Zoho CRM API Setup

What You’re Setting Up

A server-based OAuth application in Zoho’s API console that lets our integration read and write data in your Zoho CRM account. This is the standard authentication method for server-side integrations.

This takes about 15 minutes.

Prerequisites

• Admin access to your Zoho CRM account
• Access to the email address associated with your Zoho account (for verification)

Step-by-Step Setup

1. Open the Zoho API Console

1. Go to api-console.zoho.com
2. Log in with your Zoho credentials
3. If this is your first time, you may need to accept terms of service

2. Create a Server-Based Application

1. Click the option to add a new client
2. Choose Server-based Applications as the client type. This is the correct choice for backend integrations where our server communicates directly with Zoho’s API — not “Client-based” or “Mobile” applications.
3. Fill in the application details:
   • Client Name: Something like “AcuCoders Integration”
   • Homepage URL: We’ll provide this
   • Authorized Redirect URI: We’ll provide this — it’s a URL on our server that Zoho redirects to after authorization

3. Copy Your Credentials

After creating the application, Zoho displays:

• Client ID
• Client Secret

Copy both of these. Send them to us through the secure link we provide — do not email them in plain text.

4. Configure Scopes

When we initiate the OAuth flow, we request specific scopes. For most CRM integrations, we need:

• ZohoCRM.modules.ALL — read and write access to all CRM modules (contacts, deals, accounts, etc.)
• ZohoCRM.settings.ALL — access to field layouts, custom fields, and picklist values

If your integration only touches specific modules, we can narrow the scopes. But for initial setup, these two cover most use cases.

5. OAuth Token Generation

This is the part we handle, but here’s how it works:

1. We direct your browser to Zoho’s authorization URL with the Client ID and requested scopes
2. You log into Zoho and approve the access request
3. Zoho redirects back to our server with an authorization code
4. Our server exchanges that code for an access token and a refresh token
5. The access token expires (typically within an hour), but the refresh token lets us generate new access tokens without asking you to log in again

You only need to go through this approval flow once. After that, the refresh token keeps the connection alive.

6. Verify the Domain

Zoho may ask you to verify your redirect domain. If we send you a verification step, follow the instructions — it’s usually adding a TXT record or confirming ownership through the API console.

Common Issues

Wrong Zoho Data Center

Zoho operates regional data centers (US, EU, India, Australia, etc.). Your API console URL and API endpoints must match your account’s data center. If you’re on the EU data center, for example, the API console is at api-console.zoho.eu and API calls go to zohoapis.eu. We’ll detect this during setup, but it’s a common source of “invalid token” errors.

Refresh Token Expired or Revoked

If the integration stops working after a period of inactivity, the refresh token may have been revoked. This can happen if you change your Zoho password, revoke access from the connected apps settings, or if the token goes unused for an extended period. The fix is to re-authorize through the OAuth flow.

Scope Errors

If we get “insufficient scope” errors, the authorization was done with fewer scopes than needed. We’ll need to re-do the OAuth flow with the correct scopes — you’ll see the approval screen again.

Multiple Zoho Accounts

If you have multiple Zoho accounts (personal, work, different organizations), make sure you authorize with the account that owns the CRM data. Check which account you’re logged into before approving access.

Next Steps

• Set up webhooks for real-time CRM events: Zoho CRM Webhook Setup
• Learn more about our CRM Integration Services