Kaizen #116 - Client Types in Zoho API Console

Hello everyone!

Welcome back to another post in the Kaizen series!

This week, we will discuss different client types available in Zoho API Console, and when to use each.

When you register an app in Zoho API Console, you typically choose a client type based on how your application interacts with Zoho services.

Let us discuss the available client types and how authorization is handled for each.

Available client types

1. Server-based
   
2. Client-based
   
3. Self client
   
4. Non-browser-based
   
5. Mobile-based

1. Server-based

If you have a web-based application that runs on a dedicated HTTP server and interacts with Zoho services by calling Zoho APIs via that server, you must register your app with this client type.

This client type is for applications that redirect the users to another URL on a web browser to authorize themselves, where they give consent to your application to use their data.

In other words, you must use this client type when you have a front-end web UI and require user intervention before your app can access user data via the dedicated server.

Consider that you are developing a web-based custom application. Users authorize that app via browser to allow their Zoho CRM data to be accessed and used by that application.

During the registration process in Zoho API Console, you would choose the "Web-based" client type.

OAuth 2.0 would be used for user authentication, allowing your app to securely access and interact with Zoho CRM data on behalf of the users.

Here is a gist of what happens:

1. Users visit your website where you have the Login with Zoho button.
   
2. When a user clicks it, that user will be redirected to accounts.zoho.com with the details of your app such as client ID, scope, redirect uri, access type as the URL parameters.
   
3. Your app must make an API call to Zoho Accounts with the client ID, scope, redirect uri, and access type. Users are shown the data that your application wants to use.
   
4. When users give their consent, Zoho redirects them back to your app.This will be the "Redirect URL" you give while registering your app.
   
5. The redirect URL will have the authorization code(grant token) as one of the parameters, along with the location(user's domain).
   
6. Your app must then make API calls from your web server to Zoho Accounts to generate access and refresh tokens with the generated grant token.
   
7. You must store these tokens in your DB to access that user's data in Zoho CRM. While making API calls, you must send this access token in the header.
   
8. Your app must also have the logic to regenerate access tokens from refresh tokens when the access token expires.
   

Note that your app must take care of storing user's details like email, organization ID, and tokens.

The following image shows the protocol flow.

You can use any of our server-side SDKs to simplify this process.

When you use our SDK, all you have to do is, generate the grant token and initialize the SDK with the client details and this token. The SDK takes care of access token generation, refreshing it, and token storage.

Refer to these older Kaizen posts on Integrating a third-party app using Java SDK and Java SDK for Self Client.

For more details, you can refer to the Accounts guide and CRM help doc.

2. Client-based applications

This client type is for applications that do not have a server and run exclusively on a web browser.

This is also called the Implicit flow as your app makes API calls to Zoho only when users are using your app.

This type of application loads data dynamically on the webpage, and accesses Zoho CRM data by making API calls via Javascript.

Consider the same example where there is a Login with Zoho button on your webpage.

Here is a gist of what happens when a user clicks it.

1. Your app redirects the user to Zoho Accounts.
   
2. Your app makes the authorization request with the client ID, redirect uri, scope, and response type as token.
   
3. The user is shown the data that your webpage would use.
   
4. When the user gives consent, Zoho Accounts sends the access token to the redirect uri as a parameter, along with the expiry time and the location of user's data in Zoho's accounts server.
   
5. You can include the "email" in your scope parameter in the access token request to get user's information. The response will have a parameter called id_token that will be in the header.payload.signature format. You need to decrypt the payload section of the parameter using the base-64 decryption algorithm to get user information.
   
6. Your app must then make API calls to Zoho with this access token to fetch data.
   
7. When the access token expires, your app must take care of regeneration and storage.
   

As the API calls are made from your domain to a different domain(zohoapis.com), for security reasons, the browser will throw the CORS error. So, your domain will be registered while registering your app, and Zoho will know to allow the API calls made from that domain.

As the tokens are available on the browser itself, we recommend handling them with care.

When you use our client-side JS SDK, it automatically generates a new access token upon expiry.

3. Self Client Applications

When your application does not have a redirect URL or a UI, but performs only a backend job, and does not need user intervention, then you must choose this client type.

A self client is often used when the application and Zoho services are operated by the same entity, and you want to enable secure communication between them. For example, you have an internal reporting tool and integrate it with Zoho Analytics. In this case, both the tool and Zoho Analytics are operated by the same entity.

Similarly, consider that you have a legacy product management system and want to perform data sync between Zoho CRM and the system, then you must use the self client.

Here is a gist of what happens.

