Org-specific OAuth2.0 Tokens in Zoho CRM

Org-specific OAuth2.0 Tokens in Zoho CRM

Hello everyone!

This post is to inform you that there is an update to the OAuth2.0 flow for CRM while generating the authorization code (grant token).

Web-based Clients
The Current Flow
  1. The user clicks the Login with Zoho button on any third-party app.
  2. The app redirects the user to the Zoho Login page, and the user enters the Zoho credentials.
  3. A pop-up, similar to the one below, appears asking for the user's consent that the app wants to access certain user data.
  4. When the user clicks the Accept button, Zoho Accounts redirects the user to the app with the authorization code (grant token) in the URL.
  5. Using this grant token, the app owner generates access and refresh tokens to access user's data.
  6. The app can use the same access and refresh token regardless of the environment (Production, Sandbox, or Developer) in which the user data is present. All the app owner has to do is change the API domain URL in the API requests.

In the current flow, the app owner can use a single access and refresh token for a user and make API calls to any environment. It is sufficient just to change the API domain URL in the API requests.

The New Flow
  1. The user clicks the Login with Zoho button on any third-party app.
  2. The app redirects the user to the Zoho Login page, and the user enters the Zoho credentials.
  3. A new pop-up, similar to the one below, appears to ask the user to choose the environment-specific org, such as Production, Sandbox, or Developer, whose data the app can access.
  4. The user selects one of the orgs from the available ones and clicks Submit.
  5. Zoho Accounts now takes the user to the consent page that displays the chosen org and the data (scope) that the app wants to access.
  6. When the user clicks Accept, Zoho Accounts redirects the user to the app with the authorization code in the URL.
  7. Using this grant token, the app owner generates access and refresh tokens to access user data specific to the environment.
In this flow, the user can choose to grant access to the application only to a particular org (either in the Production, Sandbox, or Developer instance of CRM). Therefore, the access and refresh token generated for a user becomes org-specific in an environment. For instance, the app cannot use tokens generated for an org in the Production environment to make API calls to the orgs in the sandbox or developer accounts.

Self Clients

The Current Flow
  1. Go to Zoho developer console.
  2. Choose your self client.
  3. Enter the scope, choose the time duration the authorization code is valid for, and enter a description.
  4. Click Create.


  5. The authorization code will be displayed.
  6. Use this code to generate access and refresh tokens.

Here, you can use the same access and refresh tokens to make API calls irrespective of the org or the environment. You must only change the API domain URL.

The New Flow
  1. Go to Zoho developer console.
  2. Choose your self client.
  3. Enter the scope, choose the time duration the authorization code is valid for, and enter a description.
  4. Click Create. A pop up displays the list of portals as shown below.
  5. Choose a portal. This displays the list of environments and different orgs under each environment.
  6. Select the org in an environment you want to generate the authorization code for.

  7. Click Generate. The authorization code will be displayed.

In this flow, the access and refresh tokens are specific to only the org and the environment they were generated for. You cannot use the org-specific tokens in an environment to make calls to another org in an environment.

Why are we making this change?
Increased security and restricted data access.
In this flow, the user can grant access to the app only to a particular org in an environment. Therefore, when the access token is breached, the data in the orgs under other environments are still safe.

Who should be concerned?
The application owners who use the same access and refresh tokens to make API calls to more than one environment, must ensure to use tokens specific to the org and the environment they were generated for.

This update will be opened to customers in phases from today (May 07, 2020).


Write to us at support@zohocrm.com if you have any questions.

Cheers!
Shylaja
Zoho CRM







    • Sticky Posts

    • Kaizen #217 - Actions APIs : Tasks

      Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

    • Kaizen #216 - Actions APIs : Email Notifications

      Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

    • Kaizen #152 - Client Script Support for the new Canvas Record Forms

      Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

    • Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

      Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

    • Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

      Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

    • Recent Topics

    • Delay function execute

      I've got a workflow which uses a webhook to send information to Flow, which in return updates a record in Creator. Problem is, by the time this has executed, the rest of my script has run and can't find the (yet to be) updated info in the record. Is there

    • Support www.camcard.com

      Hi, Is it possible CRM Zoho have integrations with https://camcard.com/? Thanks Br, Andy

    • Option to Customize Career Site URL Without “/jobs/Careers”

      Dear Zoho Recruit Team, I hope you are doing well. We would like to request an enhancement to the Career Site URL structure in Zoho Recruit. In the old version of the career site, our URL was simply: 👉 https://jobs.domain.com However, after moving to

    • Can't make a document editable to anyone

      Hey everyone, I am using Zoho Workdrive and trying to share a document so that it is editable by anyone with the link. I am trying to convince people to shift from Google to Zoho, but they don't have accounts yet. When I try to change the share settings

    • Edit Default Print

      What I want to do is create / edit the "Default Print" template without changing the layout I'm using. Currently I can create "Email Templates" but I don't use them for emailing and getting to that selection takes multiple clicks. If an email template could be set to be the Default Print template that would be helpful. I'd also like to print these in bulk but don't see that option (there is a mail merge macro but that goes straight to emailing, not to print or PDF).

