Kaizen #2 - OAuth2.0 and Self Client #API

Kaizen #2 - OAuth2.0 and Self Client #API

Hi everyone!

Welcome back to another week of Kaizen! 

In this post, we will shed some light on the OAuth2.0 protocol and how you can use Zoho's Self Client option to authenticate your application and generate the tokens.

What is OAuth2.0?
OAuth 2.0 is an industry standard protocol specification that enables third-party applications (clients) to gain delegated access to protected resources in Zoho via an API.

Why should we use OAuth2.0?
  • Clients are not required to support password authentication or store user credentials.
  • Clients gain delegated access, i.e., access only to resources authenticated by the user.
  • Users can revoke client's delegated access anytime.
  • OAuth access tokens expire after a set time. If the client faces a security breach, user data will be compromised only until the access token is valid.

To use the Zoho CRM APIs, you must authenticate the application to make API calls on your behalf with an access token.

The access token, in return, must be obtained from a grant token (authorization code).

Zoho CRM APIs use the authorization code grant type to provide access to protected resources.
In this type,
  1. The web application redirects the user to the OAuth server.
  2. The user sees the authorization prompt and approves the app's request as shown in the below image.

  3. The user is redirected back to the application with an authorization code in the query string.

  4. The application exchanges the authorization code for an access token.
As you can see, this involves user intervention while authorizing your application.

When should you use Self Client?

If your application is a stand-alone application that performs only back-end jobs like data-sync(without any manual intervention), you cannot use this authorization code flow. 

In the below example image, the data sync happens between Zoho CRM and your legacy Product Management system. So, it is perfect to use the Self Client option as it does not need an UI for this type of application. Using this flow, you can generate the grant token, access, and refresh tokens.


How to use Self Client?
1. Go to Zoho Developer Console and log in with your Zoho CRM username and password.

2. Choose Self Client from the list of client types.


3. Click Create on the Create New Client page and click OK in the pop up to enable a self client for your account.

4. Now, your client ID and secret is displayed under the Client Secret tab.


5. Click the Generate Code tab to generate the Grant token.
The grant token is a temporary token generated by the authorization server (Zoho CRM, here) to generate access and refresh tokens.
Before generating the grant token, you must decide the scope you need. Scope decide the level of access a client can have to a resource.
Refer to our list of scopes, for more details.

a. Click the Generate Code tab and enter the required scope separated by commas.
b. Select the Time Duration for which the grant token is valid. Please note that after this time, the grant token expires.
c. Enter a description and click Generate.
d. The generated code for the specified scope is displayed. Copy the grant token.
e. Please note that generating grant token is a one-time process, provided you generate the access and refresh tokens within the time the grant token is valid for.

6. Generate the Access and Refresh tokens using Postman or any REST client.
a. Open Postman.
b. Make a POST request with the following URL.
"{{accounts-domain}}/oauth/v2/token"
{{accounts-domain}} is the domain-specific URL in which you registered your client.
c. Pass the below keys and their values in the body of the request.



d. Hit Send. The access and refresh tokens are displayed in the response.

 e. The access token is valid for an hour from generation. 
 f. The refresh token does not expire. You can use this to refresh your access token when they expire.

Quick tip: Enter all the required keys and values in Postman before you generate the token. This way, you will only have to paste the grant token after its generation, thereby reducing the risk of its expiration before you generate the tokens.

7. Store the access and refresh tokens and use the access token when you make API calls.

​8. Write a script that will call the below token refresh URL before the time the access token expires.
"{{accounts-domain}}/oauth/v2/token?client_id={{client_id}}&client_secret={[client_secret}}&refresh_token={{generated_refresh_token}}&grant_type=refresh_token"


Other useful links:
Bulk Read API to export data in bulk from CRM
Bulk Write API to import data from a database to CRM

We will meet you next week with another exciting topic!


Cheers!








      • Sticky Posts

      • Kaizen #217 - Actions APIs : Tasks

        Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

      • Kaizen #216 - Actions APIs : Email Notifications

        Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

      • Kaizen #152 - Client Script Support for the new Canvas Record Forms

        Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

      • Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

        Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

      • Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

        Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

        • Recent Topics

        • Live webinar: Craft and deliver impactful slides with Show’s desktop apps

          If you love the comfort of working on your desktop and want a setup that keeps you focused and uninterrupted, this session is made for you. We’re excited to invite you to our upcoming live webinar: "Craft and deliver impactful slides with Show's desktop

        • Enhancements to Bigin's forms

          Greetings, I hope all of you are doing well. We're happy to announce a few recent enhancements we've made to Bigin's forms. We'll go over each one in detail. Merge field support in auto-filled forms The auto-fill option in Bigin's forms lets you predefine

        • Table dimensions

          I try changing the dimensions of the table on my computer but it doesn't change. Do I have to be a premium member or does it only work on the app?