1. You register your app as self client in Zoho API Console.
   
2. You will get the client details such as ID and secret.
   
3. You provide the scopes required for your app to access CRM data.
   
4. You will receive the grant token.
   
5. Your app must then make API calls to Zoho Accounts to generate access and refresh tokens.
   
6. Your app can then use this access token to make API calls to Zoho CRM and use data.
   

You can refer to our older Kaizen post on this topic for more details.

Note that self client apps can also use any of our server-side SDKs. As already said, the SDK takes care of access and refresh token generation, refreshing the access token, and token storage.

4. Non-browser applications

This client type is for devices that do not have a user agent such a web browser. A TV, for instance.

Let us consider an example involving a smart TV application that integrates with Zoho ShowTime. In this scenario, the smart TV application acts as a non-browser client.

Here is how authentication is handled:

1. You must register your smart TV app in Zoho API Console with the type "Non-browser application".
   
2. Users install a dedicated Zoho ShowTime application on their smart TVs.
   
3. When users launch the Zoho ShowTime application on their smart TV, they are prompted to authenticate with their Zoho ShowTime account.
   
4. When they successfully authenticate, Zoho Accounts sends the grant token to your app, along with the user-code, device-code and verification URL,The user must go to this verification URL on a browser and enter the user-code to grant permission to the app.
   
5. Meanwhile, your app must poll the accounts server using the grant token to check if the token has been received.
   
6. When the user enters the user code, Zoho Accounts sends the access token to your app.
   
7. Your app can then use the access token to make API calls to Zoho. Your app must take care of token storage and renewals.
   

Here is the protocol flow. For more details, refer to this doc.

5. Mobile-based applications

You must use this client type when you have developed an app exclusively for mobile devices. The protocol flow is similar to server-based application where a browser session is required for the users to authenticate.

Similar to server-side apps, mobile apps also need to handle redirection, token generation and storage.

If you use any of our Mobile SDKs, the SDK itself handles token generation and storage.

We hope you found this post useful. Let us know your thoughts in the Comment section or write to us at support@zohocrm.com.

Cheers!

• Topic Participants

• Shylaja S

  

• Piyush Dwivedi

• Ishwarya SG

  

• Onur Gulay - Smile Center Turkey®

  

• Sunderjan Siddharth

  

• Sticky Posts

• Kaizen #152 - Client Script Support for the new Canvas Record Forms

  Hello everyone! Have you ever wanted to trigger actions on click of a canvas button, icon, or text mandatory forms in Create/Edit and Clone Pages? Have you ever wanted to control how elements behave on the new Canvas Record Forms? This can be achieved

• Kaizen #210 - Answering your Questions | Event Management System using ZDK CLI

  Hello Everyone, Welcome back to yet another post in the Kaizen Series! As you already may know, for the Kaizen #200 milestone, we asked for your feedback and many of you suggested topics for us to discuss. We have been writing on these topics over the

• Kaizen #197: Frequently Asked Questions on GraphQL APIs

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Kaizen #198: Using Client Script for Custom Validation in Blueprint

  Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Celebrating 200 posts of Kaizen! Share your ideas for the milestone post

  Hello Developers, We launched the Kaizen series in 2019 to share helpful content to support your Zoho CRM development journey. Staying true to its spirit—Kaizen Series: Continuous Improvement for Developer Experience—we've shared everything from FAQs

• Recent Topics

• Zoho CRM's custom views are now deployable from sandboxes

  This feature is now available for users in the AU, JP, and CN DCs. This feature is now available for users in CA and SA DCs. New update: This feature is now available for users in all DCs. Hello everyone, We're excited to announce that you can now deploy

• Where are Kanban swimlanes

  So i've been playing with Zoho Projects Kanban view a bit more. It appears that task lists are being used as the Kanban columns, which makes sense from the implementation point of view but not the logical one.  Kanban columns are statuses that a task can flow through, while a task list has been a logical way to organize related tasks and relate them to a mislestone. In other words a task in a particular task can go through several stages while remaining in the same task list. After doing some research

• Send Automated WhatsApp Messages and Leverage the Improved WhatsApp Templates

  Greetings, I hope all of you are doing well. We're excited to announce a major upgrade to Bigin's WhatsApp integration that brings more flexibility, interactivity, and automation to your customer messaging. WhatsApp message automation You can now use

• Scheduling Calls in CommandCenter / Blueprints

  I would love it if you could add a function to schedule a call in the lead's record for a future date. I know you can add a Task by going to Instant Actions > Task and completing the form: These tasks go into the lead's record under Open Actions. But

• Zoho One - Syncing Merchants and Vendors Between Zoho Expense and Zoho Books

  Hi, I'm exploring the features of Zoho One under the trial subscription and have encountered an issue with syncing Merchant information between Zoho Expense and Zoho Books. While utilizing Zoho Expense to capture receipts, I noticed that when I submit

• Limit in number of records for subforms and multi-select lookup fields

  It is my understanding that a maximum of 100 items can be selected in a multi-select lookup field, and that a total of 200 items can be selected in total between both subforms in a given module.  Are there any ways to work around this limitation if we

• Kaizen #136 - Zoho CRM Widgets using ReactJS

  Hey there! Welcome back to yet another insightful post in our Kaizen series! In this post, let's explore how to use ReactJS for Zoho CRM widgets. We will utilize the sample widget from one of our previous posts - Geocoding Leads' Addresses in ZOHO CRM

• Getting Permission denied to access this portal.