    • Widget shows error

      Hi, May I ask why below characters will be auto added into the widget link and how to solve this error? As my widget shows 404 error now. ?serviceOrigin=https%3A%2F%2Fcrm.zoho.com&frameorigin=https%3A%2F%2Fcrm.zoho.com

    • How to print envelope labels from Zoho CRM

      Can anybody give me any clue how to print envelope/package labels directly from Contacts view? Regards, Alexandru Moderation Update: The Canvas Print View, which also facilitates the formatting of mailing labels, is now available! Learn more here: Zoho

    • Data Import: New interface, improved field mapping, and more

      Hello everyone! We’ve redesigned the data import process to ensure accurate field alignment and verify that every column in the uploaded file maps correctly with Desk fields before import. Here's how: Streamlined Import Steps Importing data is now more

    • Address labels

      Hi, we've been searching for a long time for a simple way for our employees to print address labels using a Dymo Label Writer 450. We came up with two alternatives that work, bur aren't really optimal.  First one is WebMerge. Webmerge is a great application that does 100% what we need but it is way too expensive for our needs. We only need to print a couple of labels per month. The second one is the integrated print tool in Zoho CRM, (Print preview) You would think this is the obvious way to do this

    • Print Labels

      How can I configure my address to print my labels like this: Name Mailing Address Mailing City, Mailing State Mailing Zip Country Instead of: Name Mailing Address Mailing City Mailing State Mailing Zip Country Thanks!!!!

    • Mailing labels - Improperly formatted

      All I'm trying to do is print one, properly formatted, mailing label. I'm in the Contacts module. In the default "list view" for mailing labels I selected a single client, hit the "more actions" drop down and selected print mailing label. Unfortunately,

    • Printing mailing labels

      The ability to print mailing labels would seem to be an important, basic, function of a good CRM. I find it very surprising that this has still not been addressed adequately by Zoho. When trying to use the existing "mailing label" included: 1. the data

    • Pageless mode needed to modernise Writer

      When we switched from GSuite to Zoho, one of the easiest apps I found to give up, was Docs. In many ways, Writer has always been more powerful than Docs, especially in terms of workflows/fillable forms/etc. However, I went back into Docs because I notice

    • Zoho Projects - Visual improvement to parent and sub-task relationship

      Hi Projects Team, My feature request is to improve sub-task visibility. Please see screenshot below. I really think parent child relationships could be visually improved. Even if the first letter of the parent task was inline with other same level tasks

    • API method to get activity feed in Recruit

      Hi community, I'm trying to figure out - is there any API method tto get information about datetime when Recruit/Candidates record tag where added?

    • Printing Mailing labels

      Is there any way to adjust the size of the printing labels? or product would I use to print labels from Zoho? Thanks, Josef Krieger Moderation Update (14th April 2025): We have another post discussing the same topic with votes and feedback from users.

    • Default to Current Date

      I'm importing data from a excel spread sheet that does not have date column and I'd like the date column in the Zoho Database to default to the current date. Any way I can do this?

    • "Spreadsheet Mode" for Fast Bulk Edits

      One of the challenges with using Zoho Inventory is when bulk edits need to be done via the UI, and each value that needs to be changed is different. A very common use case here is price changes. Often, a price increase will need to be implemented, and

    • Different Company Name for billing & shipping address

      We are using Zoho Books & Inventory for our Logistics and started to realize soon, that Zoho is not offering a dedicated field for a shipping address company name .. when we are creating carrier shipping labels, the Billing Address company name gets always

    • What's New in Zoho Inventory | Q2 2025

      Hello Customers, The second quarter have been exciting months for Zoho Inventory! We’ve introduced impactful new features and enhancements to help you manage inventory operations with even greater precision and control. While we have many more exciting

    • Make Packages from multiple sales order of a single customer

      Our customers sends orders to us very frequently, some times what customer wants is to ship items from 5 to 6 sales orders in a single shipment. it will be very nice if, zoho can implement this function, in which we can select items from other sales orders of the customer.

