Hello everyone!
Welcome back to another post in the Kaizen series!
This week, we will discuss different client types available in Zoho API Console, and when to use each.
 
When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services. 
Let us discuss the available client types and how authorization is handled for each.
Available client types
- Server-based
 
- Client-based
 
- Self client
 
- Non-browser-based
 
- Mobile-based
1. Server-based
If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type. 
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.
Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application. 
  During the registration process in Zoho API Console, you would choose the "Web-based" client type. 
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.
Here is a gist of what happens:
- Users visit your website where you have the Login with Zoho button.
 
- When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
 
- Your app must make an API call to Zoho Accounts with the client ID, scope,  redirect uri, and access type. Users are shown the data that your application wants to use.
 
- When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
 
- The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
 
- Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
 
- You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
 
- Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
 
Note that your app must take care of storing user's details like email, organization ID, and tokens.
The following image shows the protocol flow.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.
2. Client-based applications
This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.
Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
- Your app redirects the user to Zoho Accounts.
 
- Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
 
- The user is shown the data that your webpage would use. 
 
- When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
 
- You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
 
- Your app must then make API calls to Zoho with this access token to fetch data.
 
- When the access token expires, your app must take care of regeneration and storage.
 

As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.
 
As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.
 
3. Self Client Applications
When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.
A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity. 
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.
Here is a gist of what happens.
- You register your app as self client in Zoho API Console.
 
- You will get the client details such as ID and secret. 
 
- You provide the scopes required for your app to access CRM data.
 
- You will receive the grant token.
 
- Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
 
- Your app can then use this access token to make API calls to Zoho CRM and use data.
 
You can refer to our older  Kaizen post on this topic for more details.
 Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.
 
4. Non-browser applications
This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
- You must register your smart TV app in Zoho API Console with the type "Non-browser application".
 
- Users install a dedicated Zoho ShowTime application on their smart TVs.
 
- When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
 
- When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
 
- Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
 
- When the user enters the user code, Zoho Accounts sends the access token to your app.
 
- Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
 
Here is the protocol flow. For more details, refer to this doc. 
5. Mobile-based applications
You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.
Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.
 
We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.
 
