Kaizen #116 - Client Types in Zoho API Console

Hello everyone!

Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.

Let us discuss the available client types and how authorization is handled for each.

Available client types

1. Server-based
   
2. Client-based
   
3. Self client
   
4. Non-browser-based
   
5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.

This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.

In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.

During the registration process in Zoho API Console, you would choose the "Web-based" client type.

OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:

1. Users visit your website where you have the Login with Zoho button.
   
2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
   
3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
   
4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
   
5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
   
6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
   
7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
   
8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
   

Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.

You can use any of our server-side SDKs to simplify this process.

When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.

Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.

For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.

This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.

This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.

Here is a gist of what happens when a user clicks it.

1. Your app redirects the user to Zoho Accounts.
   
2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
   
3. The user is shown the data that your webpage would use.
   
4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
   
5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
   
6. Your app must then make API calls to Zoho with this access token to fetch data.
   
7. When the access token expires, your app must take care of regeneration and storage.
   

As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.

When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.

Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.

1. You register your app as self client in Zoho API Console.
   
2. You will get the client details such as ID and secret.
   
3. You provide the scopes required for your app to access CRM data.
   
4. You will receive the grant token.
   
5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
   
6. Your app can then use this access token to make API calls to Zoho CRM and use data.
   

You can refer to our older Kaizen post on this topic for more details.

Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.

Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.

Here is how authentication is handled:

1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
   
2. Users install a dedicated Zoho ShowTime application on their smart TVs.
   
3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
   
4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
   
5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
   
6. When the user enters the user code, Zoho Accounts sends the access token to your app.
   
7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
   

Here is the protocol flow. For more details, refer to this doc.

5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.

Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.

If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.

Cheers!

• Topic Participants

• Shylaja S

  

• Piyush Dwivedi

• Ishwarya SG

  

• Onur Gulay - Smile Center Turkey®

  

• Sunderjan Siddharth

  

• Sticky Posts

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

  Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

• Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

  Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

• Kaizen #197: Frequently Asked Questions on GraphQL APIs

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Kaizen #198: Using Client Script for Custom Validation in Blueprint

  Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Recent Topics

• Mapping Issue

  since, Tickets are already mapped with the Requestors and when we map Requestors with Organization, then Tickets are not visible under that Organization. Kindly solve this issue.

• New features and improvements in Desk's integration with Zia powered by GPT 

  Hi everyone, We’re pleased to announce several new enhancements in Zia Powered by GPT integration. These updates bring more customization options, improved response generation, and additional language support. Below is an overview of the enhancements

• Painéis do Zoho CRM ajudam na Gestão Comercial?

  A gestão do departamento comercial é uma questão fundamental para qualquer empresa. Uma boa gestão proporciona previsibilidade, alinhamento e melhores resultados. Acredito que todos que adquirem uma plataforma de CRM buscam uma gestão ágil e eficiente

• Adding transferwise.com as an online payment method

  Hi, I am not a fan of using Paypal or google pay, can we look at introducing transferwise.com as a payment method as i think it will work better in the corporate world. https://transferwise.com/ Cheers

• How to Bulk-Update Sales Orders in CRM

  Hi - I need to bulk update existing sales orders with dates from our ERP of when the sales orders were created. I made a date field on the Sales Order module where I want to insert that data. I can't Mass Update because I am not updating the fields to

• How do mass change start date and end date?

  You can mass do everything else, so maybe I'm missing something. But if I have a bunch of tasks and want to assign multiple tasks within a date set, how do I do that without doing them one by one?

• Announcing New Features in Trident for macOS (v.1.2.0)

  Hello Community, Trident for macOS has quite a few new features that will improve your business email communication. Let's take a quick look at them. Creating templates Earlier, you could save email drafts as templates in Trident. With the current update,

• Products in time entry

  Morning, Is there a way to add the product field to the time entry layout? Giving us the ability to identify a product per time entry. Thanks Rudy

• Zoho.eu and U.S. Cloud Act? Can U.S. request Zoho.eu data?

