Kaizen #164 : Client Credentials

Hello everyone,

Welcome back to Kaizen. 

In this post, we will discuss Client Credentials Flow and when it can be used.

What is Client Credentials Flow?

According to RFC6749, the official specification for the OAuth 2.0 authorization framework, 

"The client credentials (or other forms of client authentication) can be used as an authorization grant when the authorization scope is limited to the protected resources under the control of the client,or to protected resources previously arranged with the authorization server. Client credentials are used as an authorization grant typically when the client is acting on its own behalf (the client is also the resource owner) or is requesting access to protected resources based on an authorization previously arranged with the authorization server."

For Zoho CRM APIs, the credentials used are client id and client secret.

When can Client Credential Flow be used?

The client credentials flow is appropriate for machine-to-machine communications in which the application does not need to act on behalf of a specific user as the program can authenticate using just their own credentials to receive an access token. Here the credentials are client id and client secret.

Compared to the flow of creating access tokens in the self client flow, the client credentials flow can be used to perform one-time tasks like one-time data migration or testing Zoho CRM API calls, etc. We recommend using self client or server-based authorization for integration purposes. The main benefit of the client credentials flow is the simplicity in creating an access token, requiring only the client ID, client secret, OAuth scopes, and SOID.

If you are a first time user of Zoho CRMs, you can get started with Zoho CRM APIs by using the client credentials flow for authorization. Head over to Zoho CRM API Collection where a Client Credentials sample is added. Make sure that you have the required request parameters available in your environment for a smooth setup.

How to obtain access token in client credentials flow?

To obtain an access token using the client credentials flow, make an API call to the following endpoint

{accounts_url}/oauth/v2/token?client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials&scope={scope}&soid={org_id_or_portal_id}

Request Parameters

• grant_type: Enter the value as "client_credentials".
• client_id: Specify the client-id obtained from the connected app.
• client_secret: Specify client-secret obtained from the connected app.
• scope:  Enter the corresponding scope for the resource you want to access from the user's account. Multiple scopes can be given in comma separated format.
• soid: Enter this parameter in the format ZohoCRM.{zsoid} where zsoid is the unique ID of your org or portal. If your application has multiple orgs or portals, the token created is bound to this org or portal. For example: ZohoCRM.600xxx46

Response

If successful, the response will look something like this:

{     "access_token": "1000.b2caxxxxx3c6",     "scope": "ZohoCRM.org.ALL ZohoCRM.settings.ALL ZohoCRM.users.ALL ZohoCRM.templates.email.READ ZohoCRM.templates.inventory.READ ZohoCRM.modules.ALL",     "api_domain": "https://www.zohoapis.com",     "token_type": "Bearer",     "expires_in": 3600 }

Response Keys

• access_token: Access token to access ZohoCRM APIs.
• scope: The scope for the resource you want to access from the user's account that was provided in the parameters.
• api_domain: The domain for API requests, varies by environment (e.g., sandbox.zohoapis.{domain}).
• token_type: Type of token obtained. "Bearer" indicates this is an access token.
  
• expires_in: Time in seconds after which the access token expires.

This completes the authentication. Once your app receives the access token, send the token in your HTTP authorization header to Zoho CRM API with the value "Zoho-oauthtoken {access_token}" for each endpoint (for each request).

The response does not contain a refresh token. When an access token expires, make an API call to the same endpoint to get a new access token (if required).

We hope you found this post useful. We will meet you next week with another interesting topic!

If you have any questions, let us know in the comment section.

Cheers!

Previous Post: Kaizen #163 - Extension Widgets in Zoho CRM | Kaizen Collection: Directory | Help document link: Client Credentials

• Topic Participants

• Mable Mary M P

  

• Colin Small

• Sticky Posts

• Kaizen #216 - Actions APIs : Email Notifications

  Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

  Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

• Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

  Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

• Kaizen #197: Frequently Asked Questions on GraphQL APIs

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Recent Topics

• Writing by Hand in "Write" Notes

  Hi there! I just downloaded this app a few moments ago, and I was wondering if there was a way to write things by hand in "Write" mode instead of just typing in the keyboard. It would make things a bit more efficient for me in this moment. Thanks!

• Make CAMPAIGNS email look as simple as possible

  Hi there I'm trying to make my Campaigns email look as much like a normal email as possible. I'm a bit stuck with the "justification" of the email email block. Can I LEFT JUSTIFY the "whole email" to make it look "normal"? (Please see screenshot attached)

• Zoho Sign Reminder email template

  Is there a template we can edit for the reminder emails? I don't see it in Settings / Choose a template

• Preview an upload PDF or File

  I have a form where the customer has to upload a file (normally PDF - never jpeg)  When in report view I want to be able to preview the uploaded file without having to download it.  If I click on the upload it downloads to my computer, I want to be able

• How to filter emails by Reply-to field?