        • Direct link to Record Summary

          Hi everyone, In one of my reports, I have built a Record Summary template to display the details of one record. I would like to be able to link directly to this Record Summary once I submit a new record, without having to go to the list of records first and click on View. Is there a possibility to do so ?  Should I use the URL by passing some parameters ? Thank you very much for your help ! Guillaume

        • API Support for Creating Invoices with Batch-Tracked Items

          Hi Zoho Community, I am working on an integration where we create invoices in ERPNext and push them to Zoho Books. I need to send batch-tracked items (batch numbers) when creating invoices. I could not find any reference in the Zoho Books API documentation.

        • Amendment effective date

          Hi everyone, I noticed that the amendment effective date mentionned in my amendment is not right. Indeed, when a contract is amended several times, it states the previous amendment and their effective date. However, the effective date stated is always

        • STOCK history in zohosheets

          is it possible to get historical stock value using stock function in zoho sheets? i could not see from and to period in the helper document.

        • Auto sync Photo storage

          Hello I am new to Zoho Workdrive and was wondering if the is a way of automatically syncing photos on my Android phone to my workdrive as want to move away from Google? Thanks

        • Agent password reset

          Hi Zoho support, I would like to ask if there is a way the admin can reset a password of an agent? Regards

        • Can receive but not send messages in Zoho Mail

          Hello! I was able to configure my email client successfully in that I can receive messages just fine. However, when I send messages out, they seem to go out fine (I don't receive any errors or anything), but the recipient does NOT receive those messages.

        • Mail is sent twice!

          Been using Zoho for a while now. Installed Zoho for someone else and some weird things are happening. Mails are being sent twice. He is using Thunderbird as an email client. I already read about email being duplicated in the sent folder. But in my case

        • Can't login IMAP suddenly

          Since this evening I'm getting the error: You are yet to enable IMAP for your account. Please contact your administrator... IMAP always been enabled in my account and was workign fine for the past 7 years. Already tried turning IMAP off and on again.

        • Sending of username did not succeed: Mail server pop.zoho.com responded: User already specified

          I am having issues receiving emails from Zoho in Thunderbird. I am getting the above error. The first error tells me Authentication failed, and prompts me to enter in my password. Then I get the above error. I can receive emails when I log in online to

        • Bug tracking

          Hi, does anyone know how to track errors during picking or packing? This way I can keep track and see how to improve and prevent errors in this area.

        • Flow - Fetch info from drop down in another module

          I am running into a road block which I thought would be a simple task. My goal - The account is assigned to a "route" which can be selected from a drop down menu and adds a tag to the account accordingly (easy enough). Now when I create a task for this

        • Migration of corporate mail environment from Yandex 360 to Zoho mail

          I have to migrate a corporate mail environment with an existing domain from Yandex 360 to Zoho mail. It is vital to migrate all users with all the data. I have read the article on this topic using MacMister Email Backup Software just now and have some

        • I'm unable to send mail pthrough Zoho SMTP programmatically

          This has been working for years, but today it's been offline all day long. I see nothing anywhere on your site about this. I'm not the only one experiencing this. Downdetector has a spike of reports today

        • Can no longer send email via Django site

          This was working fine as of 11/7/25. Now I am unable to send user verification emails from a Django site on a AWS lightsail sever. When a user attempts to register the following error occurs. I have also attempted to send a test email via the shell and

        • unable to send email but able to receive email

          my email address is info@securityforceservices.ca

        • Login to server failing

          When trying to retrieve my mail, I am getting this error message -- Login to server pop.zoho.com with username (my email address) failed. It gives me the option to retry, enter password, or cancel. Then I get this message -- Sending of username did not

        • Configuration failed: 200 response not received for POST request.

          Hello, I am trying to set up a webhook to connect with an Salesforce but I receive the following error from Zoho: Configuration failed: 200 response not received for POST request I have tried testing it on webhook.site as well and receive the same error

        • Zoho Migration Assistant not working

          Hello, I am trying to use you Migration assistant to migrate emails from Rediff to Zoho. I am stuck in the first step. After downloading the migration tool, I copied the link to verify user credentials, however, after pasting the link in the browser,

        • Paid Support Plans with Automated Billing

          We (like many others, I'm sure) are designing or have paid support plans. Our design involves a given number of support hours in each plan. Here are my questions: 1) Are there any plans to add time-based plans in the Zoho Desk Support Plans feature? The

        • Scheduled Reports - Do not send empty report

          Hello, We are intensively using reports in the CRM, especially for sales managers.  When data is empty, they still receive an email. Can you add an option to avoid sending the report when data is empty?

