Kaizen #116 - Client Types in Zoho API Console

Hello everyone!

Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.

Let us discuss the available client types and how authorization is handled for each.

Available client types

1. Server-based
   
2. Client-based
   
3. Self client
   
4. Non-browser-based
   
5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.

This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.

In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.

During the registration process in Zoho API Console, you would choose the "Web-based" client type.

OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:

1. Users visit your website where you have the Login with Zoho button.
   
2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
   
3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
   
4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
   
5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
   
6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
   
7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
   
8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
   

Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.

You can use any of our server-side SDKs to simplify this process.

When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.

Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.

For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.

This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.

This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.

Here is a gist of what happens when a user clicks it.

1. Your app redirects the user to Zoho Accounts.
   
2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
   
3. The user is shown the data that your webpage would use.
   
4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
   
5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
   
6. Your app must then make API calls to Zoho with this access token to fetch data.
   
7. When the access token expires, your app must take care of regeneration and storage.
   

As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.

When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.

Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.

1. You register your app as self client in Zoho API Console.
   
2. You will get the client details such as ID and secret.
   
3. You provide the scopes required for your app to access CRM data.
   
4. You will receive the grant token.
   
5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
   
6. Your app can then use this access token to make API calls to Zoho CRM and use data.
   

You can refer to our older Kaizen post on this topic for more details.

Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.

Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.

Here is how authentication is handled:

1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
   
2. Users install a dedicated Zoho ShowTime application on their smart TVs.
   
3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
   
4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
   
5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
   
6. When the user enters the user code, Zoho Accounts sends the access token to your app.
   
7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
   

Here is the protocol flow. For more details, refer to this doc.

5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.

Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.

If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.

Cheers!

• Topic Participants

• Shylaja S

  

• Piyush Dwivedi

• Ishwarya SG

  

• Onur Gulay - Smile Center Turkey®

  

• Sunderjan Siddharth

  

• Sticky Posts

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

  Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

• Kaizen #197: Frequently Asked Questions on GraphQL APIs

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Kaizen #198: Using Client Script for Custom Validation in Blueprint

  Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Celebrating 200 posts of Kaizen! Share your ideas for the milestone post

  Hello Developers, We launched the Kaizen series in 2019 to share helpful content to support your Zoho CRM development journey. Staying true to its spirit—Kaizen Series: Continuous Improvement for Developer Experience—we've shared everything from FAQs

• Recent Topics

• Introduce an option to hide the form title

  My feature request is to include an option to hide the form title. At the moment it is possible to hide the header. In some cases I do want to show a logo image in the header but not the form title. As a workaround I have tried disabling the header and

• 関連トピックから配信リストをつくる

  ZOHOキャンペーンの既存の連絡先リストを関連トピックで絞り込んで、配信リストを作成する方法があれば、教えてください。

• Zoho Mail not working

  Anyone else had the issue where emails wont send from either the desktop CRM or the mail app? It just says "syncing" then "failed". I deleted it and tried to access emails through the CRM on my phone (fold) but they dont show. It seems it is impossible

• Shorten one URL but not all

  I have read that I should be able to click on the shorten link button at the bottom of the post window and shorten just one URL. But it does all of the URLs in my post. I want only one shortened. Not sure what I'm missing. Any help appreciated.

• What is Zoho Marketing Plus?

  As if there wasn't enough confusion with SalesIQ, CRM, Campaigns and Marketing Automation, now we have Marketing Plus too. Can somebody from Zoho please give us a comparative list of features that are in Marketing Plus compared to what's in Marketing

• I didn't receive my domain verification mail

  I didn't receive my domain verification mail 

• Creating a new deal with specific layout and pipeline

  I am trying to create a button which creates a new deal for a particular account. It needs to be assigned a specific layout and pipeline. It seems like it should be really simple but I've been struggling to get this to work all day, can anyone help?!