  We have one user that can't login to projects even though access has been granted. This user can login to accounts.zoho.com but when login to https://projects.zoho.com/portals.do we get this error: Unauthorized login to this portal Permission denied to access this portal. Check your portal URL again. Sometimes we also get "server too busy". We have tried killing sessions (in accounts.zoho.com) and we have deleted cookies; and tried different computers and still the same problem. All others use can

• Marketing Tip #1: Optimize item titles for SEO

  Your item title is the first thing both Google and shoppers notice. Instead of a generic “Leather Bag,” go for something detailed like “Handcrafted Leather Laptop Bag – Durable & Stylish.” This helps your items rank better in search results and instantly

• Does Zoho Docs have a Line Number function ?

  Hi, when collaborating with coding tasks, I need an online real time share document that shows line numbers. Does Zoho's docs offer this feature ? If yes, how can I show them ? Regards, Frank

• Setting Default Views for Custom, List and Detail Views

  Hey, Is it possible to set a default custom view, list view and detail view for a module for every user? We are onboarding a lot of non technical people that struggle with these things. Setting the views as default would really help. Btw: also setting

• Custom function return type

  Hi, How do I create a custom deluge function in Zoho CRM that returns a string? e.g. Setup->Workflow->Custom Functions->Configure->Write own During create or edit of the function I don't see a way to change the default 'void' to anything else. Adding

• Filter Based API request in Zoho Books using POSTMAN

  How do I GET only specified CONTACTS based on created time or modified time in Zoho Books using POSTMAN. In the api documentation, it is written we can apply filters but I need a sample request.

• URL validation

  We use an internal intranet site which has a short DNS name which Zoho CRM will not accept.   When attempting to update the field it says "Please enter a valid URL". The URL I am trying to set is http://intranet/pm/ Our intranet is not currently setup with a full DNS name and given the amount of links using the shortname probably isn't a feasible change for us.

• Has anyone been experiencing slow issues?

  Dear all, I just want to ask if anyone has been experiencing slow issues with Zoho Creator in the past two weeks? I worked with the ISP to improve network quality by changing routes and upgrading bandwidth, but nothing changed. I am in Vietnam.

• Zoho Projects Roadshows 2025 - USA

  Dear Users, After an amazing response to our roadshows in 2024, we are excited to be back for the second year in a row! Join our team of experts as they walk you through the most-used features in Zoho Projects, explore powerful automation capabilities,

• Billing Management: #6 Usage Billing in SaaS

  Imagine a customer shuffling across multiple subscriptions, a streaming service, a music app, cloud storage, and a design tool. Each one charges a flat monthly fee, regardless of how much or how little they use. Some months, the customer barely opens

• Is there anyone who has been experiencing issues regarding the Zoho Creator Certification Website in the past 2 weeks?

  Dear all , I just wanted to ask is there anyone who was planning on taking the Zoho Creator Developer Certification Test in the past 2 weeks and have been facing errors stating that the website is under maintennance and also not allowed to access the

• Directly Edit, Filter, and Sort Subforms on the Details Page

  Hello everyone, As you know, subforms allow you to associate multiple line items with a single record, greatly enhancing your data organization. For example, a sales order subform neatly lists all products, their quantities, amounts, and other relevant

• GST Slabs Redefined: Stay Compliant Using Zoho Books!

  Hello Everyone! The Government of India is rolling out new GST rates, a major reform aimed at simplifying the current tax structure starting 22 September 2025. GST will move from four slabs (5%, 12%, 18%, 28%) to two main slabs (5% and 18%), plus a special

• Allow syncing Activities from other applications

  Marketing Automation could be a much more powerful platform if you were able to sync activities into the platform (e.g. purchase, donation, etc) outside of a user doing something on your website. I'd love it if you could sync Custom CRM Modules as activities,

• Create static subforms in Zoho CRM: streamline data entry with pre-defined values

  Last modified on (9 July, 2025): This feature was available in early access and is currently being rolled out to customers in phases. Currently available for users in the the AU, CA, and SA DCs. It will be enabled for the remaining DCs in the next couple

• Global Sets for Multi-Select pick lists

  When is this feature coming to Zoho CRM? It would be very useful now we have got used to having it for the normal pick lists.

