Live Tracker Function – Zoho Catalyst Advanced I/O

Overview

The Live Tracker Function is a serverless backend service developed using Node.js, Express.js, and Zoho Catalyst Advanced I/O. It acts as an intermediary layer between the Flutter client application and backend services, including Zoho CRM APIs and Zoho Catalyst Datastore.

The service provides:

  • Secure proxy APIs for interacting with Zoho CRM

  • Real-time employee location tracking

  • Dynamic OAuth token management

  • Request validation and data sanitization

  • Centralized handling of CORS and authentication


Architecture

graph TD
    Client[Flutter Client] -->|HTTP Request| Catalyst[Zoho Catalyst Advanced I/O API]
    Catalyst -->|Express Routing| App[src/app.js]
    App -->|Generate OAuth Token| TokenFunction[generate_access_token]
    App -->|Proxy Request| ZohoCRM[Zoho CRM v7 API]
    App -->|ZCQL Queries| Datastore[(Catalyst Datastore - voltas)]


Core Responsibilities

1. OAuth Token Management

The service automatically retrieves and injects OAuth access tokens before forwarding requests to Zoho CRM APIs. This eliminates the need for the client application to manage authentication tokens.

2. Secure API Proxy

Acts as a secure gateway between the client application and Zoho CRM APIs by:

  • Hiding sensitive credentials from client devices

  • Managing authorization headers internally

  • Preventing direct exposure of CRM endpoints

3. Data Validation and Sanitization

The service validates incoming requests and sanitizes user inputs to prevent malformed requests and potential query injection attacks.

4. Employee Location Tracking

Stores and updates employees' geographical coordinates while maintaining previous coordinates for movement tracking and route visualization.


Project Structure

live_tracker_function/
│
├── index.js
├── src/
│   └── app.js
├── catalyst-config.json
└── package.json

index.js

Application entry point. During local execution, it starts an Express server on port 5555.

src/app.js

Contains:

  • Express application configuration

  • API route definitions

  • Datastore operations

  • ZCQL queries

  • Middleware implementations

  • Token management logic

catalyst-config.json

Contains Catalyst environment configuration and specifies:

  • Runtime: Node.js 20

  • Stack: advancedio

package.json

Defines application dependencies and project metadata.


Dependencies

Package

Version

Purpose

express

^5.2.1

Web framework for routing and HTTP handling

axios

^1.17.0

HTTP client for external API communication

zcatalyst-sdk-node

latest

Zoho Catalyst SDK for Datastore and ZCQL operations


OAuth Token Management

The function uses a helper method (getZohoToken()) to obtain valid OAuth tokens dynamically.

Flow

  1. Client sends a request to the Universal Proxy API.

  2. The proxy checks whether the request uses API Key authentication.

  3. If OAuth authentication is required, the service invokes the token generation function.

  4. The access token is extracted and added to the request headers.

Authorization: Zoho-oauthtoken <ACCESS_TOKEN>

Security Note: Never hardcode or expose API keys and secrets in documentation or source code repositories. Store them using Catalyst environment variables or secret management services.


Universal Zoho CRM Proxy

Endpoint

POST /

Description

Forwards requests to Zoho APIs while automatically attaching the required authorization headers.

Request Body

{
  "url": "https://www.zohoapis.com/crm/v7/Contacts",
  "method": "GET",
  "body": {
    "data": []
  }
}

Parameters

Field

Type

Required

Description

url

String

Yes

Target Zoho API endpoint

method

String

No

HTTP method. Default: GET

body

Object

No

Request payload

Processing Flow

  1. Validate request parameters.

  2. Generate OAuth token if required.

  3. Append authorization header.

  4. Forward request to Zoho API.

  5. Remove sensitive fields (token, access_token) from the response.

  6. Return the sanitized response to the client.

Response Codes

Status

Description

200

Request processed successfully

400

Required URL parameter is missing

500

Token generation or proxy execution failed


Employee Location APIs

Post or Update Employee Location

Endpoint

POST /post_lat_log

Description

Creates a new location entry or updates an existing employee's location while preserving the previous coordinates.

Request

{
  "username": "John Doe",
  "useremail": "john.doe@voltas.com",
  "lat": 28.6139,
  "longitude": 77.2090
}

Processing Flow

  1. Validate mandatory fields.

  2. Sanitize useremail.

  3. Retrieve employee record from Datastore.

  4. If the employee exists:

    • Move current coordinates to prelat and prelong

    • Update with new coordinates

  5. If the employee does not exist:

    • Insert a new record

    • Initialize previous and current coordinates with the same values


Get Employee Location

Endpoint

GET /get_lat_log

Query Parameter

Parameter

Type

Required

Description

useremail

String

Yes

Employee email address

Response Codes

Status

Description

200

Employee location found

400

useremail parameter is missing

404

Employee record not found


Get All Employee Locations

Endpoint

GET /employees

Description

Returns all employee location records stored in the Catalyst Datastore. This endpoint is primarily consumed by the Flutter dashboard for rendering employee markers on the map.


Datastore Schema – voltas

Column

Type

Description

ROWID

String

System-generated unique row identifier

username

String

Employee name

useremail

String

Unique employee email address

lat

Double

Current latitude

longitude

Double

Current longitude

prelat

Double

Previous latitude

prelong

Double

Previous longitude


Local Development

Install Dependencies

cd functions/live_tracker_function
npm install

Run Locally

node index.js

Server starts on:

http://localhost:5555


Deployment

Login to Catalyst

catalyst login

Deploy Function

catalyst deploy

The function will be deployed to the configured Zoho Catalyst environment and will become available through the Catalyst Advanced I/O endpoint.


Documentation Improvements Made

  • Used consistent terminology and formatting.

  • Added proper section descriptions and processing flows.

  • Improved grammar and readability.

  • Replaced informal wording with technical documentation language.

  • Added security notes regarding secrets and API keys.

  • Standardized tables and endpoint descriptions.

  • Made the document suitable for sharing with developers and stakeholders.

Written by : - Ajay kumar


On this page