Kaizen #191: Implementing "Login with Zoho" using Python SDK

      

Welcome back to another week of Kaizen!!

This week, we are diving into how to implement secure user authentication using Login with Zoho and integrate it with Zoho CRM through our Python SDK.

To ground this in a real-world scenario, we will look at how Zylker Academy, a training institute offering web design and development courses, uses an internal portal that connects directly to Zoho CRM. This setup allows course coordinators to manage student data without maintaining a separate backend database.

Zylker receives frequent student enquiries and uses Zoho CRM to manage all related information. Every course coordinator, academic advisor, and support staff member who needs access to student information is added as a user in Zoho CRM, with access permissions aligned to their role. Instead of using Zoho’s interface directly, Zylker’s team works through a custom internal web portal, tailored to their workflow. This portal connects directly to Zoho CRM, reading from and writing to it, but does not have its own database.

But before this portal can access any CRM data, it must authenticate itself securely. Every time a user opens the portal, they must log in with their Zoho account. Once authenticated, they will be granted access to the CRM modules and records they are authorized to work with. That is where Login with Zoho comes in.

What is "Login with Zoho"?

Login with Zoho is Zoho’s implementation of the OAuth 2.0 Authorization Code flow. It allows applications to authenticate users and access their Zoho CRM data without ever handling their passwords.

Instead of asking users for their Zoho credentials directly, the app redirects them to Zoho’s login screen. Here is how it works:

1. The app redirects the user to Zoho’s login page.
2. The user logs in and approves the requested permissions (scopes).
3. Zoho sends back an authorization code.
4. The backend exchanges this code for access and refresh tokens.
5. These tokens are used to make authenticated API calls.

This flow ensures that users maintain full control over their data. They can revoke access at any time, and your application never handles or stores passwords. 

In Zylker’s case, every time a coordinator opens the portal, they are prompted to log in with their Zoho account. Once authenticated, they can immediately begin working with student records—all backed by Zoho CRM.

Use Case Implementation: Zylker’s Student Management Portal

To demonstrate how this login flow works, we have built a stripped-down version of Zylker's portal:

• A front-end form to enter and view student data
• A backend server that interacts with Zoho CRM via the Zoho CRM Python SDK

The application includes a simple form for capturing student details—name, college, course, email, and phone number. Submitted data is treated as a Lead in Zoho CRM.

The app allows users to:

• Add new leads
• View a list of all registered leads
• Edit an existing lead’s information
• Delete records if necessary

All actions go straight to Zoho CRM using its Python SDK. But before any of this can happen, the user must complete the login flow.

Sample Project Structure

Before going into the implementation details, let us briefly define the components of the project.

Frontend

The frontend is a simple static web interface built with HTML, CSS, and JavaScript. It runs in the browser and handles user interactions and triggers backend API calls. These are the main files:

• index.html : Main UI for login, data entry, and record viewing.
• script.js : Contains the client-side logic to trigger login, submit data, and render records.
• redirect.html :  A minimal page used to capture the authorization code returned by Zoho after login.

The frontend is served using any static server (e.g., Live Server in VS Code) and runs on http://localhost:5501/ in our example. 

Download the files from here.

Configuration Notes:

• In script.js, update the redirect_url value in the login request to match your actual domain or port if you’re not using localhost:5501.
• Ensure the URL in the Zoho API Console matches this redirect URI and port.

Backend

The backend is a Python server that handles all interactions with Zoho CRM via the Python SDK. It includes:

• server.py : A custom HTTP server that:
• Generates the Zoho login URL
• Exchanges the authorization code for tokens
• Initializes the SDK
• Exposes endpoints like /create, /get_records, /update, and /delete
• record.py : Contains functions to create, fetch, update, and delete records in CRM modules like Leads. Each function uses the Zoho Python SDK methods to perform a specific operation.

This server runs on http://127.0.0.1:8085/ in our example. 

Download the files from here.