  I receive a very particular newsletter from an association A registered on a website W (that is used by many associations), and the emails fields are not great: the From just contains the generic website's W's email, while A is only mentioned in the Reply-to

• How to invite friends on other social media platforms to one of my group chats in arattai?

  Hello, I have formed chat groups in arattai. I want to invite my friends on other social media platforms like WhatsApp/ FB to one of my groups. Different friends would be invited to different groups. How to share an invite link of one of my groups to

• Line spacing

  I coudn't decrease the line spacing to space smaller then a single line. There is too much space between the lines that make the document look ugly. Please fix that. Liran. fonar

• Google Fonts Integration in Pagesense Popup Editor

  Hello Zoho Pagesense Team, We hope you're doing well. We’d like to submit a feature request to enhance Zoho Pagesense’s popup editor with Google Fonts support. Current Limitation: Currently, Pagesense offers a limited set of default fonts. Google Fonts

• Control Position of “X” (Close) Button in Popup Editor

  Hello Zoho PageSense Team, We hope you're doing well. We would like to request a customization improvement in the PageSense popup editor. Current Limitation: Currently, the position of the “X” (close) button is fixed and cannot be customized in the popup

• Add Standalone “Save” Button in Pagesense Popup Editor

  Hello Zoho Pagesense Team, We hope you're doing well. We would like to request an important usability improvement in the Pagesense popup editor. Current Limitation: There is currently no dedicated Save button while building a popup. The only way to save

• Text Direction Control in Pagesense Popup Editor

  Hello Zoho Pagesense Team, We hope you're doing well. We’d like to submit a feature request to add text direction control in the Pagesense popup editor. Current Limitation: Currently, the popup editor does not provide native support for RTL (Right-to-Left)

• Autosave in Pagesense Popup Editor

  Hello Zoho Pagesense Team, We hope you're doing well. We’d like to submit a feature request to enhance the Pagesense editor with an autosave functionality. Current Limitation: Currently, changes made in the Pagesense editor must be manually saved. In

• Billing frequency is not displayed correctly.

  Hello There is an issue while displaying the billing frequency on a subscription quote. I am able to activate the subscription details and get this lovely overview: If I am adding a Plan which I charge quarterly, first of all it should be possible to

• Creating Secret via Vault API

  Hi I am trying to create a secret through vault api.  This is the response I get. One thing I am not sure is how to decrypt the secretdata, how to get the secrettypeid? {     "operation": {         "result": {             "error_code": "",             "message": "Sorry, we are unable to process your request.",

• Is It Possible to Hide Menu Option from Main Navigation?

  Is it possible to hide a menu option, e.g. Admin, from the Main Navigation based on some criteria, e.g. login = zoho.adminuser

• Unleash the power of detail, with Table View.

  What use is context that's not available where you need it? With this in mind, we bring you the Table View. This feature will add more power to the way you organize and work through your ticket load. Table View comes in handy when you want more control over the ticket information you see. This is a nifty tool for users who find themselves limited in terms of the level of information that is being offered in the Classic View and Compact View. With an upper limit of 15 columns, agents can glean most

• Kaizen #126 - Circuits in Zoho CRM - Part 1

  Hello everyone! Welcome back to another week of Kaizen! Today, we will discuss an exciting topic—Circuits in Zoho CRM. For starters, we will discuss what Circuits are, how beneficial they are for businesses, different views of a Circuit, and the different

• 'Statement of Accounts does not exist' error received, when creating PO using api in Zoho Inventory

  Here is request json -- JSONString = { "date": "2019-09-24", "purchaseorder_number": "PO-6-1", "delivery_date": null, "delivery_org_address_id": 36221200000056XXX, "vendor_id": 362212000000564XXX, "attention": "Testing", "line_items": [{ "unit": "Pieces", "account_id": 36221200000003XXX, "quantity": 1, "item_id": 362212000000049XXX, "tax_type": "", "tax_name": "", "name": "One HD", "purchase_rate": 85, "tax_percentage": 0, "item_total": 85.00, "tax_id": "", "warehouse_id": 362212000000564XXX }] }

• Multiple clients in one project

  Hi team, What is the possibility to have more than one client to be linked for one project in the Zoho Books? Our business model is to have a project, and this project have expenses/bills, as well, we issue invoices for this same project to several customers.

• I can receive but not send emails

  Hello, I've been not able to send emails for almost a year now. I been using alternate email to do this. I want to know how to fix this so I can use my zoho account normally again.

• Workdrive on Android - Gallery Photo Backups

  Hello, Is there any way of backing up the photos on my android phone directly to a specific folder on Workdrive? Assuming i have the workdrive app installed on the phone in question. Emma

• Clients not receiving emails

  I've been informed that my emails are not being received. Is there anything that I should look into to rectify this? Many thanks!