• Announcing New Features in Trident for macOS (v.1.21.0)

  Hello everyone! Trident for macOS is here with interesting features to elevate your workplace communication and productivity. Let's take a quick look at them. Get better visibility for concurrent events. Quickly compare and manage simultaneous events

• Modifying Product Details

  I am in the process of setting up new products in Zoho Commerce and have encountered a few problems: 1) Tabs It seems that Product Details pages do not have the ability to create Tabs. eg:  https://www.thedebugstore.com/tp240141-aardvark-usb-i2c-spi-host-adapter-total-phase.html

• Zoho Commerce B2B

  Hello, I have signed up for a Zoho Commerce B2B product demo but it's not clear to me how the B2B experience would look for my customers, in a couple of ways. 1) Some of my customers are on terms and some pay upfront with credit card. How do I hide/show

• Creating a custom CSV file using deluge script/

  I have an application I have developed and the client wants us to place an export file in csv onto an ftp server daily. Now I don't see au options in creator to change the separator to anything else. The client wants the separator to be the pipe symbol "|"  I think i would be able to create schedule with some code to create the appropriate data in a string using deluge script but I haven't seen any functionality that would allow me to deposit that data as a file anywhere or attach it to an email

• How can I get a nested value attributes inside a key par?

  Hello! Im getting the following output when reviewing a record I am after. I am trying to put some conditions based on a data value that is inside another data. For example, lets grab the below output. Info {"Account_Name":{"name":"Liberty Construction

• Invoices not arriving and mail server settings

  I am having an issue where some clients are not receiving invoices. I have configured Zoho Books to send on my behalf and configured the appropriate SPF, DKIM and DMARC settings on my mail server and tested these as working. I get the CC'd copies so I

• Multi Line Text Character Limit

  I want to export my Help Center articles but I realized that the text in the Answer column is being cut off. I'm guessing there is a character limit for multi line text fields. How can I get around this?

• Emails bouncing to Hotmail / Outlook.com

  Today I have seen multiple emails bouncing all to Hotmail and outlook.com mailboxes, all other emails are being delivered. Is it just me or is this a widespread issue with Zoho Books ? Bounce Reason : uncategorized-bounce

• Be careful if you want to purchase zoho one

  Hi, just to add one more complain to the other similar complains. When I purchased zoho one, Divith, my account manager told me (by email) that I would be able to keep different emails that I have inside the company (contact, privacy, etc.). During the

• Schedule Timeout 5 minutes vs. stated 15 minutes

  I am running into a function run timeout error after 5 minutes for my schedules. The Functions - Limits documents states it should be 15 minutes: Functions - Limits | Online Help - Zoho CRM. What should it actually be? Due to the 5 minute timeout, I'm

• Importing invoices in bulk using the xls file template - still posting as draft - Is there a way to skip "mark as sent" and post it directly?

  Hello everyone, as the title say, is there a way that when I upload from the template file, it will post automatically? I tried changing the "Invoice Status" from draft to approved but it is still appearing as draft and is making me go to invoices so

• How to set Sales Order Payment Terms when creating a Sales Order via the Zoho Books API

  I am creating Sales Orders via the Zoho Books API. I would like to set the Payment Terms to a particular value from the list of allowed values. Is that possible? I was able to get the list of payment terms via this API call: https://books.zoho.com/api/v3/settings/paymentterms?organization_id=XXXX"

• Function and workflow to create customer payment and send receipt

   I am attempting to set up a workflow/custom function for the automatic creation of a customer payment and sending the email receipt, but am receiving the error "Improper Statement Error might be due to missing ';' at end of the line or incomplete expression" I've been over everything several times and cannot see where the error is (code is copied into the attached document).  I haven't used custom functions before with Deluge, so it's very likely something very simple, or I've completely mucked

• How to rename the Submit Button by using deluge script

  Hi everyone, As we know, the Submit button can be renamed in the form builder setting. But I have scenario where I need the Submit Button to be renamed differently according to condition. Anyone knows how to do it? Thank You

• Banking: Transfer from another account without base currency

  Scenario: A banking line item shall be categorised as an "internal transfer" from another bank account. This is a USD to EUR transfer. Our base currency is CHF. What we tried: Category: "Transfer from another account" From: Our USD account To: Our EUR

• Item cost price - How to accomodate changing cost prices

  I am in urgent need of assistance with how to accommodate changing cost prices for items, not manually. We import items so their landed cost is always changing. This cost is NOT reflected however in the item cost price. This is going to cause us some

• Marketer's Space: Targeted messaging : Leveraging Zoho Campaigns for Effective Communication

