Kaizen #116 - Client Types in Zoho API Console

Hello everyone!

Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.

Let us discuss the available client types and how authorization is handled for each.

Available client types

1. Server-based
   
2. Client-based
   
3. Self client
   
4. Non-browser-based
   
5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.

This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.

In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.

During the registration process in Zoho API Console, you would choose the "Web-based" client type.

OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:

1. Users visit your website where you have the Login with Zoho button.
   
2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
   
3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
   
4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
   
5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
   
6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
   
7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
   
8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
   

Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.

You can use any of our server-side SDKs to simplify this process.

When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.

Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.

For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.

This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.

This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.

Here is a gist of what happens when a user clicks it.

1. Your app redirects the user to Zoho Accounts.
   
2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
   
3. The user is shown the data that your webpage would use.
   
4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
   
5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
   
6. Your app must then make API calls to Zoho with this access token to fetch data.
   
7. When the access token expires, your app must take care of regeneration and storage.
   

As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.

When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.

Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.

1. You register your app as self client in Zoho API Console.
   
2. You will get the client details such as ID and secret.
   
3. You provide the scopes required for your app to access CRM data.
   
4. You will receive the grant token.
   
5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
   
6. Your app can then use this access token to make API calls to Zoho CRM and use data.
   

You can refer to our older Kaizen post on this topic for more details.

Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.

Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.

Here is how authentication is handled:

1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
   
2. Users install a dedicated Zoho ShowTime application on their smart TVs.
   
3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
   
4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
   
5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
   
6. When the user enters the user code, Zoho Accounts sends the access token to your app.
   
7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
   

Here is the protocol flow. For more details, refer to this doc.

5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.

Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.

If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.

Cheers!

• Topic Participants

• Shylaja S

  

• Piyush Dwivedi

• Ishwarya SG

  

• Onur Gulay - Smile Center Turkey®

  

• Sunderjan Siddharth

  

• Sticky Posts

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

  Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

• Kaizen #197: Frequently Asked Questions on GraphQL APIs

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Kaizen #198: Using Client Script for Custom Validation in Blueprint

  Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Celebrating 200 posts of Kaizen! Share your ideas for the milestone post

  Hello Developers, We launched the Kaizen series in 2019 to share helpful content to support your Zoho CRM development journey. Staying true to its spirit—Kaizen Series: Continuous Improvement for Developer Experience—we've shared everything from FAQs

• Recent Topics

• "Replace" an existing version of CRM

  Hi all, I have a question, I saw an article about this once, but I now cannot find it. I am working with a client who has had their CRM in Zoho One built and extensively modified. But it is non-functional now, and rather than try and unpick the system,

• Data Import From a private PostgreSQL RDS Instance

  Hello All, I feel like the problem I am experiencing has been seen before; however, I am having a difficult time finding any solutions. Hoping the community has some insights. I am trying to import data from a PostgreSQL RDS instance that is behind an

• Assistance Required: Authentication Error When Sending Credit Application Form

  Hi, I'm encountering an error message that states: "Authentication unsuccessful – the user credentials were incorrect." This occurs when I attempt to send the credit application form to our customers. I've attached the form I’m trying to send for your

• Missing Fields in Lead Conversion Mapping

  I’ve been using Zoho CRM since 2013 to manage leads and convert them into contacts and jobs. When I convert a lead to a customer, I create a new contact and a job. Previously, this process automatically transferred key information from the lead to the

• Allow selection of select inactive users in User data fields

  Hello, We sometimes need to select a previous employee that has an inactive account in the User data field. For example, when doing database cleanup and indicating actions are done by a certain employee that weren't filled out when they were part of the

• Connection to Zoho One

  My org has a Zoho One account, which includes Zoho Social. We are wanting to try linkthread. However, I want to make sure it is set up properly from an account perspective, as I have accidentally created Zoho accounts separate from Zoho One when I didn't

• Ticket Automatically Created from Closed Chat

  Is there a way to prevent a ticket being create for every chat.... or at the very least have it automatically closed.

• IMPORT INVOICES CSV

  Hi, Impossible to import invoices in Zoho books with a csv file. I have also tried with the template. My topic keeps getting closed but I did not get any answer Is there an issue with this fonctionnality ?