Cheers!
- Recent Topics
- Zoho Account delete function- Hello Zoho support team The issue is as follows: Step1: Created an account community@bisonenergy.net Step2: Deleted this account. Step3: Created the new group mail using the same mail address, but the data already exists. So I have to change the name 
- help, 554 5.1.8 blocked- got this blockade, i don't know why? 
- Not Receiving Emails from Gmail, but Other Providers Work Fine- Hello, I'm experiencing an issue where my Zoho Mail account does not receive any emails sent from Gmail addresses. However, I can successfully receive emails from other providers such as Hotmail and Yahoo. There are no problems with sending emails—I'm 
- Basic String Search Not Possible in CRM Deluge – Feature Request or Workaround?- Hi all, I’m trying to solve what should be a very basic automation task in Zoho CRM Deluge: Find the first 11-digit number anywhere in a string (specifically an email subject). In almost any programming language—even 1980s BASIC!—this is a trivial loop: 
- Reencaminhamento de e-mails.- Boa tarde, gostaria de saber se tem a possibilidade de realizar o reencaminhamento de um e-mail especifico. Ex. Eu recebo alguns e-mails de um remetente e gostaria que o meu amigo de trabalho também recebesse esse e-mail, somente deste destinatário, é 
- Knowledge base articles is now available in the Zoho Desk mobile app!- Hello all,   As a customer service agent, every day you might have to deal with many questions and issues reported by the users. With Knowledge Base, you can reduce the issue resolution life cycle for your organization.   We are delighted to announce that we have brought in support for 'Knowledge Base articles' in the Zoho Desk iOS mobile app.  This feature is already available for Android users.   KB articles are available to iOS users in the latest version of the app (v2.4.9). You can update the 
- Set Default Payment Method & Default account- Hi, I would like to know how to set the default payment method and default bank account when recording payments in zoho books. At present we have to change these fields everytime we record a payment, which leads to potential error and as we have a very 
- More than one "Other" response in a Multiple Choice (Many Answers) question type?- Is there a way to have more than one "Other (Please Specify)" with a short response as an option to a Multiple Choice (Many Answers) question? I understand there may be other ways, but I am looking for this way specifically as it would be best for the 
- Zoho Surveys- Dear Zoho Support Team, I hope this message finds you well. I am writing to inquire about the availability and documentation for the Zoho Survey API. Background: I am currently working on a project that requires programmatic access to survey data and 
- Help Needed: Jira to Zoho Projects Migration — Tickets Imported as Unassigned & Comments Under Admin Name- Hi Zoho Team and Community, We recently completed a migration from Jira to Zoho Projects using the official import method outlined in this Zoho Help Article. Issue Summary: We had already added all users to Zoho Projects before the migration, using the 
- Zoho Finance Estimate to Deal Attachment- Hi, I'm trying to fetch estimate pdf from zoho books and upload it as deal attachment without success. any tips how to achieve this? 
- Journeys  - how do i branch on contact call result- Hi all. I want to branch based on the Call result field in contacts. Any idea how I can do this? Also what is the best way to have this condition checked at each step? Thanks! 
- The 3.1 biggest problems with Kiosk right now- I can see a lot of promise in Kiosk, but it currently has limited functionality that makes it a bit of an ugly duckling. It's great at some things, but woeful at others, meaning people must rely on multiple tools within CRM for their business processes. 
- Perform custom actions from the Ticket interface using Buttons- Hello everyone, We have introduced an option to add Buttons to the tickets, which will facilitate direct access to other applications, websites, allows execution of custom workflows, and more. Accessibility and visibility of buttons The buttons can be 
- Inserting a video from library in microsite- Hello, We have uploaded videos in our space library. We created a new event and want to use the videos in our main page our microsite. It's possible to selected image from the library, but no videos. Only URL are accepted, but videos in library have no 
- UUIDs- Has anyone coded a Universal Unique Identifier (UUID) generator in Deluge? 
- Create Tasks in arbitrary Zoho Project triggered from CRM [Zoho Projects]- Community, hello What I'm trying to do is to create a Zoho Project when a Deal is created in CRM and then to be able to add tasks to this Project also from Zoho CRM with the trigger (Blueprint/ Workflow). I succeeded in creating Project using Zoho Flow, 
- Invalid Client - Client ID passed does not exist- Hi, Daniel here. i try to generate an authorization code by following this page Authorization Request - Web Apps - OAuth | Zoho Accounts https://accounts.zoho.com/oauth/v2/auth?scope=ZohoCRM.users.ALL&client_id=1000.myclientid&response_type=code&access_type=offline&redirect_uri=https://localhost:7195/account/integrations/zoho/tokencallback 
- Generate Token v2 api using c# sdk- Hello I am trying to generate a access token using c# sdk but fails every time.is there any sample code so that i can implement that code to insertleads in crm.  my use case is i want to insert and update lead in zoho crm. when user signup in my website i insert the detail of that user in crm using API v1. but V2 api is more confusing that API v1 . so please can anyone provide me a sample code of c# sdk to generate token and insert lead in crm. Or is there any way to achieve this without using c# 
- Upsert your missing data without affecting the historic logs- Dear Customers, We hope you're well! Migrating your data from a legacy system to Zoho CRM is a critical operation as it deals with treasured data. In an unfortunate event, if you have missed to move your historical datasets, you have had to repeat the 
