A sample Express.js application demonstrating integration with Zoho Mail API using OAuth 2.0 authentication. This app provides endpoints for sending emails, listing messages, marking emails as read/unread, and managing OAuth tokens.
- OAuth 2.0 authentication with Zoho Mail
- Send test emails
- List messages from a specific folder
- Mark emails as read/unread
- Auto token refresh functionality
- Simple web interface for testing
- Node.js installed on your system
- A Zoho Mail account
- A registered application in Zoho Developer Console
- Select "Server-Based Applications" when registering
- Configure redirect URI as
http://localhost:3000/callback
-
Go to Zoho Developer Console
-
Click on "Add Client" to create a new application
-
Choose "Server-based Applications" as the client type
-
Fill in the required details:
- Client Name: Your application name (e.g., "Email Integration")
- Homepage URL: You can use
http://localhost:3000for testing - Authorized Redirect URIs: Add
http://localhost:3000/callback
-
After creating the application, you'll receive:
- Client ID (e.g.,
1000.XXXXXXXXXXXXXXXXXXXXXXXXXXXX) - Client Secret (e.g.,
abcd1234efgh5678ijkl9012mnop3456qrst)
- Client ID (e.g.,
-
Copy these credentials and update them in your
.envfile or directly inindex.js
Important: Zoho fully supports using
localhostfor development and testing. You don't need a production domain to start developing. For more details about OAuth2 implementation, refer to the Zoho Mail API Documentation.
The application uses Zoho Mail API scopes for reading and managing emails. The scopes are configured in your .env file. See the Zoho Mail API Documentation under "OAuth Scope" for available options.
Install dependencies:
pnpm installStart the server:
pnpm run dev-
Open your browser and navigate to http://localhost:3000
-
Follow the authentication flow:
- Click "Get Authorization Code" link
- Log in to your Zoho account and authorize the application
- The app will automatically save the tokens in
zoho_tokens.json
-
Get your ACCOUNT_ID:
- Call the
/get-account-idendpoint - In the JSON response, find the account that matches your email address
- Copy the
accountIdvalue (e.g.,6702887000000008002) - Add it to your
.envfile:ACCOUNT_ID=your_account_id_here
Note: The ACCOUNT_ID is required for most Zoho Mail API operations
- Call the
-
Test the integration:
- Click "Send Test Email" to verify the setup
| Method | Endpoint | Description | Parameters |
|---|---|---|---|
| GET | / |
Home page with instructions and auth links | None |
| GET | /callback |
OAuth2 callback endpoint to exchange authorization code for tokens | code (string): Authorization code from Zoho |
| GET | /send-test-email |
Send a test email using Zoho Mail API | - toAddress (string, optional): Recipient email- subject (string, optional): Email subject- content (string, optional): Email content |
| GET | /get-account-id |
Get the Zoho Mail account ID | None |
| GET | /mark-email |
Mark an email as read or unread | - messageId (string): Email ID- read (string): 'true' or 'false' |
| GET | /list-messages |
List inbox email messages | None |
| GET | /renew-access-token |
Renew the access token | None |
- Tokens are automatically saved to
zoho_tokens.json - Access tokens expire after 1 hour
- Use the
/renew-access-tokenendpoint to refresh expired tokens - The refresh token is used automatically when renewing access tokens
- Never commit your
CLIENT_ID,CLIENT_SECRET, orzoho_tokens.jsonto version control - Use environment variables for sensitive data in production
- Keep your refresh token secure
The application includes basic error handling for:
- Missing or invalid tokens
- Failed API requests
- Invalid parameters
- Token refresh failures
Feel free to submit issues and enhancement requests!