Configuration Notes:

• In server.py, replace the client_id with your actual client ID from Zoho's API Console.
• In record.py, replace the client_secret with your actual client secret.
• If required, change the front-end server’s host and port in the run() function at the bottom of server.py:
  def run(server_class=HTTPServer, handler_class=SDKInitialize, port=xxxx):

Sample project flow

      

Step 1: Register the application with Zoho API console

To initiate the login process, you need to register your application on the Zoho API Console. This is a one-time setup that provides your app with a Client ID and Client Secret, both of which are required to authenticate users and exchange authorization codes for tokens.

To register your application:

• Go to https://api-console.zoho.com
• Click Add Client
• Choose Server-based Applications
• Enter:
• Client Name: Zylker Academy
  
• Homepage URL: Use http://127.0.0.1:5501/index.html for local testing. In production, you must use a live HTTPS URL.
• Redirect URI: For instance, use http://127.0.0.1:5501/redirect.html for local testing. This is the endpoint to which Zoho redirects you and sends the authorization code after login. 
• Save the generated Client ID and Client Secret

We will be using these values in the backend script (server.py)  that handles token exchange.

NOTE: To support users from multiple data centres, make sure to enable multi-DC support for your application. You can do this by going to your app’s settings in the Zoho API Console and turning on the Multi-DC option.

Step 2: Implementing the login flow

Here is a walkthrough of the flow implemented in the project:

1. Page loads and triggers login

When a user opens the portal, the frontend automatically initiates the login sequence. It first makes a call to the backend to retrieve the Zoho authorization URL. 

In index.html, this triggers getRecords() on page load:

1. <body onload="getRecords();">

In script.js, getRecords() calls the login() function:

1. async function getRecords() {
2.     login();
3. }

The login() function sends a request to the backend to get the Zoho OAuth authorization URL.

2. Backend builds login URL

The backend responds with an OAuth URL that includes:

• Your client ID
• Scopes like ZohoCRM.modules.ALL
• The redirect URI

In server.py, under do_GET, the /login endpoint generates the OAuth URL:

1.    if parsed_url.path == '/login':
2.             redirect_url = query_params.get('redirect_url', [''])[0]
3.             scope = "ZohoCRM.settings.fields.ALL,ZohoCRM.modules.ALL,ZohoCRM.users.READ,ZohoCRM.org.READ"
4.             url = "https://accounts.zoho.com/oauth/v2/auth?scope=" + scope + "&client_id=" + self.client_id + \
5.                   "&redirect_uri=" + redirect_url + "&response_type=code&access_type=offline"
6.             self._set_headers()
7.             # Send response
8.             response = {"url": url, "redirect_url": redirect_url}
9.  self.wfile.write(json.dumps(response).encode('utf-8'))
   

Once the frontend (script.js) receives the login URL, it opens it in a popup window.

1. const response = await fetch('http://127.0.0.1:8085/login?redirect_url=http://127.0.0.1:5501/redirect.html');
2. const data = await response.json();
3. const popup = openCenteredPopup(data.url, "PopupWindow", 600, 400);
   

Here's an example of the Zoho OAuth authorization URL format:

      https://accounts.zoho.com/oauth/v2/auth?

      scope=ZohoCRM.modules.ALL&

      client_id=YOUR_CLIENT_ID&

      response_type=code&

      access_type=offline&

      redirect_uri=YOUR_REDIRECT_URI

3. User logs in on Zoho

The user logs in with their Zoho credentials and is prompted to approve the app's access. Once they approve, Zoho redirects them to the specified redirect URI along with an authorization code and location parameter. The location parameter indicates which data centre the user belongs to.

4. Frontend captures the authorization code

The redirect page, a minimal HTML file (redirect.html),  reads the URL parameters and stores them in localStorage, then closes the popup:

1. function setAccessToken() {
2.     var hashProps = getPropertiesFromURL();
3.     if (hashProps) {
4.         for (var key in hashProps) {
5.             if (hashProps.hasOwnProperty(key)) {
6.                 localStorage.setItem(key, hashProps[key]);
7.             }
8.         }
9.     }
10.     setTimeout(function () { window.close(); }, 0);
11. }
    

5. Token exchange and SDK initialization

Once the popup window is closed, the main window retrieves the authorization code and location and sends them to the backend’s /initialize endpoint.