    • Print a price list or price book

      Hi Community. Am I right in concluding that Zoho has no functionality to print a price list from either Zoho CRM, Zoho Inventory or Zoho Books? I won't get stuck on the fact that Zoho doesn't sync price books between Zoho CRM and Books/Inventory (more

    • Show Custom Button in Portal Listview Canvas

      I have created a custom button that shows in a list view of deals (internally I can see it). I have permissions to allow this button on the portal. But it is not displaying in the canvas list? Before I do too much leg work, is this function allowed?

    • Zoho Sites "pages" management page

      I have 80 plus pages on zoho sites. When I go to the "pages" link to view and edit pages, They are not in any kind of order, so I spend lots of time searching for pages when I need to edit or create new. How can I change the view order of all my pages

    • AI feature in Zoho Desk suggesting answers based on past ticket threads

      Hi I would like to suggest something that would be very useful : instead of suggesting answers based on the Knowledge Base, I think it would be great if Zia could analyze the history of all customer and agents threads, to suggest answers in new tickets.

    • Advanced Customization of the Help Center using JavaScript

      Hello everyone, The Help Center in Zoho Desk can be customized by using HTML and CSS to provide structure and enhance the page's appearance—but what if you want to add interactive and dynamic elements? You can add these effects with JavaScript, a programming

    • Introducing Zoho POS for the Kingdom of Saudi Arabia

      Hey everyone, We are excited to kick-start December with a completely personalized edition of POS for retail businesses in Saudi Arabia to help run your operations with ease. It offers four different subscription plans—Free, Standard, Professional, and

    • Unveiling Zoho Sites 2.0 - A new dimension in website building

      Dear Zoho Sites Users, We are thrilled to announce the launch of Zoho Sites 2.0 today! This refresh represents a significant step forward in the capabilities of Zoho Sites and is crucial for creating a lasting and positive impact on our customers' businesses.

    • Script Editor not an option

      I am trying to apply a script to a sheet and Script Editor is not an option. I don't want to go outside Sheets to do this (like Creator) if it can be done inside Sheets.

    • Not able to link email text.

      Kindly check Zoho Sites. I am unable to turn a text into a email link. The save button does not work. Kindly try yourself to see it not responding to save.

    • Migrate data from old to new account

      Hy, Have one Old Zoho Notebook Account with Data , want to migrate that whole Data to New Zoho Notebook Account which is in Zoho One . Is that possible ? If Yes then how?

    • Zoho Analytics Regex Support

      When can we expect full regex support in Zoho Analytics SQL such as REGEXP_REPLACE? Sometimes I need to clean the data and using regex functions is the easiest way to achieve this.

    • Add Custom Reports To Dashboard or Home Tab

      Hi there, I think it would be great to be able to add our custom reports to the Home Tab or Dashboards. Thanks! Chad

    • Pricing Strategies: #1 Nuances in Pricing

      When Clara first opened her digital printing shop, pricing was simple. She sold handmade greeting cards, planners, business cards, and other physical items at fixed label prices, individually and in bulk. One SKU, one price, one bill, and that's all it

    • [Free Webinar] Learning Table Series – Education Management in Zoho Creator

      Hello Everyone! We’re excited to invite you to another edition of Learning Table Series, where we showcase how Zoho Creator empowers industries with innovative and automated solutions. About the Learning Table Series The Learning Table Series is a free,

    • Move attachments from one module to another with Deluge

      I have created a button that works just like the convert button for my custom modules. I would like this custom function to move any attachments in this record to the new module. I can't seem to find any documentation on how this can be accomplished.

    • Help in function code

      Hi, could someone look at the code below and tell me what 's wrong with it? After a deal creation or edition the code should find the related Account, than all open Deals for that Account and copy the field Total_Open_Deals from the Account record to

    • Automation Series: Auto-update Phase Status

      Hello Folks! You can auto-update your phase's status based on status of underlying tasks using custom functions. In this series, we will showcase how to create and run custom functions, using Deluge, with ease. Follow the steps below and automate your

    • how to add subform over sigma in the CRM

      my new module don't have any subform available any way to add this from sigma or from the crm

    • Zoho Projects - Project Details on the Project Menu

      Hi Project's team, I've helped may businesses setup and use Zoho Project and one thing I see time and time again is confusion on where to find the Project Details information. I would be much more intuitive if Project Details was on the menu before Dashboard.

    • Next Page