Kaizen #116 - Client Types in Zoho API Console

Kaizen #116 - Client Types in Zoho API Console

Hello everyone!
Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.

Available client types

  1. Server-based
  2. Client-based
  3. Self client
  4. Non-browser-based
  5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:
  1. Users visit your website where you have the Login with Zoho button.
  2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
  3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
  4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
  5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
  6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
  7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
  8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.


You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.


For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
  1. Your app redirects the user to Zoho Accounts.
  2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
  3. The user is shown the data that your webpage would use.
  4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
  5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
  6. Your app must then make API calls to Zoho with this access token to fetch data.
  7. When the access token expires, your app must take care of regeneration and storage.


As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.
  1. You register your app as self client in Zoho API Console.
  2. You will get the client details such as ID and secret.
  3. You provide the scopes required for your app to access CRM data.
  4. You will receive the grant token.
  5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
  6. Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
  1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
  2. Users install a dedicated Zoho ShowTime application on their smart TVs.
  3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
  4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
  5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
  6. When the user enters the user code, Zoho Accounts sends the access token to your app.
  7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.

Here is the protocol flow. For more details, refer to this doc.


5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.



Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.


Cheers!

    • Recent Topics

    • setting date-time field from string

      hello everyone, i hope someone could help me. i have a date-time field in a form that i want to fill in from two separate fields of date, and time. i need to combine the two fields to a one date-time field but can make it work. i tried to convert the

    • Calendars and CRM Contacts

      I'm finding having multiple calendars in Zoho One so confusing. I have a few questions so I can get this straight. We have a meeting room that we have set up as a resource in Calendar. Can this be set up in Bookings and the CRM Calendar? Using Zoho Calendar,

    • Announcing new features in Trident for Mac (v1.23.0)

      Hello everyone! Trident for macOS (v.1.23.0) is here with interesting features and thoughtful enhancements to elevate your workplace communication and productivity. Here's a quick look at what's new. Record your meetings. You can now record audio and

    • Applying a record template

      Hi all, I can't figure this out. I hope you can help. The scenario: We have learners who have to complete a 'digital' journal with tasks in order to qualify. Those tasks, once completed, need a final signature from their 'Mentor', which will trigger their

    • Quickbooks invoice with Zoho Creator

      Is it possible to push data from Zoho Creator directly to an invoice on QuickBooks? If so, where can I find information on how to do this?

    • Help: Capture full page URL in hidden field when same Zoho Form is embedded on multiple pages (iframe)

      Hi all, Goal Use one Zoho Form across multiple pages and record the exact page URL (incl. subdomain + path + hash) where the user submitted it. Example pages: https://www.example.com/cargo/ https://www.example.com/cargo/containers/#contact https://cargo.example.com/auto/

    • Automatically Populate fields - HELP!

      There have been many discussions on this but I still can't seem to get it to work for me. I am trying to create a lookup field and have other fields automatically populate. Based on the instructions in the Help Center, I should be using the "on user input". It's just not working, here is the layout...   Both forms are in the same application. Current form is called Add Note, form to fetch records from is called Add Client. Lookup field is called Select_Client_ID related field in fetch form is called

    • Push notifications to portal users

      Hi all, it is possible to send push notifications to portal users?

    • Rename the attachment from record template pdf in the sendmail deluge script

      Hello Zoho, I urgently need a feature to rename record templates that I send via the sendmail feature. The program I created sends emails to clients with an invoices that have been created in the invoice database. If the user selects 3 invoice numbers,

    • Alt Text On Multiple Images

      I'm using Zoho Social to post to a charity website. Often the posts have multiple images, but it seems there is only one field for Alt Text. Does that mean I can only include it for the first image? Or is there a way to add alt text for all the imag

    • [SOLVED] Getting 401 when trying to download ticket attachment via API

      I'm able to use the API just fine to access ticket content. But I cannot download ticket attachment, keep getting 401 Client Error. Example: https://desk.zoho.com.au/api/v1/tickets/{ticket_id}/attachments/{attachment_id}/content?orgId={org_id} For headers,

    • Zoho project – Workdrive integration.

      Hello everyone, I was wondering something, we did the Zoho projects integration with Zoho Workdrive but nowhere during this integration we could set the location of the folders that would be automatically created in Workdrive. As I understand it, it creates

    • Scriptを埋め込みたくてOn User Inputを探しているのですが・・・

      編集モードで、Scriptを埋め込みたい項目を選択し、「項目のプロパティ」パネルで、その下のほうに「フィールドアクション(Field Actions)」という見出しがあると聞いたのですが、そもそも、それが見つかりません。そのために、On User Inputなどのイベントが選べません。 画面の英語を日本語に訳しているためにわけわからん状態になっているのかも知れませんが、わかる方、いらっしゃいますか?

    • Problem with cloud query exceeded

      When making a call I get this error, It is associated with a function in node that calls external APIs This is the code //tokenConsultar = thisapp.ObtenerToken(); //input.token = tokenConsultar.get("output").toMap().get("token");

    • Showing Total of Funnel Chart Legend (With Values) Items

      Hi, We are using the funnel type chart for displaying our zCRM sales pipeline stages and associated sum of deals in each stage.  We have configured the legend to show the associated value (Deal Amount (Sum)) for each stage adjacent to the legend items (Stages). Is there a way to display the total of the values in the same chart?  For example, at the bottom of the legend or maybe as a #merge placeholder in the legend title?