• Related Lists in Email Templates

  Hi Zoho team, I would love to see a feature where related list information can easily be added to an email template (instead of mail merge). I have a client who books flights for their customers. They do this through a Flights module so all booked flights

• Outlook plugin funktioniert nicht.

  DAs Outlook Plugin funktioniert nicht mehr. Ich werde aufgefordert, mich mit der App "OneAuth" anzumelden Intelligente Anmeldung per OneAuth funktioniert nicht zufreidenstellend. Nach erfolgreicher Anmeldungung mittels QR Code lande ich wieder beim QR

• iOS App Version 3.0 - Customer list gone?

  Not sure when this changed, but I seem to have been updated to 3.0 for the phone app (on iOS). I'm pretty sure that I used to have a Customers button that allowed me, for example, to see what appointments a customer has. Has this disappeared or am I just

• Zoho Signature, "For Demo Purpose Only Powered by Zoho Sign"

  How to disable this text on the documents for signature. "For Demo Purpose Only Powered by Zoho Sign"

• Add Resource variable to notification email customisation for Event Type

  The notification email customisation feature for Event Type does not include a variable for the Resource field. Without this field, Zoho Bookings cannot be used by any business for resource-based services or event types e.g. room bookings, equipment bookings.

• Can't find add role button, is iet st because I have the free subscription

  Trying to add my accountant in Zoho Books if I press the add accountant button, I get stuck as it says no such role exists, and won't let me continue, I can't find the add roles button, so I am stuck. Is it because I have the free subscription? Also can't

• Calendar view all appointments in workspace

  In the Calendar page, add the ability to view all appointments in the Workspace. The Manage Calendars filter requires me to select at least one user or resource, and it only lets me select up to five of them. There's no filter option to view the entire

• Tip #13: Identify where your bookings come from with Source Tracking

  Source tracking is the practice of identifying where your bookings originated. This is important, because online bookings come from a wide variety of sources like social media platforms, your website, email and ad campaigns, partner websites, organic

• Unable to Add Notes

  I've had a user report that they are unable to add notes to account records. I attempted and found the same issue. There is no option to save the note.

• Workflow Rule Alert Not Working

  I have a workflow rule set (that I've been using for years) that suddenly stopped working. Module - Leads Execute on - Create Alerts - Email Active - Yes When I create my lead I no longer receive my email notification. 

• Unify Overlapping Functionalities Across Zoho Products

  Hi Zoho One Team, We would like to raise a concern about the current overlap of core functionalities across various Zoho applications. While Zoho offers a rich suite of tools, many applications include similar or identical features—such as shift management,

• Can zoho sign collect data feeding Zoho Sign?

  I m sending contracts to client who are not in my zoho CRM database yet. Can the data they enter in Zoho sign contract I send them, (that includes...) official company name address first name second name etc, ...Create or update a contact / account

• IMAP ACCOUNT ACCESS PROBLEM

  Hi! I moved from Gmail some time ago to ZOHO. It works fine and it worked till yesterday. I found out that on my MAC OSX mail client I can not receive emails from ZOHO using IMAP. Gmail is set to IMAP and works OK. My company email account uses POP and works good as well. Is there anybody else who has such problem or this might be something with my email client...? I didi check for the settings but everything is as it was from the beginning. Honestly, I didn't change anything recently. It just stopped.

• Modified approved time log

  I can’t seem to find a way to make change to approve time log entry. The case is the following. We pay the employees every 2 weeks, so employe A enter is time for the 2 weeks and then submit his timesheet. Now is superior approve the time he worked via

• I want to Show the product list based on the drop Down

  in quotation app , amc form form i have Department drop down field and in subform i have loop up field item description taken from the anothe app PRO I want to show the product list look up based on the deparment selected example if they selected deparment

• Inventory Barcode Creation - Add Picture of Item

  Hi I am trying to set up bar code labels and include a picture of the item on the label - any idea on how to add that field to the barcode generator?

