Client Credentials

Hello everyone,

Welcome back to Kaizen. 

In this post, we will discuss Client Credentials Flow and when it can be used.

What is Client Credentials Flow?

According to RFC6749, the official specification for the OAuth 2.0 authorization framework, 

"The client credentials (or other forms of client authentication) can be used as an authorization grant when the authorization scope is limited to the protected resources under the control of the client,or to protected resources previously arranged with the authorization server. Client credentials are used as an authorization grant typically when the client is acting on its own behalf (the client is also the resource owner) or is requesting access to protected resources based on an authorization previously arranged with the authorization server."

For Zoho CRM APIs, the credentials used are client id and client secret.

When can Client Credential Flow be used?

The client credentials flow is appropriate for machine-to-machine communications in which the application does not need to act on behalf of a specific user as the program can authenticate using just their own credentials to receive an access token. Here the credentials are client id and client secret.

Compared to the flow of creating access tokens in the self client flow, the client credentials flow can be used to perform one-time tasks like one-time data migration or testing Zoho CRM API calls, etc. We recommend using self client or server-based authorization for integration purposes. The main benefit of the client credentials flow is the simplicity in creating an access token, requiring only the client ID, client secret, OAuth scopes, and SOID.

If you are a first time user of Zoho CRMs, you can get started with Zoho CRM APIs by using the client credentials flow for authorization. Head over to Zoho CRM API Collection where a Client Credentials sample is added. Make sure that you have the required request parameters available in your environment for a smooth setup.

How to obtain access token in client credentials flow?

To obtain an access token using the client credentials flow, make an API call to the following endpoint

{accounts_url}/oauth/v2/token?client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials&scope={scope}&soid={org_id_or_portal_id}

Request Parameters

• grant_type: Enter the value as "client_credentials".
• client_id: Specify the client-id obtained from the connected app.
• client_secret: Specify client-secret obtained from the connected app.
• scope:  Enter the corresponding scope for the resource you want to access from the user's account. Multiple scopes can be given in comma separated format.
• soid: Enter this parameter in the format ZohoCRM.{zsoid} where zsoid is the unique ID of your org or portal. If your application has multiple orgs or portals, the token created is bound to this org or portal. For example: ZohoCRM.600xxx46

Response

If successful, the response will look something like this:

{     "access_token": "1000.b2caxxxxx3c6",     "scope": "ZohoCRM.org.ALL ZohoCRM.settings.ALL ZohoCRM.users.ALL ZohoCRM.templates.email.READ ZohoCRM.templates.inventory.READ ZohoCRM.modules.ALL",     "api_domain": "https://www.zohoapis.com",     "token_type": "Bearer",     "expires_in": 3600 }

Response Keys

• access_token: Access token to access ZohoCRM APIs.
• scope: The scope for the resource you want to access from the user's account that was provided in the parameters.
• api_domain: The domain for API requests, varies by environment (e.g., sandbox.zohoapis.{domain}).
• token_type: Type of token obtained. "Bearer" indicates this is an access token.
  
• expires_in: Time in seconds after which the access token expires.

This completes the authentication. Once your app receives the access token, send the token in your HTTP authorization header to Zoho CRM API with the value "Zoho-oauthtoken {access_token}" for each endpoint (for each request).

The response does not contain a refresh token. When an access token expires, make an API call to the same endpoint to get a new access token (if required).

We hope you found this post useful. We will meet you next week with another interesting topic!

If you have any questions, let us know in the comment section.

Cheers!

Previous Post: Kaizen #163 - Extension Widgets in Zoho CRM | Kaizen Collection: Directory | Help document link: Client Credentials

• Topic Participants

• Mable Mary M P

  

• Colin Small

• Sticky Posts

• Kaizen #197: Frequently Asked Questions on GraphQL APIs

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Kaizen #198: Using Client Script for Custom Validation in Blueprint

  Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Celebrating 200 posts of Kaizen! Share your ideas for the milestone post

  Hello Developers, We launched the Kaizen series in 2019 to share helpful content to support your Zoho CRM development journey. Staying true to its spirit—Kaizen Series: Continuous Improvement for Developer Experience—we've shared everything from FAQs

• Kaizen #193: Creating different fields in Zoho CRM through API

  🎊 Nearing 200th Kaizen Post – We want to hear from you! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Client Script | Update - Introducing Commands in Client Script!