  Given the current political situation in the U.S. and possible near future implications for data privacy and security, I am curious about Zoho’s obligation to comply with the U.S. cloud act or other U.S. requests for private customer information from

• Zoholics Europe Awards

  We're excited to announce that at this year's Zoholics events across Europe, we're holding customer awards for the first time ever! This is your chance to shout about the amazing things you've created, connected, or achieved with Zoho's developer application!

• Why "balance due" for the VOIDED INVOICE is not zero?

  We wonder why the "balance due" for the VOIDED INVOICE is not zero? For example our case, we issued invoice for a client for MYR1000, then after client request for cancellation. Client haven't make payment yet. So we marked the invoice as void. We think

• Format handling error

  Hi, I'm having an issue when merging a document using a custom function when with decimal numbers. In my template preview, it's seems correct ,but when I do the merge and attach the file to a record, all types of docs aren't displaying the number correctly.

• Announcing New Features in Trident for macOS (v.1.20.0)

  Hello everyone! Trident for macOS is here with interesting features and enhancements to elevate your workplace communication and productivity. Let's take a quick look at them. Change the "From" email address easily. When composing or replying to an email,

• Announcing new features in Trident for Windows (v.1.27.6.0)

  Hello Community, Trident for Windows is here with exciting new features to elevate your email communication. Let’s dive into what’s new! View and manage .pst files. A .pst (Personal Storage Table) file is an Outlook Data Storage file format for storing

• Email limit reached

  I'm assessing whether zoho crm will work for our startup, however I tried to send emails to my leads and after 12 emails got the notification that email limit has been reached. That is ridiculously low. Whats wrong and how can you fix that. I am still

• Importing Into Zoho CRM

  Do you have a list in Excel that you would like to import into Zoho CRM? If your administrator has not restricted your ability to import, the process is fairly easy to accomplish, but understanding the options can make everything go smoother. First you may need to prepare the spreadsheet Remove any extra rows from the top of the spreadsheet, like titles or blank lines. Row 1 should be the column headers. Row 2 should be where the data starts. Make sure that there is a column for any required fields

• Analyze the Name of the Deal Owner and Created by

  I need to display the Name of the User who created a deal and the Deal Owner. Since both fields are lookups to the same table (Users), it defaults to the user record of the Deal Owner and I cannot display the name of who created it. I can generate the

• Date Import Problems

  I'm trying to import products from csv/xls files, but I can't get the Sales Start Date field to import. I know the import is working because all the other information is imported, but the Sales Start Date field is left empty. I think it must be a format

• Canvas and Related lists

  Hi, As much as I like canvas, when adding in a asection with related lists,it doesnt mimic the same functionality as the standard view within the CRM e.g left hand panel will show the module and total number of records. Is there a way of indicating this

• New Search Function

  Hey Team, The search function updated in our CRM about a week ago, so I assume it was an automated update across Zoho. It no longer displays leads/deals etc in Chronological order so that the most recently created or updated is the first to display which

• Problem with the "Search" function

  Hi, I've been using Workdrive for a few days and lately, the files I added in Workdrive don't appear in the search. It looks like my latest files aren't indexed. Are you aware of this issue ? 

• Getting error "invalid warehouse_id" when trying to update any transaction in Zoho books

  I got a message from Zoho saying that the Warehouse and Branch has been merged into one category "Locations" Once I migrated to this setup I was no longer able to edit any invoice / create creadit notes - got an error saying "invalid warehouse_id" I never

• Return "kit_quantity" when fetching Kit items via "List all the items" API call

  I have been appreciating the new Kits feature quite a bit, it is exactly what we were looking for in Zoho to solve many pain points. However, there is 1 problem I am running into and that is the fact there is no stock information that can be pulled for

• Automating Pricing in Zoho Inventory Based on Brandline Quantity

  I am currently setting up my Zoho Inventory system and would like to implement an automatic pricing feature for sales orders. We have created a custom field called "brandline" for our items. All products with the same brandline value should have the same

• Tags with Zapier

  Maybe I'm missing something....I hope so... Using tags for triggers is a key need.  This prevents us from having a ton of different lists. I am trying to find out how to add a tag using zapier when someone makes a purchase....but it doesn't seem to be

• Print & PDF Support for Composite items

  There needs to be a way to print a composite item showing all the components, qty & images.

