Kaizen #116 - Client Types in Zoho API Console

Kaizen #116 - Client Types in Zoho API Console

Hello everyone!
Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.

Available client types

  1. Server-based
  2. Client-based
  3. Self client
  4. Non-browser-based
  5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:
  1. Users visit your website where you have the Login with Zoho button.
  2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
  3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
  4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
  5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
  6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
  7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
  8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.


You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.


For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
  1. Your app redirects the user to Zoho Accounts.
  2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
  3. The user is shown the data that your webpage would use.
  4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
  5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
  6. Your app must then make API calls to Zoho with this access token to fetch data.
  7. When the access token expires, your app must take care of regeneration and storage.


As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.
  1. You register your app as self client in Zoho API Console.
  2. You will get the client details such as ID and secret.
  3. You provide the scopes required for your app to access CRM data.
  4. You will receive the grant token.
  5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
  6. Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
  1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
  2. Users install a dedicated Zoho ShowTime application on their smart TVs.
  3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
  4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
  5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
  6. When the user enters the user code, Zoho Accounts sends the access token to your app.
  7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.

Here is the protocol flow. For more details, refer to this doc.


5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.



Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.


Cheers!

    • Recent Topics

    • Request to Delete Mistakenly Created Zoho Desk Account – Access Blocked to Company Directory

      Dear Zoho Support Team, I hope this message finds you well. I am writing to request assistance regarding a Zoho Desk account I mistakenly created using my company email address. I created the account before being officially onboarded by my company, and

    • Introducing an AI-driven CAPTCHA for Help Center that offers improved accessibility and enhanced security | Zoho Desk | Product Update

      Captcha protects your help center from fraud and abuse without creating friction. What is a CAPTCHA? CAPTCHA is a test used in computing to verify that a user is human by requiring them to complete a challenge. It helps prevent bot attacks and reduce

    • Announcing new features in Trident for Windows (v.1.29.4.0)

      Hello Community! Trident for Windows just got better! It’s packed with new features designed to enhance communication, manage important information securely, and give you a smoother, more productive experience. Let’s dive into what’s new! Access Zoho

    • Exporting Ticket Threads/Comments and Attachments in Reports

      Hi, I would like to know is it possible for Ticket Comments and/or Attachments to be displayed in Reports?

    • Product management across integrated apps

      Hi everyone, I’m setting up my business for selling products and integrating CRM, Inventory/Books, Ecommerce, and other apps. Where should I load products for the first time so they reflect across all apps? And for updating prices or adding new products—where

    • Calculate Number of Days Between Two Dates

      Can someone help me with how to create a field using the formula function to calculate the number of dates between a campaign start date and end date? The closest I have gotten is using the "Datecomp" function but it gives you the dates in minutes, rather

    • Zoho Writer Docx files not able to be converted into Google Docs

      Since July 23rd, I've encountered an issue where DOCX files exported from Zoho Writer no longer convert properly into Google Docs when uploaded to Google Drive. My workflow relies on generating merged DOCX documents from Zoho Forms using Zoho Writer templates,

    • Schedule Campaign - Recipients Time Zone

      Something seems to be wrong with the scheduling feature for scheduling campaigns to be deployed at a specific time to the recipients time zone. I scheduled campaigns twice to be sent at the recipients time zone and the campaigns are deploying at the wrong time. When communicating with Zoho support they said to make sure it was scheduled at least 24 hours in advance so we did this with our last campaign and it was still deployed at the wrong time. Anyone else having this issue?

    • Zoho Vault App for Windows

      Hello, is there a Windows app that can be used to access the passwords saved in Zoho Vault? Thank you

    • Zoho Cursor Jumping

      Hi, Zoho Support, We received the below email for a bug when using Zoho on Firefox. Please let us know if there is anything that can be done to solve this issue. Have any other Zoho Mail users reported issues the past few days with Zoho auto-saving drafts

    • tomorrow option within the due date section and drag and drop into calendar

      Firstly, thank you for creating such a well-designed and user-friendly to-do list app. It’s almost perfect for my needs, but I wanted to offer a couple of suggestions that I believe could significantly enhance its usability, particularly for those who

    • low quality videos

      when in puplish videos or reel in social media platforms it pulished in low quality

    • Using Zoho Forms vs Zoho Survey

      Hello - I'm looking for advice on whether to use Zoho Survey or Zoho Forms for our small non-profit. We have a Zoho One subscription, so have access to both. The main use case at the moment is application forms for our professional development programs.

    • Kaizen #200 - Answering Your Questions | Authentication using Zoho CRM Python SDK

      We’re incredibly excited to bring you the 200th post in our Kaizen series! This journey has been as much about listening as it has been about sharing. And today, we’re making both count. Over the past few weeks, we’ve collected your feedback through the

    • Zoho CRM sync

      Just wondering if the plan is for the Zoho CRM implementation to always be just an import and not a sync? At the very least, a one-way sync that kept the data in Tables up-to-date would increase the amount of usecases, but ideally the option to two-way

    • Add serial number in print page list

      How can i add serial number in print page for every entries?

    • Trying to Delete records from Creator not found in CRM

      Hi, In the following script, I am trying to delete records from Creator not found in CRM, but I am getting the error message "Error at line number: 55 Improper Statement Error might be due to missing ';' at end of the line or incomplete expression". Please

    • Can't login to Zoho mail

      I'm logged into Zoho but when I try to go in zoho mail I get: Invalid request! The input passed is invalid or the URL is invoked without valid parameters. Please check your input and try again. I just set up my mx records and stuff with namecheap a few

    • REST API for Branch and Budget

      Hi Team, Can you please guide me with the appropriate rest API documentation for fetching Branch and Budget details?

