Zoho removed the older Zoho OAuth connector option that many admins used to span scopes across multiple apps. That change makes custom service connections more important, especially when you need access to a Zoho app that has no default connection or when the native connector is missing the scopes your API workflow requires.
This guide walks through how to create a custom Zoho OAuth service connection inside Zoho CRM, how to configure the correct OAuth 2.0 endpoints, how to add scopes, and how to authorize the connection so it can be used inside functions and other automation workflows.
What You’ll Learn
- Why custom Zoho service connections matter now: especially after the old Zoho OAuth connector was removed.
- How to create a custom service in Zoho CRM: including OAuth 2.0 settings, client credentials, and token URLs.
- How to configure scopes correctly: including multiple scopes and app-specific permissions like Zoho Marketing Automation.
- How to authorize and use the connection: so it works inside Zoho functions and supports refresh behavior.
Main takeaway: if Zoho does not offer the connection you need, or if the native connector is missing scopes, you can still build a working OAuth connection by creating a custom service manually.
Why Custom Zoho OAuth Connections Matter
Custom service connections inside Zoho CRM are now a critical workaround for developers and admins who need API access that is not covered by the default connection library. In the video, the example used is Zoho Marketing Automation, which does not provide a default native connection in the same way some other Zoho apps do.
That creates a real operational gap. If your Deluge function, integration, or API-based workflow needs access to Marketing Automation or a combination of scopes across multiple Zoho apps, a custom service connection may be the only practical way to authenticate and maintain a reusable connection.
What Changed with the Old Zoho OAuth Connector?
The older Zoho OAuth connector used to make this process easier because it allowed broader scope configuration across multiple applications. It could also expose permissions that some native connectors did not include.
Now that this option has been removed, admins can no longer rely on it for reconnecting or editing older connection setups. That means new connections often need to be rebuilt through Custom Service inside the Zoho CRM connections area.
Who Can Create a Custom Service Connection?
To create and manage a custom service connection in Zoho CRM, you typically need admin access in the environment. This is important because you are defining service-level authentication behavior, OAuth endpoints, scopes, and shared connection settings that may affect automations used by other users.
Step 1: Open Custom Service in Zoho CRM
Start by going to the Connections area in Zoho CRM and selecting Custom Service. This is where you define the service before it becomes available as a usable connection.
Although this tutorial is focused on Zoho-to-Zoho connections, the same general area can also be used to configure third-party OAuth services when a built-in connector does not already exist.
Step 2: Choose OAuth 2.0 and Define the Service
When creating the custom service, choose OAuth 2.0 as the authentication type. In the walkthrough, the parameter type is set to header and the grant type is set to authorization code.
At this stage, give the service a clear name such as Marketing Automation or another label that reflects the API use case. Using a clear entity-rich name makes the connection easier to identify later inside functions and workflow setup.
Step 3: Generate the Client ID and Client Secret
The client ID and client secret are created in the Zoho API Console. In the video, the console used is api-console.zoh.com. If you have never created a client before, you will usually select a server-based application and complete the setup there.
One practical note from the walkthrough is that the application name may need to avoid certain restricted naming patterns. The homepage URL is less important for this specific use case, but the redirect URI is critical and should match the callback URL format for your Zoho data center.
Important: treat the client ID and client secret as sensitive credentials. They should not be shared publicly, and temporary test clients should be removed if they are no longer needed.
Step 4: Add the Correct Redirect URI for Your Data Center
The authorized redirect URI is data-center specific. That means the correct callback URL depends on whether your Zoho environment is in the US, EU, Canada, India, China, or another region. The tutorial emphasizes that this matters and that admins should make sure the redirect URI matches their data center exactly.
A small formatting issue can break the connection setup, so this field should be pasted carefully with no trailing spaces or unexpected characters.
Step 5: Configure the OAuth URLs
Next, fill in the required OAuth URLs inside the custom service. These include:
- Authorization URL
- Access Token URL
- Refresh Token URL
- Revoke Token URL
These endpoints are also data-center specific, but the structure is generally very similar across Zoho domains. The tutorial’s main point is that once you understand the base account domain and token path pattern, the rest is mostly a matter of using the right regional domain.
Why the Authorization URL Parameters Matter
One of the most important implementation details in the video is the addition of the following parameters to the authorization URL:
- access_type=offline
- prompt=consent
These parameters help Zoho return a refresh token. Without them, the connection may appear to work at first, but can fail after the initial token expires because there is no reliable way to refresh the session automatically.
This is one of the most useful technical details in the entire walkthrough because it explains why some custom OAuth connections work temporarily and then stop working later.
