Kaizen #116 - Client Types in Zoho API Console

Hello everyone!

Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.

Let us discuss the available client types and how authorization is handled for each.

Available client types

1. Server-based
   
2. Client-based
   
3. Self client
   
4. Non-browser-based
   
5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.

This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.

In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.

During the registration process in Zoho API Console, you would choose the "Web-based" client type.

OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:

1. Users visit your website where you have the Login with Zoho button.
   
2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
   
3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
   
4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
   
5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
   
6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
   
7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
   
8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
   

Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.

You can use any of our server-side SDKs to simplify this process.

When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.

Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.

For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.

This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.

This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.

Here is a gist of what happens when a user clicks it.

1. Your app redirects the user to Zoho Accounts.
   
2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
   
3. The user is shown the data that your webpage would use.
   
4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
   
5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
   
6. Your app must then make API calls to Zoho with this access token to fetch data.
   
7. When the access token expires, your app must take care of regeneration and storage.
   

As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.

When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.

Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.

1. You register your app as self client in Zoho API Console.
   
2. You will get the client details such as ID and secret.
   
3. You provide the scopes required for your app to access CRM data.
   
4. You will receive the grant token.
   
5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
   
6. Your app can then use this access token to make API calls to Zoho CRM and use data.
   

You can refer to our older Kaizen post on this topic for more details.

Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.

Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.

Here is how authentication is handled:

1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
   
2. Users install a dedicated Zoho ShowTime application on their smart TVs.
   
3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
   
4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
   
5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
   
6. When the user enters the user code, Zoho Accounts sends the access token to your app.
   
7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
   

Here is the protocol flow. For more details, refer to this doc.

5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.

Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.

If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.

Cheers!

• Topic Participants

• Shylaja S

  

• Piyush Dwivedi

• Ishwarya SG

  

• Onur Gulay - Smile Center Turkey®

  

• Sunderjan Siddharth

  

• Sticky Posts

• Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

  Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #197: Frequently Asked Questions on GraphQL APIs

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Kaizen #198: Using Client Script for Custom Validation in Blueprint

  Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Celebrating 200 posts of Kaizen! Share your ideas for the milestone post

  Hello Developers, We launched the Kaizen series in 2019 to share helpful content to support your Zoho CRM development journey. Staying true to its spirit—Kaizen Series: Continuous Improvement for Developer Experience—we've shared everything from FAQs

• Recent Topics

• Zoho People > Leave Management > Unable to import balance leave

  Hello Zoho I am unable to import balance leave into the system I have follow the steps It show only 5 fields - the date field i am unable to select from date and to date Error Date in excelsheet

• Narrative 4: Exploring the support channels

  Behind the scenes of a successful ticketing system - BTS Series Narrative 4 - Exploring the support channels Support channels in a ticketing system refer to the various communication methods that customers use to contact a business for assistance. These

• Tip of the Week #65– Share email drafts with your team for quick feedback.

  Whether you're replying to a tricky customer question or sharing a campaign update, finding the right words—and the right tone—can be tough. You just wish your teammates could take a quick look and give their suggestions before you send it. Sometimes,

• How to Initiate WhatsApp Message on SalesIQ?

  I've just activated a Business WhatsApp phone number through SalesIQ because of its touted omnichannel chat approach. Sounds exciting. I understand that when a customer sends me a WA message, I can reply to it on SalesIQ and keep the chat going, perfect.

• Episode IV:Handling User Inputs in custom functions

  Hi Everyone, We've been exploring custom functions which help in performing advanced automation tasks. Custom functions enable you to achieve possibilities based on your organization's requirements. Custom functions require user inputs that allow the

• Set a lead as non-marketing if they opt out of email marketing

  I'm gathering Lead data via an enquiry form and wish to give them the option to opt out of marketing emails (which we send from Marketing Automation) whilst retaining the ability to send them non-marketing emails - so the email opt-out field doesn't work.