  Have you ever wished you could trigger Client Script from contexts other than just the supported pages and events? Have you ever wanted to leverage the advantage of Client Script at your finger tip? Discover the power of Client Script - Commands! Commands

• Recent Topics

• How to Invoice Based on Timesheet Hours Logged on a Zoho FSM Work Order

  Hi everyone, We’re working on optimizing our invoicing process in Zoho FSM, and we’ve run into a bit of a roadblock. Here’s our goal: We want to invoice based on the actual number of hours logged by our technicians on a job, specifically using the timesheets

• Zoho CRM Community Digest - June 2025 | Part 2

  Welcome back to the Zoho CRM Community Digest! We’re wrapping up June with more fresh updates, smart discussions, and clever workarounds shared by the community. Product Updates: Struggling to keep track of scattered customer interactions? Zoho CRM's

• Allow Variable Insertion in Prebuilt "Update Record" Action in Schedules

  Hi Zoho Creator Team, Hope you're doing well. We’d like to submit a feature request based on our experience using Zoho Creator schedules to manage workflows integrated with Zoho Desk. We currently have an app where Zoho Desk tickets create records in

• Rich Text Field Editor in Form Builder is Too Small and Not Resizable

  Hello, I am experiencing a significant usability issue with the rich text field in the Zoho Forms builder. The editor window for this field is fixed-size and extremely small. It does not adapt to the screen size, which makes it very difficult to manage

• Publicar Formulário

  Obs. Não consigo publicar meus formulários, pesquisei alguns artigos, mas me deixou perdido, fala de campo sensível, não consigo entender o que significa. Segue Imagem do problema. Todo formulário que faço sempre termina assim sem o botão de publicar..

• Anyone else unable to login to ZMA this weekend?

  Hey Is anyone else unable to log into Zoho Marketing Automation at all this weekend? I've been trying on multiple devices - despot and mobile - and multiple browser. I've reset browsing data, gone incognito. Nothing - since Friday I've been unable to

• Custom Action for Subform row

  Dears, As for now, we only have 2 actions for each subform row: Edit and Delete. I would suggest to have custom action here, instead of create a button with Fx field within the subform. For example, I would create Duplicate button, which duplicates the

• Urgent: Unable to Receive OTP Email for Portal User Registration in Zoho Creator

  I paid to enable the Portal User feature on 2/25, and followed the official instructions (Youtube video: Customer Portals | Zoho Creator) to set up the Portal User using my Gmail account. However, I am not receiving the OTP email and am unable to successfully

• Sole Trader - Financial Advisor (Appointed Representative) - Paid via Capital Account but no Invoicing...

  Hi. I'm about to venture into a new business after 12 months of intensive learning/exams. A little chuffed if I may say so especially at 52! I really like the look of ZoHo Books for my modest enterprise but I'm in need of some guidance, please. My services

• Display multiple fields in lookup dropdown

  I have a module called Technicians and a related module called submissions that registers technicians for different assignments. The lookup in Submissions to Technicians is the Technician ID (auto generated unique number). How do I display in the dropdown

• Integrate with Power BI

  Hi, How to connect Zoho CRM dashboards & reports with POWER BI ?

• No "Import Users" option in Zoho FSM

  I recently noticed that there is no option to import Users into Zoho FSM, and this has become a serious challenge for us. When migrating data, especially technicians or other user profiles, we often have hundreds of users to bring into the system. Currently,

• Finding "like" projects

  Hi Everyone! My team is running into several duplicating deals. I've been trying to get them all to name things the same way ex. State is 2 letters not spelled out. Things like that. What I am wondering if there is anything I can do as the superadmin

• Não consigo localizar o Botão de Publicar Formulário no meu app

  Depois que finalizar meus formulários, não consigo localizar o botão de publicar para concluir meu aplicativo

• DATEV-Export Erfahrungen?

  Wir würden gern den DATEV-Export in Books nutzen, jedoch ist dieser nicht wirklich nutzbar. Gibt es positive Erfahrungen von Alternativ-Lösungen?

• Kaizen #191: Implementing "Login with Zoho" using Python SDK

  Welcome back to another week of Kaizen!! This week, we are diving into how to implement secure user authentication using Login with Zoho and integrate it with Zoho CRM through our Python SDK. To ground this in a real-world scenario, we will look at how

• WhatsApp Business Calling API

  Dear Zoho SalesIQ Team, I would like to request a feature that allows users to call WhatsApp numbers directly via Zoho SalesIQ. This integration would enable sending and receiving calls to and from WhatsApp numbers over the internet, without the need

• Custom modules not showing in developer console

  I'm trying to create a custom summing function for a custom module I made in my CRM. When I go to create the function, my module isnt showing up. Do I need to share the custom moldule with my developer console or something of the like?

• Following retainer invoice for partial payment of a sales order

  HI, We issue sales orders when a client buy a product from us. We also issue multiple retainer invoices for partial payment (2 to 4 depending of the client). Team wants to follow payment of these retainer invoices for this Sales Order. If they are paid

• Zoho CommunitySpacesとzoho CRM連携について

  お世話になっております。 いつもご質問に丁寧に回答いただき大変助かっております。 今、当団体ではZoho CommunitySpacesを利用しており、利用ユーザ一覧をzoho CRMに自動登録（連携）したいと考えております。 そもそも可能なのか、もしあれば具体的な手順や方法はあるのかをご教授いただきたいです。 上記がないのなら、ユーザ一覧のエクスポート方法（メールアドレスと姓を含む）でもよいです。 お手数となりますが、お願いいたします。

• Zoho Wiki or new Zoho Learn

  We are currently evaluating if we should move off confluence. At present in Confluence we have multiple levels within our documentation but with learn it looks like you can only have Space       - Manual             - Chapter Is it possible to have levels below Chapter? Also the same question for the existing wiki, can I have more sub-levels?

