Zoho Creator
The Zoho Creator connector lets AI agents interact with custom low-code applications — browsing apps and reports, reading and writing records, and executing Deluge functions. It uses OAuth 2.0 so your credentials are stored encrypted in MCPGate's vault and are never exposed to the AI client.
Required scopes#
MCPGate requests the following OAuth scopes when you connect a Zoho Creator account.
| Scope | Purpose |
|---|---|
| ZohoCreator.report.READ | Read records from reports |
| ZohoCreator.report.CREATE | Create new records in forms |
| ZohoCreator.form.CREATE | Submit entries to Creator forms |
| ZohoCreator.meta.application.READ | Read application and form metadata |
Tool reference#
The Zoho Creator connector exposes 11 tools. Use the MCP Apps page to enable or disable individual tools per app, and the Guardrails page to add fine-grained rules on top.
| Tool | Category | Description |
|---|---|---|
| zohocreator_list_apps | read | List all applications in Zoho Creator |
| zohocreator_get_app | read | Get details of a specific Zoho Creator application |
| zohocreator_list_forms | read | List all forms in a Zoho Creator application |
| zohocreator_list_reports | read | List all reports in a Zoho Creator application |
| zohocreator_get_report | read | Get details of a specific report in a Zoho Creator application |
| zohocreator_list_records | read | List records from a report in a Zoho Creator application |
| zohocreator_get_record | read | Get a specific record by ID from a Zoho Creator report |
| zohocreator_create_record | write | Create a new record in a Zoho Creator form |
| zohocreator_update_record | write | Update an existing record in a Zoho Creator report |
| zohocreator_run_function | write | Execute a custom Deluge function in a Zoho Creator application |
| zohocreator_delete_record | delete | Delete a record from a Zoho Creator report |
Deluge functions can execute arbitrary business logic
zohocreator_run_functioninvokes a Deluge script that may write to databases, send emails, call third-party APIs, or trigger workflows — depending on how the function is implemented in your Creator app. Only enable this tool for agents you fully trust and after reviewing the Deluge function's source code.Common guardrail recipes#
Read-only access#
Apply the read_only preset to enable the seven read tools and deny all write and delete tools. Suitable for agents that query custom Creator databases to surface business data without modifying any records.
Edit records preset#
Use the edit_records preset to enable read tools plus zohocreator_create_record and zohocreator_update_record, while blocking zohocreator_run_function and zohocreator_delete_record. This allows agents to manage Creator records without executing arbitrary code or destroying data.
Full access#
The full_access preset enables all 11 tools. Apply a allow_values guardrail to zohocreator_run_function targeting the function_name field to whitelist only the Deluge functions the agent is permitted to invoke.
Troubleshooting#
- App link name required— Zoho Creator API calls use the app's "link name" (the slug set when the app was created), not the display name. Use
zohocreator_list_appsto retrieve the correct link name. - Report link name vs form link name — In Zoho Creator, reports and forms have separate link names. Use
zohocreator_list_formsfor form link names andzohocreator_list_reportsfor report link names before constructing record operations. - Owner account required — The API calls are scoped to the account owner who authorised the OAuth connection. If you need to access apps owned by other Zoho accounts in the same organisation, each owner must create their own MCPGate connection.