• Set up multiple IMAP email addresses

  Hi, I just started using CRM and its great, but I just found out I can only add one imap email address for incoming mail in the included salesinbox ...this is ridiculous. All companies have different email such as sales@domain, info@domain , personal@domain

• Zoho Recruit to Zoho People integration

  In the mapping of field from Zoho Recruit to Zoho People i am unable to map all fields What can i do

• Zoho Recruit > Career Site > Customisation

  Hi All I have created multiple career site to represent my different organization In my Quanta Media career site > I set it with the with Quanta Malta view In my job opening : Quanta Malta view 2 job opening In my URL for quanta media https://lri.zohorecruit.eu/jobs/Quanta-Malta

• Formatting Blueprint Stages (buttons)

  Is there a way to format Blueprint transition buttons in Creator like background colour, text colour etc.

• Disable Default Value in Multi-Select field

  Hello, Is there a way to disable the default value feature when setting up a custom Multi-Select field? When creating tickets I would like it so there isn't a value pre-selected in the multi-select custom field that was created.

• How to set custom business hours for different teams in Zoho Desk?

  Hi Zoho Team and Community, I’m trying to set different business hours for multiple departments in Zoho Desk. For example, our tech support team works 24/7, while our billing team is only available from 9 AM to 5 PM (Mon–Fri). Is there a way to assign

• Zia Auto Tag Keyword Clusters

  Is there a way to remove a keyword from a keyword cluster? We're finding that Zia auto-tag is tagging things incorrectly based on some words that don't really make sense.

• Centralized Domain Verification in Zoho CRM Plus

  Hi Team, I have a suggestion regarding Zoho CRM Plus. It's quite frustrating to verify the same domain separately for each application within the suite. It would be really helpful if you could introduce a centralized admin console—similar to what's available

• HOw do I make a refund?

  I have a client that needs a refund. I see a refund history in the Report area... but where do I go to make a refund?

• Creating a work order for dispatch

  We currently uses ZOHO for CRM and Intuit Field Service for creating Work orders and dispatching. This is causing double entry and is not efficient use of time.  I would like to use ZOHO for all customer related activities so can you tell me if you can :  Create a work order that we could manipulate to meet our needs.  Also if you could then dispatch that would be ideal. Thank you

• "code": "500","description": "Account not exists", mail api

  I have been through all the steps and have a functioning Oath access_token etc etc... I then GET https://mail.zoho.com/api/organization And get my zoid then GET http://mail.zoho.com/api/organization/<hidden>/accounts and get the account details, which

• Residual Formatting in Text Boxes After Undoing Pasting of Formatted Text

  Hi, guys! I have another problem to report. Actually, I have been aware of this for many months, possibly years, but I have been too lazy to report it to you. My apologies! Let's say you've pasted a formatted string into a text box. You change your mind

• Feature Request: Stripe Terminal Integration

  I would like to request the addition of Stripe Terminal integration to Zoho Books, which will help process in-person payments. While Zoho Books already supports online payments through Stripe, extending this functionality to include Stripe Terminal would

• Improved Security in SAML/OIDC Sign-in Redirection Flow

  To enhance the security of our authentication system, we’ve made a change to how SAML and OIDC sign-in redirections are handled. This update resolves a potential open redirection vulnerability and adds an extra layer of protection during the sign-in process.

• GA4 data

  Hi, I have data being pulled from GA4 into numerous tables. There are a few major errors in the source data. Eg for a period of time GA4 reported ecommerce sales that were $98 as $9,800 and $42 as $4,200. It's not happening now but my historical data

• Ask the Experts: Five-hour live Q&A session with Zoho WorkDrive product experts

  Have questions about WorkDrive 5.0? Let’s talk! We recently launched Zoho WorkDrive 5.0, packed with powerful updates to help your team work smarter, stay secure, and get more value from your business content. From content-centric workflows and AI-powered

• Allow the usage of Multi-Select fields as the primary field on "Layout Rules"

  We want to force our users to enter some explanation strings when a multi-select field has been utilized. I can't understand the reason for the usage restriction of Multi-Select fields as a primary field. This is a simple "Display hidden mandatory field

• Lost Search Box with new UI Design

  I would like to suggest bringing back the Search Box in the new Zoho Project UI.  I use the search feature a lot and having to click the magnifying glass to type for a search is one extra click that we did not have with the old UI.

• Adaptación de zoho books a la nueva regulación de facturación electrónica

  La facturación electrónica será obligatoria para todas las empresa en España en 2025, en Francia probablemente también e imagino pronto en todos los países europeos. Ya en 2024 todas las empresa grandes tienen que utilizar el sistema de facturación electrónica.

