Live Tracker Function – Zoho Catalyst Advanced I/O
Overview
The Live Tracker Function is a serverless backend service developed using Node.js, Express.js, and Zoho Catalyst Advanced I/O. It acts as an intermediary layer between the Flutter client application and backend services, including Zoho CRM APIs and Zoho Catalyst Datastore.
The service provides:
Secure proxy APIs for interacting with Zoho CRM
Real-time employee location tracking
Dynamic OAuth token management
Request validation and data sanitization
Centralized handling of CORS and authentication
Architecture
graph TD
Client[Flutter Client] -->|HTTP Request| Catalyst[Zoho Catalyst Advanced I/O API]
Catalyst -->|Express Routing| App[src/app.js]
App -->|Generate OAuth Token| TokenFunction[generate_access_token]
App -->|Proxy Request| ZohoCRM[Zoho CRM v7 API]
App -->|ZCQL Queries| Datastore[(Catalyst Datastore - voltas)]
Core Responsibilities
1. OAuth Token Management
The service automatically retrieves and injects OAuth access tokens before forwarding requests to Zoho CRM APIs. This eliminates the need for the client application to manage authentication tokens.
2. Secure API Proxy
Acts as a secure gateway between the client application and Zoho CRM APIs by:
Hiding sensitive credentials from client devices
Managing authorization headers internally
Preventing direct exposure of CRM endpoints
3. Data Validation and Sanitization
The service validates incoming requests and sanitizes user inputs to prevent malformed requests and potential query injection attacks.
4. Employee Location Tracking
Stores and updates employees' geographical coordinates while maintaining previous coordinates for movement tracking and route visualization.
Project Structure
live_tracker_function/
│
├── index.js
├── src/
│ └── app.js
├── catalyst-config.json
└── package.json
index.js
Application entry point. During local execution, it starts an Express server on port 5555.
src/app.js
Contains:
Express application configuration
API route definitions
Datastore operations
ZCQL queries
Middleware implementations
Token management logic
catalyst-config.json
Contains Catalyst environment configuration and specifies:
Runtime:
Node.js 20Stack:
advancedio
package.json
Defines application dependencies and project metadata.
Dependencies
Package | Version | Purpose |
|---|---|---|
express | ^5.2.1 | Web framework for routing and HTTP handling |
axios | ^1.17.0 | HTTP client for external API communication |
zcatalyst-sdk-node | latest | Zoho Catalyst SDK for Datastore and ZCQL operations |
OAuth Token Management
The function uses a helper method (getZohoToken()) to obtain valid OAuth tokens dynamically.
Flow
Client sends a request to the Universal Proxy API.
The proxy checks whether the request uses API Key authentication.
If OAuth authentication is required, the service invokes the token generation function.
The access token is extracted and added to the request headers.
Authorization: Zoho-oauthtoken <ACCESS_TOKEN>
Security Note: Never hardcode or expose API keys and secrets in documentation or source code repositories. Store them using Catalyst environment variables or secret management services.
Universal Zoho CRM Proxy
Endpoint
POST /
Description
Forwards requests to Zoho APIs while automatically attaching the required authorization headers.
Request Body
{
"url": "https://www.zohoapis.com/crm/v7/Contacts",
"method": "GET",
"body": {
"data": []
}
}
Parameters
Field | Type | Required | Description |
|---|---|---|---|
url | String | Yes | Target Zoho API endpoint |
method | String | No | HTTP method. Default: GET |
body | Object | No | Request payload |
Processing Flow
Validate request parameters.
Generate OAuth token if required.
Append authorization header.
Forward request to Zoho API.
Remove sensitive fields (
token,access_token) from the response.Return the sanitized response to the client.
Response Codes
Status | Description |
|---|---|
200 | Request processed successfully |
400 | Required URL parameter is missing |
500 | Token generation or proxy execution failed |
Employee Location APIs
Post or Update Employee Location
Endpoint
POST /post_lat_log
Description
Creates a new location entry or updates an existing employee's location while preserving the previous coordinates.
Request
{
"username": "John Doe",
"useremail": "john.doe@voltas.com",
"lat": 28.6139,
"longitude": 77.2090
}
Processing Flow
Validate mandatory fields.
Sanitize
useremail.Retrieve employee record from Datastore.
If the employee exists:
Move current coordinates to
prelatandprelongUpdate with new coordinates
If the employee does not exist:
Insert a new record
Initialize previous and current coordinates with the same values
Get Employee Location
Endpoint
GET /get_lat_log
Query Parameter
Parameter | Type | Required | Description |
|---|---|---|---|
useremail | String | Yes | Employee email address |
Response Codes
Status | Description |
|---|---|
200 | Employee location found |
400 | useremail parameter is missing |
404 | Employee record not found |
Get All Employee Locations
Endpoint
GET /employees
Description
Returns all employee location records stored in the Catalyst Datastore. This endpoint is primarily consumed by the Flutter dashboard for rendering employee markers on the map.
Datastore Schema – voltas
Column | Type | Description |
|---|---|---|
ROWID | String | System-generated unique row identifier |
username | String | Employee name |
useremail | String | Unique employee email address |
lat | Double | Current latitude |
longitude | Double | Current longitude |
prelat | Double | Previous latitude |
prelong | Double | Previous longitude |
Local Development
Install Dependencies
cd functions/live_tracker_function
npm install
Run Locally
node index.js
Server starts on:
http://localhost:5555
Deployment
Login to Catalyst
catalyst login
Deploy Function
catalyst deploy
The function will be deployed to the configured Zoho Catalyst environment and will become available through the Catalyst Advanced I/O endpoint.
Documentation Improvements Made
Used consistent terminology and formatting.
Added proper section descriptions and processing flows.
Improved grammar and readability.
Replaced informal wording with technical documentation language.
Added security notes regarding secrets and API keys.
Standardized tables and endpoint descriptions.
Made the document suitable for sharing with developers and stakeholders.
Written by : - Ajay kumar