Kaizen #116 - Client Types in Zoho API Console

Kaizen #116 - Client Types in Zoho API Console

Hello everyone!
Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.

Available client types

  1. Server-based
  2. Client-based
  3. Self client
  4. Non-browser-based
  5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:
  1. Users visit your website where you have the Login with Zoho button.
  2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
  3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
  4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
  5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
  6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
  7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
  8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.


You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.


For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
  1. Your app redirects the user to Zoho Accounts.
  2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
  3. The user is shown the data that your webpage would use.
  4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
  5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
  6. Your app must then make API calls to Zoho with this access token to fetch data.
  7. When the access token expires, your app must take care of regeneration and storage.


As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.
  1. You register your app as self client in Zoho API Console.
  2. You will get the client details such as ID and secret.
  3. You provide the scopes required for your app to access CRM data.
  4. You will receive the grant token.
  5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
  6. Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
  1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
  2. Users install a dedicated Zoho ShowTime application on their smart TVs.
  3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
  4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
  5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
  6. When the user enters the user code, Zoho Accounts sends the access token to your app.
  7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.

Here is the protocol flow. For more details, refer to this doc.


5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.



Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.


Cheers!

    • Recent Topics

    • Zoho Live chat doesnt chat on CRM Contact page????

      We have used Salesforce Live Agent for the last 8 years and the chat comes in on the Contact record which is logical and intuitive as the chat agent can see the customers sales history and open opportunities...etc... We just migrated to Zoho CRM and I
    • Image Quality Issue on Zoho Assist

      Hello, For the past two days, I've been experiencing a significant image quality issue on Zoho Assist when connecting to one of my computers. I’ve tried reinstalling the application, but the issue persists across multiple devices. The internet connection
    • New views to manage activities within a record

      Dear customers, We hope you're well! Today, we're here with a useful update to the Activities related list. As you might be aware, parent records display related information from other modules as related lists. This helps you get a 360-degree view of
    • Sent Mail not in "Sent" IMAP folder

      I have configured ZOHO to use IMAP. When I send an email from within Zoho, the email does not show up in my "Sent" IMAP folder. Every email client I have ever used, stores sent mails in the "Sent" folder. This is a serious flaw!  Please fix this ASAP! Oliver
    • Add additional field to quick search results

      IN the advanced search, we can add any field to the columns. In the regular search results (before you press enter, there is no option to modify the results. It would be super useful to include a custom field where it currently displays the pipleine
    • Admin Control for Subscribing Users to Bots in Zoho Cliq

      Hello, I would like to request an enhancement to Zoho Cliq, specifically related to subscribing users to bots. Current Issue: When using the Zoho Desk integration with Cliq, notifications such as Mentions, Happiness Ratings, and Pending Blueprint Transitions
    • Eighth Insight - Oversee module relationships with Lookups

      The Wheels of Ticketing - Desk Stories Oversee module relationships with Lookups ‌Learning about lookups A lookup field provides a powerful way to display and utilize data from another module directly within a field of your current module. This functionality
    • New capabilities for custom buttons: Elevate UX and CX with just a click!

      -------------------------------------------------Post moderated on 24th May-------------------------------------------------------------- Dear all, The feature is now available for all users in all DCs. Dear Customers, We hope you're well! We're happy
    • Client Side Scripts for Meetings Module

      Will zoho please add client side scripting support to the meetings module? Our workflow requires most meeting details have a specific format to work with other software we have. So we rely on a custom function to auto fill certain things. We currently
    • CRM APP

      So the crm can now have image uploads. Great for us doing site surveys and linking them to customers. Unfortunatley the crm app does not show the image fields.  Any ideas of must we create a form and then link that?
    • Zia Summary for Account - What is its reach

      Hello! I've been working with the Zia summary feature and it's very useful. However, it seems to pull in notes and things directly "on" the Account. If I have a meeting or phone call and provided detailed summaries with the event associated to the account,
    • Search a custom module record based on a date range

      Hi , I hope you can share some guidance. I need to look up a record from a custom module based on the Closing Date of a Deal (in the Deals module). Here’s the context: 1. I have a custom module that stores quarterly values (e.g., rates or thresholds).
    • How do I associate an expense to multiple projects?

      How do I associate itemized expenses to multiple projects, like assigning each line to the respective project
    • So what's the limit?

      Recently our team encountered an error popping out when sending a service report. Although the report was sent successfully to zoho desk but the site asset record isn't updated. We notice this error occur only when line items [subform record] exceeds
    • Charge to add client users to a ZOHO Project?