• New user After moving over from QBO

  New user observations/suggestions. QBO took away a lot of features I was used to with the desktop version. Chaos ensued. Zoho Books has a lot of what I was used to and a bit more. Good deal Some things I have run into and suggest some upgrades. 1: The

• Sales without an invoice

  Sales without an invoice is not included on the “payments received” report. Also, sales without an invoice is not listed in the transactions under the customer’s profile, also making it easy to do a double entry. Is there a way for me to see my sales

• Zoho Sign API - Create a document from template.

  1. I would like to create a document from a template and send the document to the customer for signing. Is this possible using the Zoho Sign API? If so, please share the api reference link. 2. Is there sand box for Zoho Sign to test the APIs without using

• Zoho Sign embedded iframe

  Hello, we are looking for any of these options: a) some iframe that we can paste into our website for every signer, for onpage signing document. b) or get direct link for signers from Zoho sign API which we can redirect manually. Is any of these options

• Goods in transit

  When creating a purchase order in Zoho Books, how can I properly reflect the inventory as "Goods in Transit" until it reaches its final destination?

• how to coming soon, holding site, or "under construction"

  Hi! I was wandering if was possible to create a website with the simple sign of "Under construction or coming soon" while i work on the site. if possible, how? Cheers

• Announcing Agentic AI - Ask Zia!

  We are delighted to roll out the new agentic AI capabilities in Ask Zia, where every stage of the BI workflow is assisted by AI. With a human-in-the-loop approach, Ask Zia ensures that you’re in command of the decision, while AI handles the complexity.

• Zoho People LMS VS Zoho Connect Manuals VS Zoho Learn

  in the past I came accross Zoho WIKI but did not like the platform because it could use a lot of upgrade. Over the time I have noticed Zoho People come out with a LMS module which allows us to created a shared knowledge for our internal team I also came across Zoho Connect which as a knowledge-based for internal team referred to as Manual Now I am seeing Zoho Learn which is a new and fine-tuned version of Zoho Wiki. All of these platforms are very similar but I am wondering what are the differences

• Marketing Automation Activities in Zoho CRM

  Hello, I've connected Zoho CRM and Marketing Automation, sent a campaign, but no data are displayed in CRM, neither in "campaigns" section inside contact profile. It is possible to display Marketing Automation activities in CRM? Also in CRM Timelines?

• How do we get a follow up to Experts 22: Scale up your customer support with integrations & extensibility

  Hi, How do we get a followup and answers to the questions we have asked during 'Experts 22: Scale up your customer support with integrations & extensibility'. I have repsonded to the answers but have no way of following up. Thanks Brett

• Frustrating Email Duplication and Timeline Issues Between Zoho Mail and CRM

  Hi Zoho team, Can someone please help clarify what’s going on here? Here’s what’s happening: I initiate an email to a lead using Zoho Mail. The lead is created in Zoho CRM via the integration, and the email is correctly associated with that lead. Sometimes,

• Best Strategy to import contacts and when to create leads

  Hi, I'm new to Bigin and looking for a "best" strategy. I had and have the following idea for an use case: 1. Search for websites which I want to contact 2. Create a contact in Bigin with all the required information based on this website (via API if

• Better implementation of Item Category on Invoices and Estimates

  1) I have added Item Category as a custom field. Honestly, this should be a native part of the item itself, and either required, optional, or not used.  2) When entering an item on an invoice, you have to enter the first character(s) of the item, otherwise

• Bulk Update (via the 'Accountant' menu)

  Why can't we bulk update Expenses to Owner's Drawings? It always ends in failure with the error "Involved account types are not applicable". If such conversion isn't possible, why make the option available? Better to allow it though.

• Set Reply_to parameter for "Email an Invoice" API Endpoint

  Is there a way to set "Reply To" email address when using the Email an invoice API endpoint? It doesn't seem to be in documentation, but sometimes there are undocumented parameters. If it doesn't exist, please consider adding it as parameter since all

• Zoho Books adaptado a la legislación española. ¿Sustitutos?

  Buenas a tod@s No tenemos información sobre la adaptación de Zoho Books a la nueva ley de facturación en España. Me preguntan usuarios de zoho que deberían hacer. Propongo una lista de alternativas, si al final se opta por no desarrollar la funcionalidad

• A Question about Email Handling (Sending and Receiving)

  Hello! I was looking into setting up Email Aliases for my domain that I purchased a while ago through Zoho Mail. I set up a singular alias already and have it linked with Gmail, and it seems to be working out well. However, I set up another alias today,

• Kaizen #201 - Answering Your Questions | Webhooks, Functions, and Schedules

  Hello everyone! Welcome back to another post in the Kaizen series! We are incredibly grateful for all the feedback we received, and as promised, we will answer all the queries in this Kaizen series. Last week, in our 200th post, we addressed one of the

• Zoho Projects Strict Dates for Tasks

  Hi Zoho Projects team, I would love to see a feature to allow Strict Dates for Tasks. Sometimes in projects you have dates which must not move, even if predecessor Task dates change. For example, perhaps you need to book access to a facility to perform

• Next Page