Kaizen #200 - Answering Your Questions | Authentication using Zoho CRM Python SDK
We’re incredibly excited to bring you the 200th post in our Kaizen series!
This journey has been as much about listening as it has been about sharing. And today, we’re making both count. Over the past few weeks, we’ve collected your feedback through the Kaizen feedback form added in our earlier posts. Thank you for the time and thought you’ve put into it.
Starting today, we’ll be actively addressing your most requested topics.
Overview – OAuth 2.0 and Zoho CRM SDKs
In this Kaizen, we’ll walk you through how OAuth 2.0 authentication is handled using the Zoho CRM Python SDK, and how the SDK simplifies token refresh, storage, and management for multiple users and organizations across multiple data centers.
Introduction:
OAuth2.0 Recap:
Token Management using Zoho CRM SDKs:
Token Management using Zoho CRM SDKs:
Sample Project Overview
We’ve used a fully working sample project to demonstrate the OAuth flow in action.
Frontend
A static interface built using HTML, CSS, and JavaScript.
Files include:
- index.html – login and data input page
- script.js – client-side login and record handling
- redirect.html – used to capture the grant token from Zoho
Backend
A Python server using Zoho CRM SDK to:
- Authenticate users using OAuth 2.0
- Store and manage tokens
- Fetch and manipulate CRM records
Note:
Before running the project, you’ll need to register your client in the Zoho API Console. Once registered, use the generated Client ID and Client Secret in your server code.
If you're planning to support users across multiple Zoho Data Centers (DCs):
- Be sure to enable Multi-DC for your client.
- Use the same client credentials (Client ID and Secret) for all the DCs during authentication.
Implementation Demo:
How the SDK Maps Tokens to Users
One of the key challenges in multi-user apps is ensuring that each user's tokens are stored and retrieved correctly. The Zoho CRM Python SDK handles this automatically.
As part of the OAuth flow, the SDK retrieves the user's email and organization info in the background using the scopes ZohoCRM.users.READ and ZohoCRM.org.READ. It then uses this unique user–org combination to:
- Store access and refresh tokens separately for each user
- Automatically update tokens when a user logs in again
- Ensure that all API calls are authorized with the correct tokens
If you're implementing Login with Zoho using the standard OAuth redirect flow, all of this is handled internally by the SDK using the user and org information retrieved during login. There’s no need to manually pass a UserSignature in the token object.
If you're not implementing Login with Zoho, or if you’d prefer to explicitly associate a token with a known user, you can pass a UserSignature object during initialization:
- from zohocrmsdk.src.com.zoho.api.authenticator import UserSignatureuser = UserSignature(email)token = OAuthToken(..., user_signature=user)Initializer.initialize(..., user=user)
This ensures the SDK can correctly identify the token's owner and separate tokens for different users or orgs in a multi-user application.
Multi-User & Multi-DC Token Management
Authentication can often be one of the trickiest parts of any integration, especially when you're dealing with multiple users, environments, and token refresh cycles. With the Zoho CRM SDKs, much of that complexity is handled for you, from generating and persisting tokens, to refreshing them silently when they expire, and managing user-org mappings behind the scenes.
We hope this Kaizen gave you a clearer picture of how to use our SDKs confidently in your apps. Try out the project, play around, and see how it all works in real time.
If you have any queries, let us know the comments below, or send an email to support@zohocrm.com. We'd love to hear from you.