  Hello Marketers, Welcome back to Marketers’ Space! Targeted messaging ensures your communication reaches the right audience - boosting engagement, conversions, and overall campaign success. In this post, we’ll be looking at targeted messaging to create

• :between: conditions in search?criteria

  Hello, please help solve problem I try to select deals by Creater_Time between dates i send this GET request /crm/v4/deals/search?criteria=(Created_Time:between:(2024-02-01T18:52:56,24-02-17T18:52:56)) encoded to /crm/v4/deals/search?criteria=%28Created_Time%3Abetween%3A%282024-02-01T18%3A52%3A56%2C24-02-17T18%3A52%3A56%29%29

• Zoho Creator : Updating Records via Import. Can't use Autonumber or ZohoRecordID ?

  Hi, I am trying to use the function to update a report with an import. I'm running in to the error : "unable to update because the form has no column with unique values" In the release notes it says Only field with unique values can be used to compare

• 💡 Feature Request: Custom App Bundle Plan (Pick Only the Apps You Need)

  Request: Allow Users to Build a Custom App Bundle (Choose Only the Apps They Need) Hi Zoho Team, I appreciate the value that Zoho One and the Plus Bundles (CRM Plus, Finance Plus, etc.) offer. However, I’m finding it difficult to get the best fit for

• Search Feature Now Broken

  I have many hundreds of notes on Zoho Notebook but now when I search for a keyword, I only get 30 results maximum. This is unacceptable and yet another feature that has become broken on this quickly deteriorating software. Please fix immediately.

• Restrict Zoho One Account Notifications to Admins

  Hi Zoho One Team, I hope you're doing well. We recently noticed that end users are receiving administrative pop-ups in Zoho One, such as the DKIM configuration notice (screenshot attached). This type of notification is only relevant to administrators

• Automated Checkout

  Hi Team, I’m trying to create an automated checkout function in Zoho People. My requirement is that if an employee forgets to check out, the system should automatically check them out after 10 hours. However, I'm encountering an error while updating the

• Zoho CRM Community Digest - June 2025 | Part 1

  **We offer both video and written formats, take your pick and jump in.** CRM FOMO is real. You could be doing everything right and still miss the beat. That’s where we come in. Zoho CRM Community Digest! Every two weeks, we bring you the insider scoop

• Introducing Video Tutorials for the Zoho FSM Mobile App

  We’re excited to announce the launch of our brand-new video tutorials for the Zoho FSM Mobile App—designed painstakingly to help your field agents get up to speed in no time! Whether you're brand new to the Zoho FSM mobile app or just need a quick refresher,

• Zoho People > Managed People > User Access Control

  Hello All I need your recommendation on how should i go about setting the User Access Control in my Zoho People

• What happened to the tabs in the ribbon on the top in my CRM?

  Hi, This morning all of the tabs (modules) in the ribbon on top are no longer showing up. I had the modules in the ribbon in a specific order for easy, one-click access. Now it's only showing the active tab and the rest are hiding under the three dots

• Connect to Australian bank

  How do I connect to an Australian bank. No Australian bank shows up in my list. I think its because the service provider is Token and not Yodlee. How do I change this?

• Searching for content within courses

  Hello, I have been testing out Zoho One for my company have been exploring Learn. I've noticed that you cannot search for content within a course. You can only locate the title of the course. Example: Course: How to Make Your Bed Chapter: Pillows Lesson:

• Citations Problem

  I'm having an odd problem with the "Add Citations" feature of Zoho Writer. When I add a citation using the "Fetch website details online" feature it works the first time I use it but if I try it a second time by clicking that link nothing at all happens

• Zoho People Leave Balance Show as Negative

  Hi All I have the Portugal material Leave that policy allows up to 120 days or 150days for employee to apply within 365 days and employees is able to take minimum of 1 days or up to 120 days In my Leave Grant I have set as the setting.

• Zoho People > Performance > Appraisal > Mismatch between the template-configured module and the currently enabled module.

  Hello There When we enable the performance module there a prompt Mismatch between the template-configured module and the currently enabled module. How do we resolve this

• Introducing WhatsApp integration in Bigin

  Greetings! In today's business landscape, messaging apps play a significant role in customer operations. Customers can engage with businesses, seek support, ask questions, receive personalized recommendations, read reviews, and even make purchases—all

• Next Page