OAuth Tokens for Grant Types
This API consists of theCreate Token for Grant Typeendpoint. Use this endpoint to get access tokens for the following OAuth grant types:
The endpoint is not used with the implicit grant type because the access token is sent immediately in the redirect URL if the end user grants access. SeeTokens for Implicit Grant Type.
For more information on the supported OAuth grant types, seeUsing OAuth authentication with your applicationin Help Center.
If you're not working with grant types, use theCreate Tokenendpoint in the OAuth Tokens API. The two APIs don't share the same path, JSON format, or request parameters. However, both APIs return access tokens that can be used toauthenticate API requests.
JSON format
OAuth Tokens for Grant Types are represented as JSON objects with the following properties:
| Name | Type | Read-only | Mandatory | Description |
|---|---|---|---|---|
| access_token | string | true | false | The access token |
| scope | string | true | false | The valid scopes for this token. SeeScopebelow |
| token_type | string | true | false | Type of the access token, for example "bearer" |
Example
{"access_token":"gErypPlm4dOVgGRvA1ZzMH5MQ3nLo8bo","scope":"read","token_type":"bearer"}
Create Token for Grant Type
POST /oauth/tokens
Returns an OAuth access token in exchange for one of the following:
- anauthorization codevalid for 120 seconds
- aZendesk username and password
Refresh tokens aren't used. An access token doesn't expire but it can be revoked. Use theOAuth Tokens APIto list, show, or revoke tokens.
Request parameters
The POST request takes the following parameters, which must be formatted as JSON:
| Name | Description |
|---|---|
| grant_type | One of "authorization_code" or "password" |
| code | Authorization grant flow only. The authorization code you received from Zendesk after the user granted access. SeeHandle the user's authorization decisionin Help Center |
| client_id | TheUnique Identifierspecified in an OAuth client in the Support admin interface (Admin>Channels>API>OAuth Clients). SeeRegistering your application with Zendesk |
| client_secret | TheSecretspecified in an OAuth client in the Support admin interface (Admin>Channels>API>OAuth Clients). SeeRegistering your application with Zendesk |
| redirect_uri | Authorization grant flow only. The redirect URL you specified when you sent the user to the Zendesk authorization page. For ID purposes only. SeeSend the user to the Zendesk authorization page |
| scope | Valid scope for this token. A string of space-separated values. SeeScopebelow |
Scope
You must specify a scope to control the app's access to Zendesk resources. The "read" scope gives access to GET endpoints. It includes permission to sideload related resources. The "write" scope gives access to POST, PUT, and DELETE endpoints for creating, updating, and deleting resources.
Note: Don't confuse thescopeparameter (singular) with thescopesparameter (plural) for non-grant-type tokens described inOAuth Tokens.
“冒充”允许Zendesk范围亚博admin to make requests on behalf of end users. SeeMaking API requests on behalf of end users.
For example, the following parameter gives read access to all resources:
"scope": "read"
The following parameter gives read and write access to all resources:
"scope": "read write"
You can fine-tune the scope of the following resources:
- tickets
- users
- auditlogs (read only)
- organizations
- hc
- apps
- triggers
- automations
- targets
- webhooks
The syntax is as follows:
"scope": "resource:scope"
For example, the following parameter restricts the scope to only reading tickets:
"scope": "tickets:read"
To give read and write access to a resource, specify both scopes:
"scope": "users:read users:write"
To give write access only to one resource, such as organizations, and read access to everything else:
"scope": "organizations:write read"
Note: The endpoint returns an access token even if you specify an invalid scope such as"scope": ["read", "write"](no parentheses). Any request you make with the token will return a "Forbidden" error.
Tokens for Implicit Grant Type
The implicit grant flow calls the same endpoint as the authorization code grant flow (https://{subdomain}.zendesk.com/oauth/authorizations/new). However, it differs in that the access token is sent immediately in the redirect URL if the end user grants access. The token is not created with theCreate Token for Grant Typeendpoint.
SeeImplicit grant flowinUsing OAuth authentication with your applicationin Help Center.
Code Samples
curl
Authorization code grant
curlhttps://{subdomain}.zendesk.com/oauth/tokens\-H"Content-Type: application/json"\-d'{"grant_type": "authorization_code", "code": "7xqwtlf3rrdj8uyeb1yf","client_id": "acme_rockets", "client_secret": "77f9931747b63f720f9fbc6","redirect_uri": "https://www.example.com/app/grant_decision","scope": "organizations:write read" }'\-X POST
curl
Password grant
curlhttps://{subdomain}.zendesk.com/oauth/tokens\-H"Content-Type: application/json"\-d”{grant_type”:“密码”、“client_id”:“acme_rockets","client_secret": "77f9931747b63f720f9fbc6","username": "[email protected]", "password": "r23ssfoal","scope": "organizations:write read" }'\-X POST
Go
import("fmt""io""net/http")funcmain(){url:="https://support.zendesk.com/oauth/tokens"method:="POST"req,err:=http.NewRequest(method,url,nil)iferr!=nil{fmt.Println(err)return}req.Header.Add("Content-Type","application/json")req.Header.Add("Authorization","Basic " )// Base64 encoded "username:password"client:=&http.Client{}res,err:=client.Do(req)iferr!=nil{fmt.Println(err)return}deferres.Body.Close()body,err:=io.ReadAll(res.Body)iferr!=nil{fmt.Println(err)return}fmt.Println(string(body))}
Java
importcom.squareup.okhttp.*;OkHttpClientclient=newOkHttpClient();HttpUrl.BuilderurlBuilder=HttpUrl.parse("https://support.zendesk.com/oauth/tokens").newBuilder();RequestBodybody=RequestBody.create(MediaType.parse("application/json"),"""""");Requestrequest=newRequest.Builder().url(urlBuilder.build()).method("POST",body).addHeader("Content-Type","application/json").addHeader("Authorization",Credentials.basic("your-email","your-password")).build();Responseresponse=client.newCall(request).execute();
Nodejs
varaxios=require('axios');varconfig={method:'POST',url:'https://support.zendesk.com/oauth/tokens',headers:{'Content-Type':'application/json','Authorization':'Basic ' ,// Base64 encoded "username:password"},};axios(config).then(function(response){console.log(JSON.stringify(response.data));}).catch(function(error){console.log(error);});
Python
importrequestsurl="https://support.zendesk.com/oauth/tokens"headers={"Content-Type":"application/json",}response=requests.request("POST",url,auth=('' ,'' ),headers=headers)print(response.text)
Ruby
require"net/http"uri=URI("https://support.zendesk.com/oauth/tokens")request=Net::HTTP::Post.new(uri,"Content-Type":"application/json")request.basic_auth"username","password"response=Net::HTTP.start uri.hostname,uri.port,use_ssl:truedo|http|http.request(request)end
Example response(s)
201 Created
// Status 201 Created{"access_token":"gErypPlm4dOVgGRvA1ZzMH5MQ3nLo8bo","scope":"organizations:write read","token_type":"bearer"}