Step 6: Add the Required Scopes
Scopes determine what the connection is allowed to do. In this example, the scopes come from Zoho Marketing Automation API documentation. The tutorial shows that you can add multiple scopes, and those scopes can even come from different Zoho apps if your workflow requires it.
That flexibility is important because the removed Zoho OAuth connector used to make multi-app access easier. A custom service connection now serves as the replacement pattern when a single process needs CRM scopes, WorkDrive scopes, Books scopes, or app-specific Marketing Automation scopes together.
Example Scopes Mentioned in the Tutorial
- Campaign all
- Lead all
- Journeys read
- Journeys create
- Web assistance read
The display name for each scope is mostly there to help the user understand what they are approving. If you do not define a custom display name, Zoho can still show the raw scope value.
Scope formatting matters: some services expect scopes to be comma-delimited, while others may use spaces or another separator. For the Zoho example shown in the tutorial, the scopes are configured as comma-delimited.
Step 7: Create the Service and Then Create the Connection
Once the service configuration is complete, create the service. This does not fully finish the setup yet. The service must still be used to create an actual connection under My Connections.
When you create the connection, you can give it a user-friendly connection name. This is the label you will later see in functions, scripts, and integration settings.
Should the Connection Be Private?
In most admin-managed use cases, the answer is no. The tutorial explains that a private connection is mainly useful when each person in the company must authenticate separately with their own user identity. For organization-wide automations managed by an admin, leaving this off is usually the better fit.
Step 8: Authorize the Connection
After clicking Create and Connect, Zoho opens the authorization screen. This is where the user grants the requested scopes and allows the service to access the data described in the connection.
Once this is completed successfully, the connection becomes available for use inside Zoho functions and related API workflows.
Custom Zoho OAuth Setup Checklist
| Setup Area | What to Configure | Why It Matters |
|---|---|---|
| Authentication Type | OAuth 2.0 with authorization code grant | Required for standard Zoho OAuth service authentication |
| Client Credentials | Client ID and Client Secret from Zoho API Console | Links the custom service to your registered application |
| Redirect URI | Use the correct callback URL for your Zoho data center | Prevents authorization failures caused by URI mismatch |
| OAuth URLs | Authorization, token, refresh, and revoke endpoints | Allows the service to request, refresh, and revoke tokens |
| Refresh Support | Add access_type=offline and prompt=consent | Helps ensure the connection receives a refresh token |
| Scopes | Add all permissions required by your API workflow | Controls what data and actions the connection can access |
| Connection Settings | Create a named connection under My Connections | Makes the custom service usable inside Zoho functions |
When Should You Use a Custom Service Instead of a Native Connector?
A custom service connection is usually the better choice when:
- The Zoho app does not have a native connection option.
- The native connector is missing one or more required scopes.
- Your workflow spans multiple Zoho apps and needs broader permission coverage.
- You want more direct control over OAuth configuration and token behavior.
Common Mistakes to Avoid
- Using the wrong callback URL for your data center
- Leaving trailing spaces in the redirect URI
- Forgetting to include refresh-related authorization parameters
- Adding incomplete or incorrect scopes
- Assuming the service itself is the same thing as the final connection
- Using a private connection when an admin-managed shared connection is needed
Why This Matters for Zoho Developers and Admins
This setup pattern is especially valuable for teams building custom functions, Deluge-based integrations, and API workflows across the Zoho ecosystem. As Zoho continues to evolve its connection model, knowing how to create a custom OAuth service gives admins more control and reduces dependency on whatever native connectors happen to exist at the time.
For platforms like Zoho Marketing Automation, this knowledge can be the difference between being blocked entirely and having a clean, reusable connection that supports real production automation.
Frequently Asked Questions
Why would you need a custom Zoho OAuth service connection?
You would need one when Zoho does not provide a native connection for an app or when the native connector does not include the scopes required for your API workflow.
What changed with the old Zoho OAuth connector?
Zoho removed the older connector option that previously made it easier to combine scopes across apps. As a result, admins now often need to build custom services manually.
Why do access_type=offline and prompt=consent matter?
They help the OAuth flow return a refresh token. Without that, the connection may work for a limited time and then fail when the access token expires.
Can a custom Zoho service connection include scopes from multiple apps?
Yes. That is one of the main advantages of the custom service approach when your process touches more than one Zoho application.
Do you need admin access to create custom services in Zoho CRM?
Yes. In most cases, admin permissions are required to create the custom service and manage the resulting connections properly.
Need Help Building Zoho API Connections?
If your team needs help setting up custom Zoho connections, API scopes, Deluge functions, or integration workflows, Zenatta can help design and implement the right configuration.
Talk to Zenatta