    • How to Convert VCF Contacts to CSV using Excel

      Many users switch from traditional address books to digital formats like vCard and CSV. These formats allow users to easily manage their contacts. However, a difficulty comes when you need to transfer your contact information to another application or

    • Field authorization for Linking module in Zoho CRM portal

      Hi guys! Currently building a customer portal for one of my clients, and I ran into a bit of a roadblock while using a multi-select lookup field. The issue is that there is no way to hide or define access in the linking module created by this multi-select

    • Kaizen #63 - Layout Rules in Zoho CRM

      Hello and welcome to another week of Kaizen! This week, we will be discussing Layout Rules in Zoho CRM. If you need to modify the layout of a module based on user inputs, or to show or hide sections based on the value of a specific field, we have got

    • Zoho CRM Portals - allow access per account

      Hello all, I am trying to set up a portal for our customer but I seem to be hitting an obstacle and I am not sure if it is my problem or a limitation in the software. So basically the way I understand the portal Contact Email > Each Record or Related

    • Android - Writer não acentua em Português com teclado bluetooth

      Gosto muito do Zoho, tanto o Note quando o Writer. Infelizmente, o Writer sofre de um problema sério: ao usar um teclado bluetooth, forma mais cômoda de lidar com um processador de texto, os acentos (todos!) da Língua Portuguesa não são aceitos. Todos

    • Set File Upload fields as mandatory

      Currently the CRM for some reason lacks the ability to set a file upload field as mandatory So we have an issue We have a requirement that before a Deal stage is set as Deal is Won the member needs to upload a file Now for some weird reason in Zoho I

    • Editing HTML in Zoho CRM Email Template

      I am trying to create a template within the CRM email option, but need to be able to use custom HTML. There does not seem to be a way to do so.

    • Ability to CC on a mass email

      Ability to CC someone on a mass email.

    • How to make attachments mandatory

      I want the user to be unable to mark an opportunity as Closed – Won if it doesn’t have any attachments. I’ve already tried client scripts and functions, but nothing worked.

    • SLA Ticket Report

      From data to decisions: A deep dive into ticketing system reports Service level agreement (SLA) ticket reports in a help desk system are crucial for ensuring that services are delivered according to established commitments. They help maintain accountability

    • Zoho Backstage - PCI Compliance / Web Security

      I have a couple of questions related to Backstage and payment processing.... 1. my purchasing division is not giving approval to use Backstage yet because of some security issues. In order for us to take payments via a payment gateway like Authorize.net

    • Zoho Tables August 2025 Update: Faster and Smoother

      We’ve been working behind the scenes to make Zoho Tables faster, lighter, and more reliable. Here are the highlights: Faster Response Times Optimised the way responses are generated. Reduced memory consumption by 20–25%, leading to smoother performance

    • Video Upload from app says "unsupported aspect ratio" but is verified to be correct.

      I and my social media person are experiencing a problem where Social will not accept video uploads to Instagram. The error we receive is "unsupported aspect ratio" but looking directly at the file in question we see that the width and ratio both match

    • Disposable Email Addresses

      Dear zMail Team, Can you also bring out a few disposable email addresses for each accounts? That way occasional registrations and imminent spam from them can be largely solved right? ---- Deepak Vasudevan http://thamizhththendral.blogspot.com/

    • Zoho sheet - Zoho expense

      I want to schedule to create an expense using Zoho Sheet and flow. That is the EMI that I pay on a particular date to the bank and should be itemised, like principal and interest on the loan. Can someone help me in this regard??

    • Ability to configure a schedule/shift for each user and/or crew in Zoho FSM

      Hello, In our team of Field Agents, we have different shifts. Some field agent always work from 7:00 AM to 4:00 PM while others work the evening shift like 4:00 PM to 11:00 PM. Sometime shift are on weekdays only or on weekend. It would be great to be

    • Free webinar: Streamlining customer service paperwork with the Zoho Sign extension for Zoho Desk

      Hello Everyone! Have you been wondering about bridging the gap between digitised customer service and business paperwork? Join our free webinar to learn how you can do this by connecting Zoho Sign, our digital signature app, with Zoho Desk, our online

    • Zoho Books | Product updates | July 2025

      Hello users, We’ve rolled out new features and enhancements in Zoho Books. From plan-based trials to the option to mark PDF templates as inactive, explore the updates designed to enhance your bookkeeping experience. Introducing Plan Based Trials in Zoho

    • Mail Search should allow grouping by conversation like Gmail.

      Having switched from gmail I have found the search function hard to use. Mostly because mail is not grouped by conversation in search. If I search for a word when looking for a conversation had with someone then sometimes 10 emails will come up from the

    • Improve Zoho Learn updated article notifications

      I noticed today while updating an article, that the notification users get says "[User Name] has published article [Article Name]..." My feedback to the product team is that it would be really helpful for an end user, if the system notification differentiated

    • Safari Support

      Safari, the world's second largest browser, zoho desk does not officially or fully support. That needs to change.

    • Can I get images from an "Image Upload" field in a webhook?

      I want to send images from 2 "image upload" fields via a webhook. Is this possible?

    • Ticket closure notification - all contacts cc'd on email thread

      Hello, If a client sends an email to our service desk and cc's in other people that work at the same company - so that they are in the loop of the service request. When the we close the ticket, only the ticket owner (person who emailed us - which created

    • Inactive account cleanup policy for Zoho Sign

      Zoho Sign reserves the right to delete accounts that are license free and inactive for more than 120 days. The account deletion will be initiated only after the user receives prior email notice about possible data deletion and how to backup the data.

    • Missde API documentation for Sales Receipt

      Hi! I noticed that the Sales Receipt endpoint is not currently listed in your API documentation (https://www.zoho.com/books/api/v3/introduction/). Could you please provide any available temporary documentation for this endpoint, along with a detailed

    • Next Page