In script.js:

1. var code = localStorage.getItem("code");
2. var location = localStorage.getItem("location");
3. initialize(code, location, data.redirect_url);
4. .
5. .
6. async function initialize(code, location, redirect_url) {
7.     const response = await fetch('http://127.0.0.1:8085/initialize?code=' + code + '&location=' + location + '&redirect_url=' + redirect_url);
8. }
   

In server.py, the /initialize endpoint handles SDK initialization:

1. elif parsed_url.path == '/initialize':
2.     code = query_params.get('code', [''])[0]
3.     location = query_params.get('location', [''])[0]
4.     redirect_url = query_params.get('redirect_url', [''])[0]
5.     LeadsRecords().init(self.client_id, code, location, redirect_url)
   

In record.py, the SDK is initialized and tokens are stored.

1. token = OAuthToken(client_id=client_id,
2.                    client_secret=client_secret,
3.                    grant_token=code,
4.                    redirect_url=redirect_url)
5. Initializer.initialize(environment=environment,
6.                        token=token,
7.                        logger=logger,
8.                        store=store)  # FilePersistence or custom store
   

This exchanges the authorization code for:

• An access token (valid for one hour)
• A refresh token (used to get new access tokens)

These tokens are saved in a local file (sdk_tokens.json). This is configured using Zoho’s FilePersistence class during SDK initialization 

How are tokens linked to users?

The SDK maps each access and refresh token pair to a unique user-organization combination. This means tokens generated for different organizations by the same user are stored separately. Likewise, if a user generates new tokens for the same organization, the SDK updates the existing tokens instead of creating duplicates. This ensures that API calls always use the correct tokens tied to the authenticated user and their organization. 

To enable this mapping, the SDK retrieves the user and organization information in the background. This requires the appropriate scopes to be included during authentication, ZohoCRM.users.READ and ZohoCRM.org.READ. Without these scopes, the SDK cannot identify the user-org combination correctly, which can lead to multiple token entries for the same user. That is why, in our sample project, we have included these scopes explicitly in the server.py file during the SDK initialization.

Once the SDK is initialized, the user is logged in, and the app can begin making CRM API calls on their behalf.

Step 3: Accessing Zoho CRM

Once the user is authenticated and the Zoho SDK is initialized on the backend, the frontend can call custom backend endpoints like /create or /get_records. These endpoints use the authenticated SDK instance to make CRM API calls on behalf of the user.

• GET /get_records?module=Leads : View all students
• POST /create?module=Leads : Add new student
• PUT /update?module=Leads&id=... : Edit existing entry
• DELETE /delete?module=Leads&id=... : Remove existing entry
  

Deploying the sample project

To run this application, you will need two components:

1. A frontend server to serve your HTML files (index.html, script.js, redirect.html). This can be done using any static web server (e.g., Live Server in VS Code).
2. A Python backend server that handles login, token storage, and CRM API communication. You can run it using:
   python server.py

In the given example, both servers communicate over localhost. You should set your redirect URI accordingly when registering your app in the Zoho console.

Conclusion

Login with Zoho is a secure, OAuth-based mechanism that allows users to authorize your application to access their Zoho CRM data. In this example, we built a real-world use case, a student portal for Zylker Academy, that authenticates users and interacts with CRM directly using the Zoho CRM Python SDK.

By walking through the entire flow, you now understand:

• Why OAuth is essential for secure CRM access
• How to register an application in Zoho
• What the login and token exchange flow looks like
• How to implement "Login with Zoho" in your applications

What is next?

In this project, we have used a simple file persistence method to store the token files. But in a real world scenario, this may not always meet your business requirements. In next week's Kaizen, we will implement custom token persistence instead of file persistence in the current project. We will explain how to implement this using SQLite, In-Memory and List DBs. With that, you will be equipped to implement a persistence method that fits your application architecture and deployment environment.