• Introducing Profile Summary: Faster Candidate Insights with Zia

  We’re excited to launch Profile Summary, a powerful new feature in Zoho Recruit that transforms how you review candidate profiles. What used to take minutes of resume scanning can now be assessed in seconds—thanks to Zia. A Quick Example Say you’re hiring

• Integración Books para cumplir la ley Crea y Crece y Ley Antifraude (VeriFactu)

  Hola: En principio, en julio de 2025, entra en vigor la ley Crea y Crece y Ley Antifraude (VeriFactu). ¿Sabéis si Zoho va a cumplir con la ley para cumplir con la facturación electrónica conectada a Hacienda? Gracias

• Ask the Experts #1

  Hello everyone! It’s time to transform how you manage projects. Define the processes. Automate the tasks. Streamline the workflows. Let us dive into automation in Zoho Projects — from configuring workflows and custom functions to building triggers, using

• How to overcome Zoho Deluge's time limit?

  I have built a function according to the following scheme: pages = {1,2,3,4,5,6,7,8,9,10}; for each page in pages { entriesPerPage = zoho.crm.getRecords("Accounts",page,200); for each entry in entriesPerPage { … } } Unfortunately, we have too many entries

• Zoho Sheet - Printing - Page Breaks and Printing Customization

  I think the title is descriptive enough in that I cannot find help documentation on a simple task of adding in page brakes for separating pages on print. Thanks

• Checking if Creator has Change History

  Like zForms - whenever an entry was updated there's an option to attached change history to email notif. Trigger -> Successful form submission

• Zoho sites header

  Good day, Im stuck with this situation. I choose a template for my website creation. I have tweaked every instance of the visual editor, regarding the header, I have created created customize fonts presets... I have followed every single step. and my

• Your bot just got smarter: AI-Powered routing that reads between the lines

  What if your bot could tell the difference? Between a visitor who just needs a quick answer, someone actively comparing options, and a frustrated customer one click away from leaving? Most bots can't. They deliver the same response to everyone, missing

• Unable to create embed code for resource of workdrive using API

  Hello Team, I am trying to create embed code for a resource using workdrive api in powershell, however facing some issues with injecting data in body. Followed Doc: https://workdrive.zoho.com/apidocs/v1/filefoldersharing/shareeveryone Please help, below

• how to use validation rules in subform

  Is it possible to use validation rules for subforms? I tried the following code: entityMap = crmAPIRequest.toMap().get("record"); sum = 0; direct_billing = entityMap.get("direct_billing_details"); response = Map(); for each i in direct_billing { if(i.get("type")

• Adding contact role to a specific deal js sdk malfunctioning

  i was trying to add the contact role to a specific deal contact but repeatedly i am getting this error: { "code": "SUCCESS", "details": { "statusMessage": { "code": "INVALID_DATA", "details": { "expected_data_type": "jsonobject" }, "message": "body",

• Q3 Updates from Bigin!

  Hey Biginners, Hope you’re doing great! As we approach the end of 2025, we truly hope Bigin has been a part of helping you build your dream business this year! We've been busy working behind the scenes to bring you features that make running your business

• New Series Announcement - Ecommerce Marketing Tips

  Running an online business is more than just having a website. It’s about getting the right customers to discover you, trust you, and keep coming back. To support your growth journey, we’re launching a weekly Marketing Tips series right here on Zoho Commerce

• Client Script | Update - Introducing Subform Events and Actions

  Are you making the most of your subforms in Zoho CRM? Do you wish you could automate subform interactions and enhance user experience effortlessly? What if you had Client APIs and events specifically designed for subforms? We are thrilled to introduce

• {"errors":[{"id":"500","title":"Servlet execution threw an exception"}]}

  Here's the call to move a file to trash. The resource_id is accurate and the file is present. header = Map(); header.put("Accept","application/vnd.api+json"); data = Map(); data_param1 = Map(); att_param1 = Map(); att_param1.put("status",51); data_param1.put("attributes",att_param1);

• Converting Sales Order to Invoice via API; Problem with decimal places tax

  We are having problems converting a Sales Order to an Invoice via API Call. The cause of the issue is, that the Tax value in a Sales Order is sometimes calculated with up to 16 decimal places (e.g. 0.8730000000000001). The max decimal places allowed in

• Zoho Canvas - Custom templates for related lists

  Hi, I see that the example pages load always one of our related lists in a custom template, but I dont know how to work with that:  1) How can i make my own custom templates for related lists?  2) Where and how can i check out existing custom templates?

• Next Page