Org-specific OAuth2.0 Tokens in Zoho CRM

Org-specific OAuth2.0 Tokens in Zoho CRM

Hello everyone!

This post is to inform you that there is an update to the OAuth2.0 flow for CRM while generating the authorization code (grant token).

Web-based Clients
The Current Flow
  1. The user clicks the Login with Zoho button on any third-party app.
  2. The app redirects the user to the Zoho Login page, and the user enters the Zoho credentials.
  3. A pop-up, similar to the one below, appears asking for the user's consent that the app wants to access certain user data.
  4. When the user clicks the Accept button, Zoho Accounts redirects the user to the app with the authorization code (grant token) in the URL.
  5. Using this grant token, the app owner generates access and refresh tokens to access user's data.
  6. The app can use the same access and refresh token regardless of the environment (Production, Sandbox, or Developer) in which the user data is present. All the app owner has to do is change the API domain URL in the API requests.

In the current flow, the app owner can use a single access and refresh token for a user and make API calls to any environment. It is sufficient just to change the API domain URL in the API requests.

The New Flow
  1. The user clicks the Login with Zoho button on any third-party app.
  2. The app redirects the user to the Zoho Login page, and the user enters the Zoho credentials.
  3. A new pop-up, similar to the one below, appears to ask the user to choose the environment-specific org, such as Production, Sandbox, or Developer, whose data the app can access.
  4. The user selects one of the orgs from the available ones and clicks Submit.
  5. Zoho Accounts now takes the user to the consent page that displays the chosen org and the data (scope) that the app wants to access.
  6. When the user clicks Accept, Zoho Accounts redirects the user to the app with the authorization code in the URL.
  7. Using this grant token, the app owner generates access and refresh tokens to access user data specific to the environment.
In this flow, the user can choose to grant access to the application only to a particular org (either in the Production, Sandbox, or Developer instance of CRM). Therefore, the access and refresh token generated for a user becomes org-specific in an environment. For instance, the app cannot use tokens generated for an org in the Production environment to make API calls to the orgs in the sandbox or developer accounts.

Self Clients

The Current Flow
  1. Go to Zoho developer console.
  2. Choose your self client.
  3. Enter the scope, choose the time duration the authorization code is valid for, and enter a description.
  4. Click Create.


  5. The authorization code will be displayed.
  6. Use this code to generate access and refresh tokens.

Here, you can use the same access and refresh tokens to make API calls irrespective of the org or the environment. You must only change the API domain URL.

The New Flow
  1. Go to Zoho developer console.
  2. Choose your self client.
  3. Enter the scope, choose the time duration the authorization code is valid for, and enter a description.
  4. Click Create. A pop up displays the list of portals as shown below.
  5. Choose a portal. This displays the list of environments and different orgs under each environment.
  6. Select the org in an environment you want to generate the authorization code for.

  7. Click Generate. The authorization code will be displayed.

In this flow, the access and refresh tokens are specific to only the org and the environment they were generated for. You cannot use the org-specific tokens in an environment to make calls to another org in an environment.

Why are we making this change?
Increased security and restricted data access.
In this flow, the user can grant access to the app only to a particular org in an environment. Therefore, when the access token is breached, the data in the orgs under other environments are still safe.

Who should be concerned?
The application owners who use the same access and refresh tokens to make API calls to more than one environment, must ensure to use tokens specific to the org and the environment they were generated for.

This update will be opened to customers in phases from today (May 07, 2020).


Write to us at support@zohocrm.com if you have any questions.

Cheers!
Shylaja
Zoho CRM







    • Sticky Posts

    • Kaizen #217 - Actions APIs : Tasks

      Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

    • Kaizen #216 - Actions APIs : Email Notifications

      Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

    • Kaizen #152 - Client Script Support for the new Canvas Record Forms

      Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

    • Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

      Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

    • Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

      Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

    • Recent Topics

    • Can I use a Standalone CRM Function as the Callback URL For Async Export Data API?

      I am creating an export job using this API https://www.zoho.com/analytics/api/v2/bulk-api/export-data-async/create-export/view-id.html There is a "callbackUrl" key in the CONFIG object. I tried copying the URL for a standalone function in CRM which can

    • ZOHO Books

      Hi there, Why after I upgrade my Zoho invoice > Books then i wanted to add plugin which i cannot do. Please advise.

    • How is Your eCommerce Experience w/Zoho Inventory?