We hope that you found this useful. If you have any queries, let us know the comments below, or send an email to support@zohocrm.com. As always, we would love to hear from you!!

Stay tuned for next week's Kaizen : Implementing Custom Token Persistence 

             Previous Kaizen: Kaizen #190 - Queries in Custom Related Lists |  Kaizen Directory                                  

Download Links:

• Frontend Project Files 
  
• Backend Server Files             

Further Reading:

• Configuration and Initialization of Zoho CRM Python SDK (V7) for different client types
  
• Zoho CRM Scala SDK (V6) - Configuration and Initialization
  
• Zoho CRM SDKs                                                                                                                                                    

• Topic Participants

• Anu Abraham

  

• Ashley

• Sticky Posts

• Kaizen #198: Using Client Script for Custom Validation in Blueprint

  Nearing 200th Kaizen Post – 1 More to the Big Two-Oh-Oh! Do you have any questions, suggestions, or topics you would like us to cover in future posts? Your insights and suggestions help us shape future content and make this series better for everyone.

• Kaizen #226: Using ZRC in Client Script

  Hello everyone! Welcome to another week of Kaizen. In today's post, lets see what is ZRC (Zoho Request Client) and how we can use ZRC methods in Client Script to get inputs from a Salesperson and update the Lead status with a single button click. In this

• Kaizen #222 - Client Script Support for Notes Related List

  Hello everyone! Welcome to another week of Kaizen. The final Kaizen post of the year 2025 is here! With the new Client Script support for the Notes Related List, you can validate, enrich, and manage notes across modules. In this post, we’ll explore how

• Kaizen #217 - Actions APIs : Tasks

  Welcome to another week of Kaizen! In last week's post we discussed Email Notifications APIs which act as the link between your Workflow automations and you. We have discussed how Zylker Cloud Services uses Email Notifications API in their custom dashboard.

• Kaizen #216 - Actions APIs : Email Notifications

  Welcome to another week of Kaizen! For the last three weeks, we have been discussing Zylker's workflows. We successfully updated a dormant workflow, built a new one from the ground up and more. But our work is not finished—these automated processes are

• Recent Topics

• Zoho CRM Layouts

  I have customised all our modules, Leads, Contacts and deals, and within them, I have created lots of different layouts depending on the type of Lead or contact, for example. Since the new Zoho UI came out, they have all disappeared. I have gone into

• Zoho CRM for Everyone's NextGen UI Gets an Upgrade

  Hello Everyone We've made improvements to Zoho CRM for Everyone's Nextgen UI. These changes are the result of valuable feedback from you where we’ve focused on improving usability, providing wider screen space, and making navigation smoother so everything

• Sort by age

  It would be very helpful if there was a way to sort by age in the Age column. Please add this function if possible. Thanks!

• Task Order

  Hello! I've recently switched to Zoho Projects and a long time user of MS Project, Asana and LiquidPlanner (which has recently been purchased) and I'm running into a frustration I'm hoping someone can assist with. It has to do with how tasks are ordered

• Crossbeam

  Does anyone use Crossbeam with their Zoho CRM? I'm looking for a way to import Crossbeam partner leads into Zoho CRM. If so: - What's your experience been like? - Are you able to automatically import Crossbeam leads > Zoho CRM? How? - What doesn't work

• Global Search placement in the new UI

  Having a hard time with the global search placement in the UI redesign. Surely I can't be the only one. Previously global search placement was perfect. A bar at the top/center of the page. Exactly where you would expect it to be. Since the new UI has

• Change Last Name to not required in Leads

  I would like to upload 500 target companies as leads but I don't yet have contact people for them. Can you enable the option for me to turn this requirement off to need a Second Name? Moderation update (10-Jun-23): As we explore potential solutions for

• Access forms within a form

  I have multiple forms that I would like to create access to for users within one form. Example: I have forms A, B, C, D. I would like to create a form with the links to forms A, B, C, & D. That way we can send one link and then the user can select the