    • STOP FRAUDULENT TRANSACTION IMMEDIATELY

      I DID NOT AUTHORIZE THIS TRANSACTION OR RENEWAL, STOP IMMEDIATELY CHARGING MY CARD I CAN NOT CONTACT SUPPORT, NO ONE IS AVAILABLE ON CHAT PAYMENT ID RPCW2003260759193

    • Best way to handle a credit card download fiasco

      Hi there, hoping that someone knowledgable with book keeping can give me the answer here. One of my credit cards has been integrated with Zoho books and we have been downloading transactions with no issue. The credit card got compromised and was used

    • When Opening Zoho Mail I always get a Tab with an error (See attached image)

      Everytime I open Zoho mail I get this. It is trying to open a deleted email. I already tried going to Settings > While Starting up Changed that option back and forth but this persists. Its annoying. Other than that I love this. Any help would be appreciated.

    • Pre-Registration - Suggestion

      Suggest to add a Pre-Registration feature for non-scheduled events. Scenario is that we have a training academy and would like to collect pre-registrants prior to an actual scheduled event so we can use this as a basis for demand management and scheduling of new events for those expressing interest.

    • Not all messages showing in folders in iOS mail.app

      I have a bunch of emails filed in various folders. Those folders are showing all of the emails in them on Zoho.com and in the Zoho Mail app on my iPhone and my iPad. They also all show up fine in Mail.app on my Mac. The problem is that certain (not all)

    • Where do the 'Archived' mails go?

      I have hit 'Archive' on quite some mails I still needed, but didn't want in my inbox anymore. I obviously thought 'Archive' is not the same as 'Delete', since they don't even pass the trash folder this way, and right now I was looking for one of those

    • Signature image size changing on replied emails

      Hi, Sometimes I see the size of the image I use as signature changes when I open replied emails. Do you know why is this happening? It doesn't seem to happen when I send emails to Gmail though. Signature should look like in attachment "Signature_normal.jpg"

    • Não consigo enviar emails. "Razão:533"

      Não consigo enviar emails. "Razão: 533 Relaying disallowed. Invalid Domain" aparece e me impede de enviar emails... Como resolver o problema?

    • Error when setting up IMAP access in Gmail

      Hi I set up POP3 access via Gmail for my Zoho-hosted domain email. I just tried to change it to IMAP access, however when inputting the settings I received the following error message from Gmail "Missing +OK response upon connecting to the server: * OK

    • Zoholics Europe 2025: Unlocking the Power of Zoho CRM : A Hands-On Workshop

      Why should you attend? At Zoholics Europe 2025, Zoho’s official user conference, you’ll have the opportunity to connect directly with experts and explore powerful tools that help businesses elevate customer experiences. Be sure to attend one of the most

    • "Wrong password or login" Problem to configure Zoho on MAIL App on my Macbook

      Hi, I'm having problems to configure my e-mail on my MAIL App(Macbook pro). My e-mail is hari@trespontoum.net Actually was working perfectly, and still working on my Iphone. My MAIL App prompt me that my login or password is wrong. I tried to change 3

    • How do I delte a mailbox alias

      Hi everyome, I have created a mailbox alias on one of my accounts, but I can't figure out how to delete it again. When I go into the control panel on my super-admin account and click on user details and the settings for the user, I can see the mailbox

    • Allowing vendors to Upload Purchase Invoices against Purchase Order

      Work Flow: Once Project is executed, We send Purchase order to every Vendors asking them to Share the invoice against the same. Most of the time Vendors Send invoices through Mails but our Finance Team miss to book those Purchase Invoices in Zoho Books.

    • Deluge - forward incoming email with original attachments and content but new subject

      I'm working in ZohoMail with a 10GB paid account. Using a filter and a custom function, I can send a new mail with the original email content and a new subject, but I'm struggling to find how to attach the original attachment to a new mail - or even to

    • Error: "The conversation window has expired." on WhatsApp

      Hello, I would like to know why this error appears in the messages within WhatsApp from the CRM: "The conversation window has expired." The question arises because a potential client sent us a message at 11:00 PM and we are responding the next day at

    • How to Sync Desk KB and Sales IQ KB?

      Hi, we have just started to use Desk and are using the SalesIQ Chat. Ideally I'd like to use the 'FAQ' feature on chat (which uses SalesIQ KB) and also allow our customers to use the self-service KB that comes with Desk. Unfortunately they are two different

    • Need help! Unable to send message; Reason: 554 5.1.8 Email Outgoing Blocked.

      Hi Zoho team My account name is senpai.atelier, it’s been few days I can’t send Emails with the same error messages. I’ve raised the issue to support@zohomail.com that doesn’t respond to my query. I wonder if you may help troubleshooting soon.

    • Zoho arrives to Spam on all Microsoft Accounts (Outlook, Hotmail, Microsoft 365)

      I believe this is a very serious issue. All my email accounts in Zoho arrives straight to SPAM. Thing is, a lot of clients rely on email arriving to Inbox, specially on Microsoft Accounts since it is used a lot both for business and personal email sending.

    • Registeration

      I just added the TXT code. What next?

    • Cannot receive password protected zip files

      Hello, I cannot received a password protected attachments. Also all my members in the same domain has the same problems. Can you please help me? Best regrads

    • ERROR 554 5.1.8 Sender Address Blocked code(554)

      We have an email with Zoho ( comercial@bruiser.com.br), but, when we try associate the account in GMAIL, the server shows this message:  554 5.1.8 Sender Address Blocked code(554) I see this error appear when the limits of returns exceded 10 messages,

    • Next Page