guys, I have a question. I want to create a new product using the workflow. The problem is with the product name field; I don't know how to fill it in. The workflow starts with retrieving information from the leads table, retrieving links to scrape

      • Critical:- Eneble TDS filing for 26Q from the zoho book

        We currently extract TDS data from Zoho Books and manually input it into a separate TDS software to generate the FUV file and file returns. Previously, while using Tally, we benefited from an integrated feature that seamlessly recorded transactions and

      • How to track repeat customers?

        I own a food business and every order is entered into Zoho with: a unique Customer ID total order amount date of order With this information, I want to be able to see a list of my "best" customers. In other words, descending lists arranged according to:

      • Zoho Books - Breaking A Working App

        We've been using Zoho for many years now. Across all apps, entering phone numbers in standard formats was enabled in all apps. These formats are: xxx.yyy.zzzz xxx-yyy-zzzz (xxx) yyy-zzzz and we were able also to add extension numbers in these formats:

      • Build data protection into your support

        At Zoho, privacy is our principle. Every Zoho product is built with privacy as the foundation and the finishing touch, guiding every decision we make. Security, privacy, and compliance are woven into the software development lifecycle, starting from how

      • Conditional formatting: before/after "today" not available

        When setting conditional formatting, it only allows me to set a specific calendar date when choosing "Before" or "After" conditions. Typing "today" returns the error "Value must be of type date". Is there a workaround? Thanks for any help!

      • Display Client Name in Zoho Creator Client Portal Dashboard

        Hello Zoho Creator Team, We hope you are doing well. Zoho Creator recently introduced the option to set a client’s display name in the Client Portal settings, which is very helpful for providing a personalized portal experience. However, there is currently

      • Customizable UI components in pages | Theme builder

        Anyone know when these roadmap items are scheduled for release? They were originally scheduled for Q4 2025. https://www.zoho.com/creator/product-roadmap.html

      • Amazon.in FBA multiple warehouse integration with Zoho Inventory

        My organisation subscribed to Zoho One looking at the opportunity to integrate Amazon.in with Inventory. But during the configuration, we understood the integration has severe limitations when it involves multiple warehouses in the same Organisation.

      • Feature Request - Set Default Values for Meetings

        Hi Zoho CRM Team, It would be very useful if we could set default values for meeting parameters. For example, if you always wanted Reminder 1 Day before. Currently you need to remember to choose it for every meeting. Also being able to use merge tags

      • Ability for admin to access or make changes in zoho form without asking for ownership

        Currently in zoho form only form owner can make the changes in the form and if someone else has to make changes then we have to transfer the ownership to them and even admin also cant access it . So i think admin must have the ability or option to access

      • Issue with WhatsApp Template Approval and Marketing Message Limit in Zoho Bigin

        We are facing issues while creating and using WhatsApp message templates through Zoho Bigin, and we request your clarification and support regarding the same. 1. Utility Template Approval Issue Until December, we were able to create WhatsApp templates

      • Next Page