• WorkDrive issues with Windows Explorer Not Responding

  We are using WorkDrive to collaborate on editing video content. We have a lot of files and quite a few are a few gigs. Recently anytime I try and work with the files Explorer freezes for a couple minutes whether it's dragging the files into Premiere or

• Multiple Cover Letters

  We are using the staffing firm edition of Recruit and we have noticed that candidates cannot add more than one cover letter. This is a problem as they might be applying for multiple jobs on our career site and when we submit their application to a client,

• Issues with Actions By Zoho Flow

  Hi, I have a workflow that fires when a deal reaches a stage. This then sends out a contract for the client to sign. I have connected this up through Actions by Zoho Flow. Unfortunately this fails to send out. I have tracked it down to the date fields.

• WhatsApp IM in Zoho Desk always routes to Admin instead of assigned agent

  Hello Zoho Experts, I connected WhatsApp IM to my Zoho Desk account. I only assigned my Customer Service (CS) agent to the WhatsApp channel, and I did NOT include Admin in this channel. However, every new WhatsApp conversation automatically gets assigned

• Fill Mail Merge document up with subform fields of an Inventory module record being in the Related List

  Hi, I try to insert subform fields from an inventory module record being on the Related List of another inventory module record into a Mail Merge template without success. For example: we use ratecards in licensing and this ratecard items are available

• Enhancements for Currencies in Zoho CRM: Automatic exchange rate updates, options to update record exchange rates, and more

  The multi-currency feature helps you track currencies region-wise. This can apply to Sales, CTC, or any other currency-related data. You can record amounts in a customer’s local currency, while the CRM automatically converts them to your home currency

• Introducing Record Category in CRM: Group options to see record status at a glance.

  Release update: Currently available for CN, JP, and AU DCs (all paid editions). It will be made available to other DCs by mid-March. Hello everyone, We are pleased to introduce Record Category in Zoho CRM - a new capability where the user can get an overview

• CRM x WorkDrive: File storage for new CRM signups is now powered by WorkDrive

  Availability Editions: All DCs: All Release plan: Released for new signups in all DCs. It will be enabled for existing users in a phased manner in the upcoming months. Help documentation: Documents in Zoho CRM Manage folders in Documents tab Manage files

• Sender Email Configuration Error.

  Hello Team, Hope you are all doing well. We are in the process of creating the Zoho FSM environment in the UAE. When we try to add the sender email address “techsupportuae@stryker.com”, we receive the error message: “Error occurred while sending mail

• Better use of contacts

  Zoho inventory has the ability to add multiple contacts to customers. However Zoho inventory doesn't currently provide a way to link a contact to objects like sales orders. This means that while you can tell what company has placed a sales order you can't

• How can we add products using a Wizard?

  We want to create a Wizard to add products. Why is there no possibility to use the products module when creating a wizard?

• Orphan email alias blocking user creation – backend cleanup required

  Hello Zoho Mail Support, I´m unable to assign or create the address xx@iezzimatica.ar in my organization. Current situation: Alias cannot be assigned to any user (system says it is already in use) New user with this address cannot be created Address does

• Direct Access and Better Search for Zoho Quartz Recordings

  Hi Zoho Team, We would like to request a few enhancements to improve how Zoho Quartz recordings are accessed and managed after being submitted to Zoho Support. Current Limitation: After submitting a Quartz recording, the related Zoho Support ticket displays

• Ensure Consistent Service Delivery with Comprehensive Job Sheets

  We are elated to announce that one of the most requested features is now live: Job Sheets. They are customizable, reusable forms that serve as a checklist for the services that technicians need to carry out and as a tool for data collection. While on

• Something wrong with client script??

  Someone have the same feeling? Client script behavior become very strange..

• Polish signer experience to compete with docusign

  I would like to suggest that someone spend the little bit of time to polish the signer experience, and the email templates to more of a modern professional feel. They are currently very early 2000s and with some simple changes could vastly improve the

• how to change the page signers see after signing a document in zoho sign

  Hello, How can I please change the page a signer sees after signing a document in Zoho Sign? I cannot seem to find it. As it is now, it shows a default landing page "return to Zoho Sign Home". Thanks!

