Skip to main content
This guide walks you through obtaining all required credentials for the Zoho Mail plugin.

Authentication Method

The Zoho Mail plugin uses OAuth 2.0 authentication exclusively.
  • oauth_2 (default) - OAuth 2.0 authentication

Pick your region first

Zoho runs region-specific datacenters. The OAuth (accounts.zoho.*) and Mail API (mail.zoho.*) hosts share the same top-level domain, and tokens issued in one region do not work in another. Register the plugin with the matching region:
RegionDomainregion value
United Stateszoho.com'us' (default)
Europezoho.eu'eu'
Indiazoho.in'in'
Australiazoho.com.au'au'
Japanzoho.jp'jp'
Chinazoho.com.cn'cn'
corsair.ts
zohomail({ region: 'eu' })
Create the credentials below in the same region’s API console (for example https://api-console.zoho.eu for the EU).

OAuth 2.0 Setup

Step 1: Create a Server-based Application

  1. Go to the Zoho API Console for your region
  2. Click Add ClientServer-based Applications
  3. Fill in:
    • Client Name: your application name
    • Homepage URL: your application URL
    • Authorized Redirect URIs: your callback URL (e.g. https://yourapp.com/auth/zohomail/callback)
  4. Click Create
  5. Copy the Client ID and Client Secret

Step 2: Authorize the required scopes

The plugin requests these scopes during the OAuth flow:
  • ZohoMail.messages.ALL — read, send, move, delete, and flag emails
  • ZohoMail.folders.ALL — list, create, update, and delete folders
  • ZohoMail.accounts.READ — resolve the account ID for the authenticated user
Request access_type=offline so Zoho returns a refresh token (the plugin refreshes the access token automatically as it expires).
For quick local testing you can use the Self Client option in the API Console to mint an authorization code, then exchange it for access and refresh tokens without standing up a redirect endpoint.

Step 3: Store credentials

The preferred method is to store OAuth credentials in the database using the keys API: 
await corsair.withTenant('default').keys.zohomail.setClientId('your-client-id');
await corsair.withTenant('default').keys.zohomail.setClientSecret('your-client-secret');
await corsair.withTenant('default').zohomail.keys.setAccessToken('your-access-token');
await corsair.withTenant('default').zohomail.keys.setRefreshToken('your-refresh-token');
Alternatively, you can provide credentials directly in the plugin configuration:
corsair.ts
zohomail({
    authType: "oauth_2",
    region: "us",
    credentials: {
        clientId: process.env.ZOHO_CLIENT_ID,
        clientSecret: process.env.ZOHO_CLIENT_SECRET,
        accessToken: process.env.ZOHO_ACCESS_TOKEN,
        refreshToken: process.env.ZOHO_REFRESH_TOKEN,
    },
})

Required Credentials Summary

CredentialRequired ForWhere to Find
Client IDOAuth 2.0Zoho API Console → your app
Client SecretOAuth 2.0Zoho API Console → your app
Access TokenOAuth 2.0Obtained automatically after OAuth flow
Refresh TokenOAuth 2.0Obtained automatically after OAuth flow (requires access_type=offline)
For general information about how Corsair handles authentication, see Authentication.