      First off, I'm SUPER grateful for the advent of Zoho Inventory and now the Zoho Commerce Suite. Overall, Inventory is a great product, especially for customers without an eCommerce presence. For eCommerce companies (especially those shipping more than ~10 packages/day), however, there are certain drawbacks that keep my clients from moving over to Zoho Inventory: Cons: 1. Invoice + Package Creation from Shopify/Other eCommerce Integrations: Zoho Inventory makes the somewhat perplexing decision to

    • Ask the Experts 26: Brighten every customer interaction with Zoho Desk all year long

      Hello everyone, Greetings and welcome to Ask the Experts 26. As we wrap up 2025, we are excited to invite you to the 26th episode of our Ask the Expert series. 🎄The Merry Metrics Edition = Best of Zoho Desk [Best Practices + Holiday Automation + Year-End

    • Cliq iOS can't see shared screen

      Hello, I had this morning a video call with a colleague. She is using Cliq Desktop MacOS and wanted to share her screen with me. I'm on iPad. I noticed, while she shared her screen, I could only see her video, but not the shared screen... Does Cliq iOS is able to display shared screen, or is it somewhere else to be found ? Regards

    • Operation Questions.

      Hello, I hope you are well. To explain a little, we are a company that sells services and products with a technical team responsible for installation and maintenance. Zoho FSM can be useful for the technical team, namely for the technical coordinator

    • Error AS101 when adding new email alias

      Hi, I am trying to add apple@(mydomain).com The error AS101 is shown while I try to add the alias.

    • Simplify Mass Replies with Predefined Templates and Snippets

      Hello everyone, We are happy to introduce a new enhancement to Mass Reply that helps agents respond to customers quickly and consistently. With the addition of Email Templates and Snippets in the reply window, agents can use predefined messages while

    • Add "Groups" above "Users" in the Zoho Forms Left Menu

      Hi, We have Groups but you have to go to a Form and Share or use the Directory App to manage them, please add "Groups" above "Users" in the Zoho Forms Left Menu so you can manage them in 1 place within Zoho Forms too. Thanks Dan

    • Exciting Updates to the Kiosk Studio Feature in Zoho CRM!

      Hello Everyone, We are here again with a series of new enhancements to Kiosk Studio, designed to elevate your experience and bring even greater efficiency to your business processes. These updates build upon our ongoing commitment to making Kiosk a powerful

    • Add "Groups" to "Share With" on Reports & All Entries

      Hi, On Forms we can share Publicly, with Specific Users And/Or Specific Groups or All Users. With Reports and All Entries we lack the "Groups" option, please add this as with many users this saves a lot of work. Thanks Dan

    • Mapping custom fields from one module to another

      I have a custom field, "Subscription Period" that appears as a required field in every Opportunity (Potential). I want that field to appear on any Quotes derived from that Opportunity (and have created a custom field of the same name in Quotes for that

    • Inquiry on Help Centre Tab Customisation

      Hi Zoho team, I’m wondering if it’s possible to further customise the Help Center tabs, specifically the descriptions under Knowledge Base, Community, and Tickets. While the current setup allows customising tab names, being able to tailor the descriptions

    • Passing the CRM

      Hi, I am hoping someone can help. I have a zoho form that has a CRM lookup field. I was hoping to send this to my publicly to clients via a text message and the form then attaches the signed form back to the custom module. This work absolutely fine when

    • The Social Wall: November 2025

      We’re nearing the end of the year, and the holiday season is officially kicking in! It’s that time when sales peak and your social media game needs to be stronger than ever. We’re back with exciting new updates across AI, analytics, and the mobile app

    • Item name special charaters <>

      Im trying to input speical characters such as < and > into item name and item description but comes up with following error: Invalid value passed for Item Name and Invalid value passed for Item Description How do i allow speical characters?

    • How to update Multi File upload field

      Assume that i have a multi file upload field,how can i update the same field again?

    • Passing a form object to a function

      Suppose I have a sort_order field in multiple tables and I want to increment it by +1 onCreate of a new record. Is there a way to pass the form object as an argument into the function to keep things DRY? The following function from Zia works, but I'd

    • Customer Address Not on Standard Invoice when Address is on Contact Record

      Hi,  I entered the customer billing and shipping address in Zoho CRM. I created an invoice in Zoho Books with the same customer contact. The contact is correctly in Zoho Books with the billing and shipping address. The invoice for the customer does not

    • Auto-Invite Users to Portals in Zoho CRM based on Conditions

      Hello Everyone, You can now automate portal invitations in Zoho CRM with the new Auto-Invite users feature in Portal management. No more manually enabling portal access one by one. With this enhancement, you can automatically send invites for users to

    • Apply partial payments to invoices from the Banking Module

      We need this! Why is this not possible?

    • Welcome to the Zoho Show Community Forums page!

      Hello everyone, The Zoho Show community is a place for you to discuss and share anything and everything related to Zoho Show Presentations, our online presentation software. It includes users from all over the globe and all walks of life. Our community helps answer your Zoho Show questions with responses from other knowledgeable community members to give you the best experience creating and designing exciting presentations. Along the way, you'll meet recognized experts from our software team and

    • Regarding the integration of Apollo.io with Zoho crm.

