Kaizen 116 - Client Types in Zoho API Console

Kaizen 116 - Client Types in Zoho API Console

Hello everyone!
Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.
Let us discuss the available client types and how authorization is handled for each.

Available client types

  1. Server-based
  2. Client-based
  3. Self client
  4. Non-browser-based
  5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.
This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.
In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.
During the registration process in Zoho API Console, you would choose the "Web-based" client type.
OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:
  1. Users visit your website where you have the Login with Zoho button.
  2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
  3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
  4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
  5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
  6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
  7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
  8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.


You can use any of our server-side SDKs to simplify this process.
When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.


For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.
This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.
This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.
Here is a gist of what happens when a user clicks it.
  1. Your app redirects the user to Zoho Accounts.
  2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
  3. The user is shown the data that your webpage would use.
  4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
  5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
  6. Your app must then make API calls to Zoho with this access token to fetch data.
  7. When the access token expires, your app must take care of regeneration and storage.


As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.
When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.
Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.
  1. You register your app as self client in Zoho API Console.
  2. You will get the client details such as ID and secret.
  3. You provide the scopes required for your app to access CRM data.
  4. You will receive the grant token.
  5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
  6. Your app can then use this access token to make API calls to Zoho CRM and use data.
You can refer to our older Kaizen post on this topic for more details.
Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.
Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.
Here is how authentication is handled:
  1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
  2. Users install a dedicated Zoho ShowTime application on their smart TVs.
  3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
  4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
  5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
  6. When the user enters the user code, Zoho Accounts sends the access token to your app.
  7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.

Here is the protocol flow. For more details, refer to this doc.


5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.



Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.
If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.


Cheers!

    • Recent Topics

    • Trouble fetching custom fields from Zoho Booking

      I'm following the instructions from here : https://help.zoho.com/portal/en/kb/flow/user-guide/app-specific-documentation/articles/zoho-bookings#1_Problem_with_accessing_custom_fields But I can't get this to work. Here is the result of a test booking :

    • Accounts module not displaying in Campaigns sync

      When syncing CRM to Campaigns, I can only sync Leads and Contacts. Accounts module is setup and not sure why I can't select it. I won't be able to make segments for all our email campaigns. What is the resolution?

    • Zoho Desk - account and contact lookup by phone

      Hi team, Does Zoho Desk allow to lookup Accounts and Contacts by phone or not? I am using this endpoint- GET https://desk.zoho.eu/api/v1/accounts/search?phone=987-654-3210 But I am getting this error- { "errorCode": "UNPROCESSABLE_ENTITY", "message":

    • Missing Date Field Type Blocking VAT Calculations in Custom Zoho CRM Module

      I'm working on a custom VAT calculator within Zoho CRM where I need to store the purchase date of a product and calculate VAT based on that date, since VAT rates can vary over time. However, while creating custom fields, the only available data type is

    • Different Page Numbering

      I want the page numbers not just 1,2,3... but i,ii,iii,iv,... or even I,II,III,IV.... How can I do this?

    • Remote Control Functionality During Screen Sharing in Zoho Cliq

      Hello Zoho Cliq Team, We would like to request the addition of remote control functionality during screen sharing sessions in Zoho Cliq. Currently, while screen sharing in Cliq is very useful, it lacks the ability for another participant to take control

    • How to validate Rich Text in Zoho Creator! Urgent!

      Hi members, Recently I just started to use Rich Text field. Now I have a requirement where I need to validate to ensure this Rich Text field must contain a value. Meaning must contain something. I use the below script if(input.Rich_Text == null) { alert

    • Real-Time Screen Annotation During Zoho Cliq Screen Sharing

      Hi Zoho Support Team, Hope you're doing well. We’d like to request the addition of real-time screen annotation tools during screen sharing sessions in Zoho Cliq video calls. 🔍 What We're Looking For: The ability for the presenter—and optionally, other

    • Simplify ticket replies with intelligent writing and content analysis tools

      Introducing a smarter, faster way to handle ticket responses with generative AI-powered capabilities, now available in the ticket detail view. These enhancements are designed to reduce agent effort, improve clarity, and elevate the overall support experience.

    • Cannot send a Campaign. No Send or Proceed button

      I have built a Campaign. I had to drop Leads and only use Contacts because only one group can sync. But now I do not see any errors but I do not see anyway to proceed with sending the campaign?

    • Zoho Books - Feature Request - Show Custom Template Preview

      When using a custom template is would be a great user experience if the custom template could be previewed when viewing the record. I have found that it's very confusing for users, when they see an invoice preview but the out put file is different. Additional

    • run a macro on a contact that bounced from crm email merge

      how would one run a macro on a contact that bounced from crm email merge? how would i tell zoho to run a macro that SIGNALS said bounced?

    • Workflow : Update a multiline text field

      Hello, I'm creating a workflow to update a multiline text field. But it looks like I only can format my text as a one-line. How can I format the text to multiple lines ? Thanks

    • Search handwriting using sketch card and OCR

      Hi It's possible using Sketch Card for handwriting and search them using AI and OCR in Pro edition? Thanks

    • Autoresponders in Zoho CRM will be discontinued—transition to Cadences for enhanced engagement

      Zoho CRM’s Autoresponder feature will be discontinued by September 30, 2025. If you're currently using Autoresponders to automate email follow-ups, we recommend switching to Cadences, a more powerful, flexible, and multi-channel engagement tool for today's

    • Recovering a note

      Hi, I accidentally deleted an important academic not from my notebook. Can I recover it? Thanks

    • Unable to schedule posts!