• Shared Snippets Everyone

  Hi, Now that the Shared Snippets have been released and I think will be the most used feature implemented in 2023 :) Creating and Using Snippets in Ticket Responses - Online Help | Zoho Desk Maintain consistency in ticket responses with shared snippets

• Topics assigned to Contacts in Campaigns

  I have yet to find an efficient way to assign topics to contacts in campaigns with the new system in place.  We have daily contacts added to our system through various forms and we have to manually go in and add topics to contacts before each email campaign

• Zoho CRM email formatting issues

  I have been having a hard time with formatting email templates. It feels like Zoho email is "fighting my edits." It refuses to change size, font, etc. Sometimes, the template looks great, then when the email gets sent, it looks completely different- some

• Weekly Tips : Seamlessly collaborate with Share Drafts in Zoho Mail

  Ever found yourself stuck wondering how to get input on an important email draft without actually sending it? Maybe you want a teammate’s feedback or approval from your manager—without exposing sensitive info. Or perhaps you are working across different

• How to Share a workdrive folder outside organization ?

  Hi, Earlier we were using Google Suite and were able to share the google drive folders with external organization ( Auditors , marketing collaterals ) as most of them had a personal gmail account they were able to access it without any issue. How can

• Zoho CRM Account Duplication via Credit Application Form

  Hi, We send a credit application link to our customers via email, which is managed through Zoho Campaigns. When a customer submits the form, it automatically creates a new account in Zoho CRM. We would like to know how to stop this from creating duplicate

• Flexible Milestone Invoicing

  If your Zoho Projects portal is integrated with Zoho Invoice/Books, you can now create an invoice for your milestones. You can enable it under Integration Preference and invoice milestones regardless of the project's billing type. For instance, consider

• The get records i am getting produts that show in the show in the sub form item list field

  The get records i am getting produts that show in the show in the sub form item list field if(input.Department != null) { // Get filtered records once creator_ptid = zoho.creator.getRecords("harshadgroup","item-master","All_Products","Department == \""

• Add Zoho Form Submission as Attachment to Zoho CRM Deal using Zoho Deal ID

  Hi Zoho team, I have a Zoho Form in which one of the fields will be hidden but will be defaulted with the Zoho Deal ID. Once the form is submitted, I want to reattach the submitted form (and another uploaded file field) into Zoho CRM Deals record. The crazy part is that Deal Name and Stage are the only two fields available for mapping. I have the actual Deal ID. Why can't I just use that. Can you please fix it so that I can properly attach the submission using Zoho Deal ID instead of name/stage (which

• Payment link showing as malicious

  We've had a few customers who have been unable to pay invoices as the payment link (the domain is zohosecurepay.eu) is showing as a malicious website in their browser. Could anyone help with this please?

• Side bar menu

  It would be great if you could stop the auto collapse of expanded menus when selecting a different module. It would save a lot of mouse clicks for a lot of users that frequently switch between sales & purchases as we do, it's easier to collapse them manually when not required !

• Add Microsoft Entra ID to Zoho One

  Hi! Have anyone tried the Zoho connection to Microsoft Entra ID (https://help.zoho.com/portal/en/kb/one/admin-guide/directory-stores/articles/add-microsoft-azure-to-zoho-one?action=kbArticleFollow&actionId=4014605732522 ) This is a big operation and you

• Multiple Respondents for One Survey Submission?

  Does anyone know of a way to allow multiple respondents to complete only one  survey and then also see (while completing the survey) the responses for their fellow colleagues who already answered that question? The situation is that our new customers have within their own organization, multiple employees that will need to assist in the one survey response. Since we don't always know which new respondent is the "who" that will have the answer, we need multiple respondents to be able to view the response

• Can you remove the title from the forms?

  I am placing the iframes for my forms on my website.  Is it possible to remove or hide the title of the form so that it doesn't show up on the website? Is it possible to place text in the form like "clicking submit will take you to paypal." thanks

• Lost the ability to sort by ticket owner

  Hi all, in the last week or so, we have lost the ability to sort tickets by Ticket Owner. Unlike the other columns which we can hover over and click on to sort, Ticket Owner is no longer clickable. Is it just us, or are other customers seeing this too?

• Mask Name Field in Report

  Is it possible to have the Name field as "Last Name, First Name" in a scheduled report.

• Next Page