      I have been seeing for the last 3 months that your Apollo.io beta version is available in Zoho Flow, and this application has not gone live yet. We requested this 2 months ago, but you guys said that 'we are working on it,' and when we search on Google

    • How can I convert an existing contact into a lead?

      I imported many contacts into ZOHO CRM. In order to select a few of them as leads, I want to mark or convert a few hundred as Leads. Who can I do that?

    • Introducing Dedicated Modules for Plans, Addons, and Coupons in Zoho Billing

      We’ve enhanced the way you manage Plans, Addons, and Coupons in Zoho Billing. Previously, all three grouped together under Subscription Items. Now, each one has its own dedicated module, giving you a cleaner and more intuitive experience. This update

    • Price book functionality enhancement

      A common use of price books is to create a price book for a given customer level or contract with a specific company. Given that this is done at a company/customer level it would be great to see a way to associate a price book to a given customer and

    • SMS to customers from within Bigin

      Hi All, Is there anyone else crying out for Bigin SMS capability to send an SMS to customers directly from the Bigin interface? We have inbuilt telephony already with call recordings which works well. What's lacking is the ability to send and receive

    • Tracking Emails sent through Outlook

      All of our sales team have their Outlook 365 accounts setup with IMAP integration. We're trying to track their email activity that occurs outside the CRM. I can see the email exchanges between the sales people and the clients in the contact module. But

    • Contact data removes Account data when creating a quote

      Hi, Our customer has address fields in their quote layout which should be the address of the Account. They prefill the information, adding the account name - the address data is populated as per what is in the account - great. However when they then add

    • Important update about notification security in Business Messaging SDK

      As part of our ongoing effort to strengthen the security of notification data, we have enhanced how notifications are processed and protected in our applications. These improvements ensure that all notification related data follows the most up-to-date

    • 年内最後のユーザー向けイベント:5名限定! 課題解決型ワークショップイベント Zoho ワークアウト開催のお知らせ (12/18)

      ユーザーの皆さま、こんにちは。コミュニティチームの中野です。 12月開催のZoho ワークアウトについてお知らせします。 今回はZoomにて、オンライン開催します。 参加登録はこちら(無料) https://us02web.zoom.us/meeting/register/QHn6kJAcRs-znJ1l5jk0ww ━━━━━━━━━━━━━━━━━━━━━━━━ Zoho ワークアウトとは? Zoho ユーザー同士で交流しながら、サービスに関する疑問や不明点の解消を目的とした「Zoho ワークアウト」を開催します。

    • Saved Sections?

      In sites editor, the + button reveals options to add a section, element, etc. It includes Saved Sections, but I can find no way to save a section I've already created. Otherwise, is there a way to copy a section from one page to another?

    • Sync Zoho Marketing Automation with Zoho Forms

      I can't find a section where the integration between Zoho Marketing Automation and Zoho form is explained. And how form subscription works with opt-in and consents.

    • What is the difference between Zoho Campaigns and marketing hub?

      Zoho Campaigns is a permission-based email marketing tool for sending marketing emails and mass emails. Marketing Automation is a multichannel marketing automation tool that caters to organizations looking for tools to engage their users across multiple

    • Webhook not firing.

      I created a webhook using the Web UI, it looks very nice and the testing worked without an issue, but when i save/ update a ticket, the webhook is not firing. Here are the details of the web-hook i get from using the API "modifiedTime": "2019-10-22T09:23:37.380Z",

    • Duplicate customers being created in Desk

      Hi I've trying to work out why I've getting duplicated customers being created in my desk. I have an external booking system that generates an email when I get a customer booking a job. A booking email gets sent to Desk where I manage the booking and

    • Creating a custom CSV file using deluge script/

      I have an application I have developed and the client wants us to place an export file in csv onto an ftp server daily. Now I don't see au options in creator to change the separator to anything else. The client wants the separator to be the pipe symbol "|"  I think i would be able to create schedule with some code to create the appropriate data in a string using deluge script but I haven't seen any functionality that would allow me to deposit that data as a file anywhere or attach it to an email

    • Zoho Sheet - Desktop App or Offline

      Since Zoho Docs is now available as a desktop app and offline, when is a realistic ETA for Sheet to have the same functionality?I am surprised this was not laucned at the same time as Docs.

    • Can we add custom fields to portal community profiles?

      How do we add custom fields to our profile pages in our portal community? If we have the ability to add custom fields, will we be able to access those fields via API? We want to use our Desk community in our help portal as our primary community and would

    • Customer ticket creation via Microsoft Teams

      Hi all, I'm looking to see if someone could point me in the right direction. I'd love to make it so my customers/ end users can make tickets, see responses and respond within microsoft teams. As Admin and an Agent i've installed the zoho assist app within

    • Next Page