      Hi everyone, I'm on the free account. I just realised it doesn't give me the options to schedule posts anymore, I can only 'post now'. I don't understand why I can't even see what I scheduled before. Can anyone help? Thanks, Benedetta

    • ZUG is Hitting the Road — Across the USA!

      We’re bringing the Zoho User Group (ZUG) meet-ups back to various cities across the United States — and we’re more excited than ever to reconnect with our incredible community! Whether you're a seasoned Zoho user or just getting started, this event is

    • SPF, Zoho Books, Send from my domain

      I am unable to verify my domain through Zoho Books: this is the text record: v=spf1 include:spf.protection.outlook.com include:zohomail.com -all I waited 24 hours already with error: SPF record not found. Contact your domain provider.

    • How do I record timesheet invoices generated in Zoho Workerly against a Sales Order?

      We have customers who issue us a Purchase Order for an aggregate amount of hourly services, which we invoice against on a weekly, bi-weekly, or monthly basis (contract dependent). For simplicity, let's say the customer PO is for $50,000 (1,000 hours at

    • One Place for All Your Automation Needs

      All automation settings are grouped under Settings ()> Automation. This helps you find everything related to automation from one place. Under Workflow Rules, Email Alerts, Email Templates, and Webhooks: Use the Projects tab for project-specific settings.

    • How Do I Refund a Customer Directly to Their Credit Card?

      Hi, I use books to auto-charge my customers credit card. But when I create a credit note there doesn't seem to be a way to directly refund the amount back to their credit card. Is the only way to refund a credit note by doing it "offline" - or manually-

    • header and footer for templates

      Hi,   I created many templates for my activity. Nevertheless I have a big problem, the HTML is varies from a quote to another, there is sometime less or more text. In order to have a nice layout I require Header and Footer. I looked for into the CRM tool, couldn't find it. Can someone explain to me if it's possible ??   It's very urgent, thanks very much,   Eric Marois

    • Simple Text Search Function

      Would it be too much to ask for a simple text search function? My slide decks are often simply collections of slides of a random over, and I often have to find the slide I need at a moment's notice. A text search function, no matter how rudimentary, would

    • Rich-text fields in Zoho CRM

      Hello everyone, We're thrilled to announce an important enhancement that will significantly enhance the readability and formatting capabilities of your information: rich text options for multi-line fields. With this update, you can now enjoy a more versatile

    • Introducing the Reviews sub-module in Zoho Recruit

      Across every recruitment process, candidates are assessed by multiple stakeholders—recruiters, interviewers, hiring managers, and clients. These evaluations influence hiring decisions, yet they often exist in silos across assessments, emails, or interview

    • We need customizable sub-form layouts

      Currently, we can arrange sub-form fields only in a single row. The single row layout means salespeople must horizontally scroll to uncover information. As a result, salespeople cannot see all of the relevant information simultaneously.  The administrator

    • Fetch function not working for CRM Contacts

      I've created a flow that checks if a contact exists in CRM (based on form input), and if it does, then it updates one of the fields for the contact. In my test, the fetch function correctly identifies that a contact exists (based on email address), but

    • How to add a discount (percent %) field?

      My particular case it’s regarding the “Opportunities” module. I’ve created a subform to calculate the value of the opportunity, and now I’d like to include a discount field in the form of a percentage. However, no matter how or where I add the "percent"

    • Automate Pricebook per Customer

      Example Scenario: I want to create a customer package (Silver Package, Gold Package, Platinum Package) and associated it with a Price Book that contains discounted prices for certain products. When a customer assigned to this Silver Package places an

    • Automate pricebook per customer

      Example Scenario: I want to create a customer package (Silver Package, Gold Package, Platinum Package) and associated it with a Price Book that contains discounted prices for certain products. When a customer assigned to this Silver Package places an

    • Automate pricebook per customer

      Example Scenario: I want to create a customer package (Silver Package, Gold Package, Platinum Package) and associated it with a Price Book that contains discounted prices for certain products. When a customer assigned to this Silver Package places an

    • Client Side Scripts for Meetings Module

      Will zoho please add client side scripting support to the meetings module? Our workflow requires most meeting details have a specific format to work with other software we have. So we rely on a custom function to auto fill certain things. We currently

    • Document Tracking

      Hi all Zoho crmplus user here. I am migrating from hubspot and in Hubspot when my sales team email a document they can see when the client has opened the document and how many minutes they sepend on it. This persists for additional openings and readings

    • Apply partial payments to invoices from the Banking Module

      We need this! Why is this not possible?

    • Setting admin only field values in widget

      Hello If I'm using a Widget addRecord function invoked by a user input (the user has write permission not developer) can he set values to a field that is set to be visible to Admin only?

    • Forecast UI improvements

      Hi I have two improvement requests for the UI in the Forecast function. Can you add the ability to reorganise the Pipeline, Committed and Best Case columns on the Forecast? I thought they were in alphabetical order, so we renamed them so that we could

    • Missing services/ features / buttons

      Hello, 1. I can't locate the DKIM information in ZoHo CRM that I need to add as txt strings to our DNS in GoDaddy. 2. In other activities I cannot locate the 'Help' button for context senstivie help 3. I wish to merge two records into a single record

    • Global Sets for Multi-Select pick lists

      When is this feature coming to Zoho CRM? It would be very useful now we have got used to having it for the normal pick lists.

    • [Free Webinar] Building Data Relationships Using Lookup Fields - Creator Tech Connect

      Hello Everyone! We welcome you all to the upcoming free webinar on the Creator Tech Connect Series. The Creator Tech Connect series is a free monthly webinar that runs for around 45 minutes. It comprises technical sessions in which we delve deep into

    • Next Page