      Is there a charge to add client users to access a zoho project portal?  An additional license charge or any other additional costs?  Thank You
    • Zoho CRM Notifications API - Channel Expiry

      Has anyone built a reliable integration with CRM Notification API (https://www.zoho.com/crm/developer/docs/api/v8/notifications/overview.html)? Need to sync CRM data with my external system and prefer not to use CRM workflows which ist a nice low code
    • Create Tasks in arbitrary Zoho Project triggered from CRM [Zoho CRM]

      Community, hello What I'm trying to do is to create a Zoho Project when a Deal is created in CRM and then to be able to add tasks to this Project also from Zoho CRM with the trigger (Blueprint/ Workflow). I succeeded in creating Project using Zoho Flow,
    • job opening status is locked and and I cannot change it

      Dear Support I am using standard plan. The job opening status is locked and and I cannot change it.
    • IDN domain

      Why I can't use my domain www.blažek.com I do not want use unfolded shape www.xn--blaek-wib.com in my mail. Can you help me please?
    • Gmail - Error 553 Relaying Disallowed

      Hey Zoho, I have just set up my mail server and added a couple of email accounts. I've verified my domain and added the mx records with my registrar (namecheap.com) What I'm trying to do is to be able to send email from my domain through Gmail.  In Google
    • Candidate status change

      I am trying to change candidate status from "interview scheduled" to "hired". Where do I do this at?
    • How can I set up my contacts so that all users can have them on hand when they sign in?

      Hi.  For my business I would like to set up the Contacts so they are available for any user. 
    • Sharing Knowledge Base articles across multiple departments

      It would be useful to share some Knowledge Base articles across multiple departments where they are applicable, rather than having to go into other departments to find the article you're looking for. For example. Our reception uses the 'Admin' desk whereas our IT guys use the 'Support' desk, however both divisions would find KB articles about our company intranet useful. Reception does not have access to the support desk, so cannot see articles created in the Support KB. Perhaps you could install
    • Getting Project Template List using the REST API

      I am trying to confirm that I can use the REST API to create a project using a project template. The API documentation indicates this is possible by providing the Template ID, but it is not clear at all how to get a list of available Project Templates
    • Where do we manage tags?

      Where is the page where we can view all tags and manage them (like change a tag name to something else or merge tickets under a particular tag with another)?
    • Custom Return Path - Host Name

      Hi there, I've successfully set up SPF/ DKIM for Marketing Automation, but struggling to complete the Custom Return Path. I'm settting up on Wix. What should the host name be for the CNAME record? In Zoho Help it just says: "type your host name (sub-domain
    • Trouble Connecting Zoho Mail via IMAP in n8n – Need Help

      Hi everyone 👋, I'm trying to connect my Zoho Mail account to n8n using the IMAP Email Trigger node, but I'm facing issues getting it to work fully. ✅ Here's what I’ve done so far: ✅ IMAP access is enabled in my Zoho Mail settings ✅ I’m using the correct
    • How to send Messages to Leads/customers

      I’d like to inquire about the process for sending messages or follow-up communications to customers directly from Zoho CRM. Could you please guide me on the best way to do this—whether via email, SMS, or any integrated messaging feature? Additionally,
    • Daily-rate for projects

      I am billing my client through daily billing rates; for Zoho Books projects, only hourly rates can be set up. Please enhance this. Thanks.
    • AI feature in Zoho Desk suggesting answers based on past ticket threads

      Hi I would like to suggest something that would be very useful : instead of suggesting answers based on the Knowledge Base, I think it would be great if Zia could analyze the history of all customer and agents threads, to suggest answers in new tickets.
    • Admin Console Email

      I can't remember the admin console email or password. How do I find that out?
    • help me! the button "remove zoho ad" is not responding

      help me! the button "remove zoho ad" is not responding, kindly advice. please to check the follows : https://sitepreview-643549202.zohositescontent.com/previewsite https://sitebuilder-643549202.zohositescontent.com/builder thanks,best  regards
    • Zoho Forms API

      Is there any way to get all form entry list using API? Looking forward to hear from you
    • Free tier

      Does a completely free tier Zoho email still exists? If so why am I receiving email reminders that my account would expire in 2 days
    • Disable "skip to content" in Help Center

      Our users used to be able to press the tab button to skip between fields when submitting a new ticket in the help center. Now it pulls up the "skip to content" button in the top left corner. I know this is an accessibility feature, but is there any way
    • Mail Data Migration

      Hello Team, I have an issue with my organization mail data migration from Google to Zoho. We used Google Workspace before now but decided to change to Zoho to enjoy your service. I have successfully created an account and 1. Complete Domain verification
    • Prompting email addresses when sending an email

      Hi, I was just wondering if it was possible to disable the prompt / suggestion of email addresses when you begin typing an email address into the TO or CC box? Some of the email addresses that are being suggested are people that no longer require the
    • This is a HTML email and your email client software does not support HTML email!

      I have a small business, recently the email notification is coming like this to me, can anyone please help me? I am not so IT savvy -----=_NextPart_b4583c76c623900f59ad5b420c6da260 Content-Type: multipart/alternative; boundary="----=_NextPart_b4583c76c623900f59ad5b420c6da260_alt"
    • How to insert a ZohoUser in a subform field?

      I am building an new external web app that uses the ZohoCRM REST API (v8) to push data to Zoho. How do I use the ZohoCRM REST API to insert ZohoUsers into a subform field? I've tried several approaches and none of them have worked - inserting the ID as
    • Unable to receive emails

      Hello - I set up an email account for my domain. I can send emails but cannot receive them. I believe the issue might be with incorrect IMAP configuration (?) - but im not sure and cant find where this is on the platform. Im using Zoho hosting for the
    • Next Page