• Build custom AI solutions with Catalyst’s QuickML capabilities in CRM

  Hello everyone, We’re thrilled to announce an improvement for our Zoho CRM Enterprise users: the ability to create custom AI solutions using Catalyst’s QuickML directly from Zoho CRM. As you may already know, Zia, Zoho CRM’s AI-powered assistant, offers

• We cant create a custom function

• Live webinar: Power-up your business presentations with Show's add-ons

  We all spend a good amount of time building presentations for meetings, reports, and pitches. But even with good content, slides can sometimes feel basic or less engaging. That’s where having the right tools helps. With Zoho Show’s add-ons, you can embed

• Contractor recruitment

  We mainly supply contract staff, so there is an end point to when they are 'Hired'.  The problem we have is that once we have marked the candidate as 'Hired' there is no way that we can change their status afterwards without 'unhiring' them against the job. We need to be able to hire people for a fixed period of time, after which they would become 'available' again.  How do we go about doing this?

• Writer very buggy and glitchy after only a few minutes of use... oh my.

  I am finding Writer to be very buggy and glitchy while using it. I've tried it in Firefox, Chrome, Safari... all Mac. Complete words get deleted on backspace (probably a feature, but disconcerting and bad design, esp. if you just want to delete a couple

• How can I use the API to add a drop-shipping address to a sales order for one-time use?

  I need to be able to add a drop-shipping address for one-time use to a sales order via the API. Adding every such address to the contact (customer), then feeding the shippingaddress_id into the sales order, is not an acceptable approach; we have some

• Zoho say my domain seems to be already associated with another account

  I created a website on zoho and associated my domain (bompescado.com) on it. You can see the A record and CNAME are working to it. Now I need to associate the same domain as webmail, but when I try it return with: " This domain name seems to be already associated with another account. If you own this domain, please contact us for assistance." Im following the advice and conctacting you to say I've not been associated this domain on zoho before.  What do I need? Well, I need you manually remove it

• Mass Print Attachments from Selected Records in Custom Module

  Dear Zoho CRM Team, We’d like to request a feature enhancement regarding the handling of attachments. Use Case: We have a custom module that stores invoices uploaded by our affiliates. Currently, we need to open each record individually to print these

• how to integrate zoho bigin to wordpress website ?

  hello , i want to integrate zoho bigin to wordpress webiste , can anyone help me with the tutorial ?

• Surely it's time Inline editing from views

  I think the first request I found for in-line editing from grids was approximately 12 years ago - that post was locked because it was suggested Zoho sheetview solved the problem. However, it's now 2024, and in-line editing from grids is just a basic expectation.

• Issue with POST request creating Calls in CRM

  Hello, I am in the middle of integrating some 3rd party Call center API with Zoho CRM and going through our logs I see some discrepencies. We sometimes get an error: {"data":[{"code":"INVALID_DATA","details":{"api_name":"Call_Duration","json_path":"$.data[0].Call_Duration"},"message":"Please

• only lastname as index(?) field in custom module

  Hello, I have a small problem. I have created a custom module. The data records are only labeled with the last names. Also in the lookup etc.... It's stupid if you have different first names with the same surname. Then I only ever see the surname. In

• How to read content out of File (Excel, Zoho Sheet, CSV) and iterate through rows

  Hello, I'd like to be able to iterate through all the rows in a CSV or Excel/Zoho Sheet file to perform actions on them. How is this possible in Flow? Thanks in advance! Best regards, Sven

• Import CSV file into Zoho CRM using Zoho Flow?

  Is there a way to automate the import of contacts from Zoho Flow to Zoho CRM? I have a csv file on a remote server that I would like to pull off and import/update on a schedule.  I know you can do it with Zapier but I would like to stay within the Zoho

• Next Page