We are currently using your Remote API product within our service offering. We are deployed to thousands of schools throughout the United States. It has been brought to our attention that to use our remote API, the schools are required to open their firewall ports to sheet.zoho.com, export.writer.zoho.com, etc..

The issue with this is that students can then navigate to your site directly, log in, and have access to "shared storage" that you offer which then makes our product and their network non CIPA compliant:

http://www.fcc.gov/guides/childrens-internet-protection-act

What we need, is for each request into your remote API product to return a url for navigation such as remote.writer.zoho.com, remote.sheet.zoho.com, etc.. Navigating to each of these pages directly will NOT show your default page, but just do a redirect to www.zoho.com. This way we can open the firewall to the "remote" domain names, but the student can in no way navigate directly to your site, login and get access to the shared storage area so we can maintain CIPA compliance.

Failure to implement this will result in us removing your service from our product as we are required to be CIPA compliant to be used in schools.

Thank you.