• Rendering PDF to view on page

  My company upload lots of PDF files onto Zoho. But every time we open it, it downloads the file instead of viewing it on the web page. Does Zoho allow uploaded PDF files to be rendered to view on web page yet? I've been trying to use <embed> or <object> but it cannot be loaded.  (similar thread: https://help.zoho.com/portal/community/topic/how-to-open-a-pdf-file-of-a-view-in-preview-mode)

• Dynamically Fetching Lookup Field Display Value

  I have an audit trail form, Audit_Changes, that tracks old vs new values across different forms. For lookup fields, the old/new value is the ID, but I also need the display value. What's a best practice for dynamically fetching the display value of the

• Zoho Toolkit Email Signature Generator

  I'm having real issues with the email signature generator with no matter where I host the photo, Zoho doesn't seem to show the photo on the link provided?

• Ability to Create New Items When Zoho Trident is Minimized via tray or taskbar icon

  Allow users to create new items (emails, calendar events, tasks, etc.) directly from the system tray icon or by right clicking the task bar icon, even when the window is minimized or not actively running in the foreground. This enables quick access to

• I can not see Undeliverable emails from my Mass Email Leads activity in CRM

  I am sending email templates and I can not see the Undeliverables? I only receive the "Out of Office" replies and any manual replies from the lead. Can you please let me know where the Undeliverable emails are sent so I can use the information to clean up the database?

• Select Zoho Contacts as Meeting Participants in Zoho Cliq

  Hello Zoho Cliq Team, We hope you're doing well. We would like to request an enhancement to the meeting scheduling functionality in Zoho Cliq. Current Limitation: When scheduling a meeting in Zoho Cliq, participants can only be selected from: Organization

• Ability to Select External Users from Participants List When Scheduling Meetings

  Hello Zoho Cliq Team, We hope you're doing well. We would like to request an enhancement to the meeting scheduling experience in Zoho Cliq. Current Limitation when scheduling a meeting in Zoho Cliq: External users can be selected from the list only under

• Kaizen #212 - Map Dependency Fields in Zoho CRM using APIs

  Hi Everyone!! Welcome back to another week of Kaizen series! Over the past few weeks, we have been addressing your questions and feedback shared through our Kaizen 200th feedback form. Thank you for your continued engagement and thoughtful queries. We

• Outdated state in mexico

  Hello Zoho team, the drop down to add the state for customers, when they introduce their state in mexico has a city named “Distrito Federal” that name changed many years ago to “ciudad de mexico”. could you please update this so my clients can find the

• Is anyone using Zoho Flow with airtable?

  I need to build a flow that collects data from airtable and uses some of that data to create folders and files in google drive. I have fully function version of this in zapier and want to migrate to zoho. I am trying to perform a very basic fetch from

• AI in Zoho Workplace: A Sneak Peek into What’s Coming!

  Hello everyone, We’re super excited to share something we’ve been working on and we want you to be part of it! You may have seen our announcement blog post introducing a major evolution in how AI works within Zoho Workplace. Want to be among the first

• Meet Canvas' Grid component: Your easiest way to build responsive record templates

  Visual design can be exciting—until you're knee-deep in the details. Whether it's aligning text boxes to prevent overlaps, fixing negative space, or simply making sure the right data stands out, just ironing out inconsistencies takes a lot of moving parts.

• Best way to share/download presentation files in Zoho without losing formatting?

  Hello Zoho Community, I often work with PPT/PDF files in Zoho Docs and share them with colleagues. While PDFs usually give a direct download option, I’ve noticed that PPT/PPTX files sometimes only open in the viewer without a clear download link. Is there

• Workflow Failure - Notifications

  Good afternoon, I have just experienced an error whereby a Workflow failed, for a reason currently unknown. The problem is that one of my users had to flag this manually (thankfully he's very thorough) and this otherwise would have flown under the radar.

• Introducing Bin Locations In Zoho Inventory

  Hello users, We are excited to let you know that your wait for the Bin Locations feature has now come to an end! Yes, you heard us right! We are here to introduce the much-awaited Bin Locations now in Zoho Inventory. But before we dive into the feature

• Error "Invalid client task found corresponding properties" only when triggered from workflow ?

  Hi All, I am facing an error message I never encountered previously: Error in executing On Add - On Load script Error in executing thisapp.get_all_projects_api_call function. Line:(2) Error in executing thisapp.getAccessTokenFromRefreshToken function.

• How to interpret Campaign report statistics - definitions/explanation

  I am trying to make sure I understand the Campaign report correctly Do you have a list of definitions for: Delivered - it has reached the recipient's inbox Campaign reach - is this the number that have opened the campaign email? Unique Opens Clicks/Open

• Feature request - pin or flag note

  Hi, It would be great if you could either pin or flag one or more notes so that they remain visible when there are a bunch of notes and some get hidden in the list. Sometimes you are looking for a particular name that gets lost in a bunch of less important

• Next Page