- Dashboard won't save, nor allow me to do a "save as"- For some reason, one of my dashboards won't let me make any modifications to it and save?  I get the "do you want to save before closing?' and I say yes and the dialogue box just stays there.  I try to do a "save as" right after I open that dashboard and I get the dialogue box that seems to let me name the new dashboard, but it won't let me save.  The dialogue box just stays there unless I hit cancel or no. Can you please help? Jamie 
- Copying Files Between Modules- Hi, I'm creating a Deluge script and I've hit a roadblock. I'm trying to copy files from one module (let’s call it Module A) into another one (Module B). Here’s what I’m doing: record = zoho.crm.getRecordById("Module_A", record_id); files_toCopy = record.get("Files_From_A"); 
- Problem with scheduled report sending in Zoho Analytics- Problem with scheduled report sending in Zoho Analytics. Reports are not sent due to size. How can I increase it? 
- 【Zohocreator】ログについて- ワークフローのDelugeスクリプトのinfo関数が出力するログはどこから見れますか? 
- US military addresses- When we have a client with a US military address having them fill in a form is a problem Zoho forms doesnt acommodate them correctly. It doesn't make sense for me to have to create a secondary data model for military addresses. I have placed some links 
- Introduction of Robotics Process Automation in Zoho products- It will be great if Zoho can start advancing from automation to robotics process automation. For a start, it can be started with smart document understanding. Provide OCR engines Google cloud, Microsoft Azure Computer vision OCR, Microsoft OCR, Omnipage 
- Automation#34 : Automate Email threading for Ticket notification- Hello Everyone, It's been a while since we've presented an automation. However, our community has been buzzing with ideas, use cases, and discussions with our community experts and Ask the Experts session. So, here we are again, presenting an automation 
- Zoho Sigma and Catalyst IPs for Whitelist- Hi there, We are developing a series of integrations between Zoho CRM and Zoho Desk with an on-premises system for a customer and they have firewall rules to access their server, so they are requesting the list of IPs addresses for our backend calls, 
- 【開催報告】大阪 ユーザー交流会 2025/6/5 Zoho サービスを活用して業務をアップデート- 皆さま、こんにちは。コミュニティチームの中野です。 6/5(木)に、大阪 ユーザー交流会 を開催しました。本投稿では、その様子をお届けします。 当日の登壇資料などもこちらに共有しますので、参加できなかった皆さまもご参照ください。 (Zoho社員セッションの登壇資料については、8月に開催する福岡 ユーザー交流会の開催報告で共有予定です。) 今年初の開催となる大阪 ユーザー交流会では、akippa株式会社 内藤さんによるZoho CRM / Forms の事例セッションのほか、 「見込み客・顧客データの管理/活用方法」をテーマに、参加者同士でZohoサービス 
- Moving forward, can we change our reports to send record ID's by default?- With the new policy of not including record ID's in reports, is there a way to default to including them in my reports as they used to be? 
- WhatsApp integration isn't very useful at all (no workflow support)- We have set up WhatsApp through Business Messaging. It works, but there appears to be no workflow support for messages that are sent/received! Without being able to trigger a workflow when an inbound message is received, my colleagues would have to manually 
- Zoho CRM 差し込み文書テンプレート if文- Zoho CRM の差し込み文書のテンプレートを作成しています。 フッターにページが 2ページになる場合は、「次葉へ」と言う文字を表示したいのですが、ページ数による判断はできないのでしょうか? 現在はサブフォームの行数で判断しているのですが、複数サブフォームを差し込んでいるので、合計何行で2ページ目になるのか把握が難しく、ページ数で判断できればうれしいなと思い、質問させていただきます。 ※行総数はワークフローでレコード保存時にカスタム関数でサブフォームの行数をカウントして数値を保存しています。 
- Record payment: Payment Mode vs. Deposit To and how to "connect" them!?- How do we set up that when we choose:  "Payment Mode"= Cash, then "Deposit to" is automatically set to Petty Cash, and if we choose  "Payment Mode"= Check, then "Deposit to" is automatically set to Undeposited Checks, and if we choose  "Payment Mode"= 
- Allow split times for business hours feature- It would be great to be able to set business hours multiple times during the same day. For example: Monday from 9am - 1pm, and then from 2pm - 5pm This would allow calls to be sent straight to voicemail during 1pm-2pm during lunch break. 
- Add Knowledge Base KB Articles to multiple categories- Greetings, Love you help center system. One item that would be incredibly helpful to many of us would be able to add a single Knowledge Base KB article to multiple categories in our system. It seems it could be quite easy to use a checkbox form, instead 
- Peppol integration zoho invoicefu- Hi, Belgium will require Peppol invoicing as of 2026. I found that this is being prepared for Zoho books, to be released in Sep 2025. Will Zoho Invoice get this functionality too? I like the Invoice app for my part-time side business as bike mechanic 
- Error in formula- Can someone PLEASE tell me what is wrong with this formula? Formula return type, I have tried string and decimal fn.Year(fn.Now())-fn.Year(${cf_purchase_date}) I keep getting the following error. Incorrect argument type passed for function Year Thanks 
- Sync “Display Author Info” Setting from Zoho Desk to Zoho SalesIQ- Dear Zoho SalesIQ Team, We’d like to suggest a refinement to how Zoho SalesIQ displays knowledge base articles that are synced from Zoho Desk. Current Behavior Zoho Desk allows us to control whether author information (name, profile picture, etc.) is 
- Respect Help Center Visibility Settings for Knowledge Base Sync Between Zoho- Dear Zoho SalesIQ Team, We’d like to suggest an important improvement to the integration between Zoho Desk and Zoho SalesIQ with regard to the knowledge base synchronization. Current Behavior SalesIQ offers excellent functionality by allowing us to sync 
- Enhancing Answer Bot's Capabilities- Wouldn't it be amazing if the answer bot could directly search for answers in our database, FAQs, articles, etc., without needing to display the entire article? without relying on external tools like ChatGPT This way, it could provide concise and relevant 
- Next Page