• ZOHOBOOK Sales_QUOTE: To Add Discount At Each Line Item Table

  Hi, Our quote need to display with discount at each line item level as well. Try to edit template, >CUSTOMISE>EDIT TEMPLATE> Table, I can see template view with discount column, but when hit SAVE the template, view in PDF the discount column not shown.

• How to account for vat with postponed VAT accounting

  Hi everyone, looking for some help with postponed VAT accounting, I use DHL express for my imports and they used to pay the VAT for me and then invoice me. I could then log this as a bill and the VAT element from import was recorded as input VAT, all

• Weekly Automation Trigger for Equipment Calibration Reminder

  Dear Team, I’m currently working on an automation in the Equipment module. The goal is to track calibration schedules for tools — all of which require regular calibration. I’ve created an automation that sends email reminders for tools that are due for

• ADDDATE formula using 2 calculations

  Hello, I want to create an ADDDATE formula using 2 calculations, add 1 month and deduct 1 day. the formula that I need should look like this: ADDDATE(due_date, 1, "Months")+ ADDDATE(due_date, -1, "Days") Each row itself works fine, but when I'm trying

• Upgrading from Zoho Invoice to Books was a major downgrade in functionality for me

  I have been a user for many years of a free plan on Zoho Invoice for my personal consulting business. I recent upgraded my organization to Books since some of the additional functionality looked useful to me, and played around with the free trial for

• 🎉 Dynamic Org Chart for Zoho CRM Extension Published [2025]

  Hey Zoho CRM Community! We're thrilled to unveil our latest Zoho extension:🥁 Dynamic Org Chart for Zoho CRM 🎊 This extension is now available to transform the way your teams visualize, manage, and interact with org chart directly inside any Zoho CRM's

• Detailed General Ledger has problem of exporting out to excel and missing ledger details for some accounts

  I have been encountering some problems generating Detailed General Ledger report with Zoho books. Firstly, I cannot export out the report of Detailed General Ledger to Excel. It will show this error message "invalid value passed for sort column", and

• Upload a file to a File Upload Field through API

  Hello, Is there any way to upload a file to a custom file upload field in a module when doing an Update using the Record API? I've found and I am able to upload files to attachments but I don't know how to upload them to a field. I've checked the documentation at  https://www.zoho.com/crm/help/api/v2/#update-specify-records but the File Upload field type does not appear in the examples. Thanks

• Kaizen #131 - Bulk Write for parent-child records using Scala SDK

  Hello and welcome back to this week's Kaizen! Last week, we discussed how to configure and initialize the Zoho CRM Scala SDK. This week, we will be exploring the Bulk Write API and its capabilities. Specifically, we will focus on executing bulk write

• Automatic pricing feature for sales orders

  I am currently setting up my Zoho Inventory system and would like to implement an automatic pricing feature for sales orders. We have created a custom field called "brandline" for our items. All products with the same brandline value should have the same

• Ability to access VAT returns and submit them has disappeared.

  I have been using Zoho books successfully to submit quarterly VAT returns. Without reason I have lost that facility. I have followed all available instructions eg going into settings, taxes, VAT etc. without success. My registration number is there and

• How to automatically schedule a meeting After Blueprint Transition

  As part of our sales process, we require a technician to go to the customer's site and perform an installation prior to advancing to the next stage of the blueprint.  So this will require (a) scheduling a meeting for the technician to visit the customer's site and (b) a reminder phone call the day before the scheduled meeting. As I'm designing the Deal Blueprint, I see that I can automatically add a Task to the deal, but I can't add a Meeting or a Call. What am I missing?  There seem to be 3 types

• Zoho Recruit > Workflow

  I have created a workflow for my application module Whenever a record is created The condition , application status is 1st call invitation I have set this OI do not receive the email that was suppose to be send out

• [Webinar] Zoho Writer for SCM and logistics

  Creating, sharing, and distributing complex documents are constant challenges in the SCM and logistics industry. That's why our next webinar is focused on how to simplify these document workflows. Join us on Jul 10, 2025 for a Zoho Writer webinar designed

• Multiple locations but one parent company

  I am trying to configure my accounts that have multiple locations under one parent company to show separate locations in the portal.   

• Next Page