        • Contacts Missing — PeopleSync/Zoho Mail

          English: In our company we use ManageEngine Mobile Device Manager (MDM), Free edition, to manage corporate mobile devices. Our usage policy does not allow personal Google accounts on these devices; therefore, Google account sync is blocked through MDM.

        • Best way to integrate Zoho with mobile app for managing customer requests with real-time notifications?

          Hello, I'm building a solution for a travel company where customers submit requests through a website, and the sales team manages these requests through a mobile app. The Requirement: Customers fill a form on the website (name, email, number of children,

        • Kaizen #57 - Mass Update API in Zoho CRM

          Hello everyone! Welcome back to yet another post in the Kaizen series. This week, we will discuss the Mass Update API in Zoho CRM. In this post, we will cover the following: 1. Introduction 2. Mass Update Records API  3. Schedule Update and Get Status

        • Getting Attachments in Zoho Desk via API

          Is there a way to get attachments into Zoho Desk via an API?      We have a process by which a zoho survey gets sent to the user as a link in a notification.    The survey has several upload fields where they can upload pdf documents.    I've created

        • Multiple currencies - doesn’t seem to work for site visitors / customers

          I am trying to understand how the multiple currency feature works from the perspective of the website visitor who is shopping on my Zoho Commerce site. My site’s base currency is US Dollars (USD) but my store is for customers in Costa Rica and I would

        • Pincode based Product Restriction

          we have different types of products. 1) Very bulky items like plywood. 2) Too delicate items like glass These type of products we want to sell to local customers. Other products we want to supply all over India. There should be an option to restrict products

        • Can multiple agents be assigned to one ticket on purpose?

          Is it possible to assign one ticket to two or more agents at a time? I would like the option to have multiple people working on one ticket so that the same ticket is viewable for those agents on their list of pending tickets. Is something like this currently

        • Related Lists filter

          I have Contacts showing in our Accounts module. I customized the Contacts module with an Employment Status field, with the following picklist options: "Primary Contact", "Secondary Contact", "Active Staff(not a main contact)", and "No longer employed".

        • Standalone custom function not generating logs

          Why dont't standalone custom functions generate logs when the're called from another function? I have some functions (workflow, buttons and blueprint) that have common parts, so I put that part in a standalone function which is called from the others.

        • Add "Reset MFA" Option for Zoho Creator Client Portal Users

          Hello Zoho Creator Team, We hope you are doing well. We would like to request an important enhancement related to Multi-Factor Authentication (MFA) for client portal users in Zoho Creator. Currently, Creator allows us to enforce MFA for portal users,

        • Support Bots and Automations in External Channels

          Hello Zoho Cliq Team, How are you? We actively use Zoho Cliq for collaboration, including with our external developers. For this purpose, external channels are a key tool since they work seamlessly within the same interface as all of our other channels

        • Urgent Security Feature Request – Add MFA to Zoho Projects Client Portal Hello Zoho Projects Team,

          Hello Zoho Projects Team, We hope you are doing well. We would like to submit an urgent security enhancement request regarding the Zoho Projects Client Portal. At this time, as far as we are aware, there is no Multi-Factor Authentication (MFA) available

        • Creator HTML page refresh

          Hi, I have added around 5 different html snippets in single creator page. I understand, I can refresh the entire page from page script using Navigational URLs https://help.zoho.com/portal/en/kb/creator/developer-guide/others/url-patterns/articles/navigational-urls

        • Zoho Desk - Custom Module Related List Columns on Tickets

          I have a custom module in Zoho Desk called Asana Tasks, each task has a lookup to a Ticket. On the Ticket I want to see the columns of the Asana Tasks in the related list . Is there a way to do this? Right now it just has the name of the record and I

        • Google Analytics import data inaccurate (as of October 11, 2025)

          We have Zoho Analytics connected to GA4 to import daily event data. This has been running without issue for a couple of years. However, a month ago we started noticing discrepancies. All data until October 10 lines up perfectly - October 11 onward is

        • What is your opinion of the new UI?

          Hi Everyone, I would like to see what everyone thinks of the new Zoho One Dashboard. I don't get it, but perhaps I'm missing something. What are your thoughts?

        • Next Page