How to set up Zoho CRM OAuth 2 Custom connection with Rivery

Zoho CRM empowers its users to convert leads, engage with customers, and grow their revenue. In order to access the CRM REST API endpoints, an OAuth2 based authentication is required by any web application wishing to access the endpoints data.

This guide will walk you through the Zoho CRM API authentication process in Zoho and the Rivery console sides (other Zoho services can be found here under “ALL ZOHO APPS”).

The authentication process consists of the following steps:

  1. Register your application with Zoho
  2. Authorization Request
  3. Generate Access and Refresh tokens
  4. Refresh your Access Token (via REST Action River)

Step 1: Register Rivery with Zoho
Before getting started with the authorization request, you first need to register the Rivery application with the Zoho Writer API. This is where your requests will be sent and received after authorization to ensure better security.

Note: You can log in to your Zoho Developer console anytime to get the client_id and client_secret values for any of your applications

Step 2: Authorization Request

Next, you will need to authenticate the Rivery application to make API calls on Rivery’s behalf with an access token. Follow the below steps within the Rivery console to create the authorizatiRivery’sst.

  • Navigate to the Connections tab, click “new connection”, then click “Rest API Source”
  • Name the connection (e.g., “Zoho”)
  • Click on the “open OAuth2 Authentication” button:
  • In the OAuth2 form, fill in the following details:
    • Authentication URL:
    • Access token URL:
    • Client_id: <Zoho’s Rivery application Client ID generated in Step 1>
    • Client Secret: <Zoho’s Rivery application Client ID generated in Step 1>
    • Scope:,ZohoCRM.users.READ,ZohoCRM.settings.roles.READ,ZohoCRM.settings.profiles.READ,ZohoCRM.settings.modules.READ,ZohoCRM.settings.fields.READ,ZohoCRM.settings.layouts.READ,ZohoCRM.settings.related_lists.READ,ZohoCRM.settings.custom_views.READ,ZohoCRM.modules.ALL

Note: other available scopes can be found here

  • Additional Options” section parameters:

    • Response_type: code
    • Access_type: offline
    • Add the following parameters on the bottom of the “Additional Fields” section:
      • Prompt: consent
      • TokenName: RiveryZoho
  • At the end of the process, the filled-in form will look like this:

  • Click “Submit OAuth2” and finish the process:

  • If the process is done correctly, the following screen will pop up:

  • Click “Accept” to finish the process

Step 3: Generate Access and Refresh tokens.
After successfully authorizing the request, the access and refresh tokens will automatically appear in your Zoho custom connection.

Note: As a best practice, It is recommended to mark the “Is Password” checkbox for any sensitive connection information**

Step 4: Refresh your CRM Access Token
The Zoho CRM access token will not be valid and will expire after an hour from when it had generated. A Refresh Access Token POST request will need to run before any API request generates a new access token.

To run the Refresh Access Token request successfully, go to your Zoho connection and add the following parameters:

  • Client_ID: <Zoho’s Rivery application Client ID generated in Step 1>
  • Client_Secret: <Zoho’s Rivery application Client ID generated in Step 1>
  • Save the connection after adding the parameters.

The last part of the process will be to create an Action river that will run the Refresh Access Tokens - APIs request generate a refreshed token based on all the relevant connection keys and their values.

An example refreshes access token request together with a fully configured API endpoints can be found in the Rivery Kit’s Hub.