• Digest Janvier - Un résumé de ce qui s'est passé le mois dernier sur Community

  Bonjour chers utilisateurs, Le premier mois de l’année est déjà derrière nous ! Découvrons ensemble comment s'est passé janvier pour Zoho Community France. Nous avons démarré le mois avec une nouvelle intégration entre Zoho Desk et Zoho Contracts. Cette

• CRM gets location smart with the all new Map View: visualize records, locate records within any radius, and more

  Hello all, We've introduced a new way to work with location data in Zoho CRM: the Map View. Instead of scrolling through endless lists, your records now appear as pins on a map. Built on top of the all-new address field and powered by Mappls (MapMyIndia),

• Closing off tasks automatically based on project status

  Is there a way to close off all open tasks when a project is set as Cancelled?

• Customize Calendar view in Teamspaces Settings

  Right now every customization that happens inside of the calendar view inside of CRM is only visible for the specific user. We want to be able to set up calendar views as an admin for specific roles. I would suggest to do that inside of the settings of

• Power up your Kiosk Studio with Real-Time Data Capture, Client Scripts & More!

  Hello Everyone, We’re thrilled to announce a powerful set of enhancements to Kiosk Studio in Zoho CRM. These new updates give you more flexibility, faster record handling, and real-time data capture, making your Kiosk flows smarter and more efficient

• Can we fetch Deal owner and Deal owner email with COQL?

  While fetching deal deatils with coql api and while fetching deal owner name and email it is just giving owner id not ginving name and email https://www.zohoapis.in/crm/v2/coql

• Zoho Social - Cliq Integration / Bot

  Dear community / zoho, I am looking for a way to create a bot within Zoho Cliq to update my colleagues about our Zoho Social activities. For example, if a new post is published, it would be great if this post automatically would be shared in our social

• Comment to DM Automation

  Comment to DM automation feature in Zoho Marketing Automation, similar to what tools like ManyChat offer. Use case: When a user comments on a social media post (Instagram / Facebook), the system should automatically: Send a private DM to the user Capture

• Send / Send & Close keyboard shortcuts

  Hello! My team is so close to using Zoho Desk with just the keyboard. Keyboard shortcuts really help us to be more efficient -- saving a second or two over thousands of tickets adds up quickly. It seems like the keyboard shortcuts in Desk are only for

• Metadata API Access to Functions

  I think it would be incredibly helpful to have api access to every function's code. Our team primarily uses deluge functions to update fields across modules according to business logic. I would like to create a visual dependancy model for our CRM, but

• Handling Agent Transfer from Marketing Automation Journey to SalesIQ WhatsApp

  We are currently using Marketing Automation for WhatsApp marketing, and the features are great so far We have a scenario where, during a campaign or journey, we give customers an option to chat with our sales team. For this, we are using SalesIQ WhatsApp

• Cliq iOS can't see shared screen

  Hello, I had this morning a video call with a colleague. She is using Cliq Desktop MacOS and wanted to share her screen with me. I'm on iPad. I noticed, while she shared her screen, I could only see her video, but not the shared screen... Does Cliq iOS is able to display shared screen, or is it somewhere else to be found ? Regards

• Webinar - Getting Started with Zoho LandingPage

  Want to launch landing pages that support real marketing goals? This webinar is designed to help you understand the role landing pages play in your overall campaigns and how they contribute to lead generation and conversions. During this session, you’ll

• Increase Round Robin Scheduler Frequency in Zoho Desk

  Dear Zoho Desk Team, We hope this message finds you well. We would like to request an enhancement to the Round Robin Scheduler in Zoho Desk to better address ticket assignment efficiency. Current Behavior At present, the Round Robin Scheduler operates

• Separate Items & Services

  Hi, please separate items and services into different categories. Thank you

• Next Page