How to Create a Custom Zoho OAuth Service Connection in Zoho CRM

Zoho removed the older Zoho OAuth connector option that many admins used to span scopes across multiple apps. That change makes custom service connections more important, especially when you need access to a Zoho app that has no default connection or when the native connector is missing the scopes your API workflow requires.

This guide walks through how to create a custom Zoho OAuth service connection inside Zoho CRM, how to configure the correct OAuth 2.0 endpoints, how to add scopes, and how to authorize the connection so it can be used inside functions and other automation workflows.

Watch: Creating Custom Service Zoho OAuth Connection

Why Custom Zoho OAuth Connections Matter

Custom service connections inside Zoho CRM are now a critical workaround for developers and admins who need API access that is not covered by the default connection library. In the video, the example used is Zoho Marketing Automation, which does not provide a default native connection in the same way some other Zoho apps do.

That creates a real operational gap. If your Deluge function, integration, or API-based workflow needs access to Marketing Automation or a combination of scopes across multiple Zoho apps, a custom service connection may be the only practical way to authenticate and maintain a reusable connection.

What Changed with the Old Zoho OAuth Connector?

The older Zoho OAuth connector used to make this process easier because it allowed broader scope configuration across multiple applications. It could also expose permissions that some native connectors did not include.

Now that this option has been removed, admins can no longer rely on it for reconnecting or editing older connection setups. That means new connections often need to be rebuilt through Custom Service inside the Zoho CRM connections area.

Who Can Create a Custom Service Connection?

To create and manage a custom service connection in Zoho CRM, you typically need admin access in the environment. This is important because you are defining service-level authentication behavior, OAuth endpoints, scopes, and shared connection settings that may affect automations used by other users.

Step 1: Open Custom Service in Zoho CRM

Start by going to the Connections area in Zoho CRM and selecting Custom Service. This is where you define the service before it becomes available as a usable connection.

Although this tutorial is focused on Zoho-to-Zoho connections, the same general area can also be used to configure third-party OAuth services when a built-in connector does not already exist.

Step 2: Choose OAuth 2.0 and Define the Service

When creating the custom service, choose OAuth 2.0 as the authentication type. In the walkthrough, the parameter type is set to header and the grant type is set to authorization code.

At this stage, give the service a clear name such as Marketing Automation or another label that reflects the API use case. Using a clear entity-rich name makes the connection easier to identify later inside functions and workflow setup.

Step 3: Generate the Client ID and Client Secret

The client ID and client secret are created in the Zoho API Console. In the video, the console used is api-console.zoh.com. If you have never created a client before, you will usually select a server-based application and complete the setup there.

One practical note from the walkthrough is that the application name may need to avoid certain restricted naming patterns. The homepage URL is less important for this specific use case, but the redirect URI is critical and should match the callback URL format for your Zoho data center.

Step 4: Add the Correct Redirect URI for Your Data Center

The authorized redirect URI is data-center specific. That means the correct callback URL depends on whether your Zoho environment is in the US, EU, Canada, India, China, or another region. The tutorial emphasizes that this matters and that admins should make sure the redirect URI matches their data center exactly.

A small formatting issue can break the connection setup, so this field should be pasted carefully with no trailing spaces or unexpected characters.

Step 5: Configure the OAuth URLs

Next, fill in the required OAuth URLs inside the custom service. These include:

• Authorization URL
• Access Token URL
• Refresh Token URL
• Revoke Token URL

These endpoints are also data-center specific, but the structure is generally very similar across Zoho domains. The tutorial’s main point is that once you understand the base account domain and token path pattern, the rest is mostly a matter of using the right regional domain.

Why the Authorization URL Parameters Matter

One of the most important implementation details in the video is the addition of the following parameters to the authorization URL:

• access_type=offline
• prompt=consent

These parameters help Zoho return a refresh token. Without them, the connection may appear to work at first, but can fail after the initial token expires because there is no reliable way to refresh the session automatically.

This is one of the most useful technical details in the entire walkthrough because it explains why some custom OAuth connections work temporarily and then stop working later.

Step 6: Add the Required Scopes

Scopes determine what the connection is allowed to do. In this example, the scopes come from Zoho Marketing Automation API documentation. The tutorial shows that you can add multiple scopes, and those scopes can even come from different Zoho apps if your workflow requires it.

That flexibility is important because the removed Zoho OAuth connector used to make multi-app access easier. A custom service connection now serves as the replacement pattern when a single process needs CRM scopes, WorkDrive scopes, Books scopes, or app-specific Marketing Automation scopes together.

Example Scopes Mentioned in the Tutorial

• Campaign all
• Lead all
• Journeys read
• Journeys create
• Web assistance read

The display name for each scope is mostly there to help the user understand what they are approving. If you do not define a custom display name, Zoho can still show the raw scope value.

Step 7: Create the Service and Then Create the Connection

Once the service configuration is complete, create the service. This does not fully finish the setup yet. The service must still be used to create an actual connection under My Connections.

When you create the connection, you can give it a user-friendly connection name. This is the label you will later see in functions, scripts, and integration settings.

Should the Connection Be Private?

In most admin-managed use cases, the answer is no. The tutorial explains that a private connection is mainly useful when each person in the company must authenticate separately with their own user identity. For organization-wide automations managed by an admin, leaving this off is usually the better fit.

Step 8: Authorize the Connection

After clicking Create and Connect, Zoho opens the authorization screen. This is where the user grants the requested scopes and allows the service to access the data described in the connection.

Once this is completed successfully, the connection becomes available for use inside Zoho functions and related API workflows.

Custom Zoho OAuth Setup Checklist

Setup Area	What to Configure	Why It Matters
Authentication Type	OAuth 2.0 with authorization code grant	Required for standard Zoho OAuth service authentication
Client Credentials	Client ID and Client Secret from Zoho API Console	Links the custom service to your registered application
Redirect URI	Use the correct callback URL for your Zoho data center	Prevents authorization failures caused by URI mismatch
OAuth URLs	Authorization, token, refresh, and revoke endpoints	Allows the service to request, refresh, and revoke tokens
Refresh Support	Add access_type=offline and prompt=consent	Helps ensure the connection receives a refresh token
Scopes	Add all permissions required by your API workflow	Controls what data and actions the connection can access
Connection Settings	Create a named connection under My Connections	Makes the custom service usable inside Zoho functions

When Should You Use a Custom Service Instead of a Native Connector?

A custom service connection is usually the better choice when:

• The Zoho app does not have a native connection option.
• The native connector is missing one or more required scopes.
• Your workflow spans multiple Zoho apps and needs broader permission coverage.
• You want more direct control over OAuth configuration and token behavior.

Common Mistakes to Avoid

• Using the wrong callback URL for your data center
• Leaving trailing spaces in the redirect URI
• Forgetting to include refresh-related authorization parameters
• Adding incomplete or incorrect scopes
• Assuming the service itself is the same thing as the final connection
• Using a private connection when an admin-managed shared connection is needed

Why This Matters for Zoho Developers and Admins

This setup pattern is especially valuable for teams building custom functions, Deluge-based integrations, and API workflows across the Zoho ecosystem. As Zoho continues to evolve its connection model, knowing how to create a custom OAuth service gives admins more control and reduces dependency on whatever native connectors happen to exist at the time.

For platforms like Zoho Marketing Automation, this knowledge can be the difference between being blocked entirely and having a clean, reusable connection that supports real production automation.

Frequently Asked Questions