Users can access the Zendesk API using any of three authentication methods. First, they can use their Zendesk password. This is known as basic authentication. Second, they can use an auto-generated password called an API token. Third, they can use an OAuth access token, which is different than an API token.
All three authentication methods are disabled by default in new accounts. This article explains how to enable and disable each method to manage how users access the Zendesk API.
- Managing password access to the API
- Managing API token access to the API
- Managing OAuth token access to the API
For information on using the Zendesk API, see the following pages:
Managing password access to the API
Users can use theirZendesk passwordto authenticate API requests. Onlyverified userscan make API requests with their password.
Password access to the API is disabled by default in new accounts. You must enable password access in Admin Center before users can use their password.
To enable or disable password access
- InAdmin Center, clickApps and integrationsin the sidebar, then selectAPIs > Zendesk API.
- In the Settings tab, enable or disable password access.
To authenticate API requests with Zendesk passwords, seeBasic authenticationon developer.zendesk.com.
Managing API token access to the API
Users can use an API token to authenticate API requests. API tokens are auto-generated passwords that you can use with your username to authenticate API requests. They can also be used as part of two-factor authentication for integrations. Each API token can be used by anyverified useron the account and isn't associated with a specific user. More than one token can be active at the same time.
API tokens are not the same as OAuth access tokens. SeeDifferences between API tokens and access tokenson developer.zendesk.com.
To use an API token to authenticate API requests, seeAPI tokenon developer.zendesk.com.
Enabling API token access
API token access is disabled by default. You must enable API token access in Admin Center before users can use API tokens.
To enable API token access
- InAdmin Center, clickApps and integrationsin the sidebar, then selectAPIs > Zendesk API.
- In the Settings tab, enable token access.
Generating API tokens
生成一个API的令牌,你一定是一个administrator and API token access must be enabled in your account.
To generate an API token
- InAdmin Center, clickApps and integrationsin the sidebar, then selectAPIs > Zendesk API.
- Click theAdd API tokenbutton to the right ofActive API tokens.
The token is generated and displayed.
- (Optional) Enter an API token description.
- Copythe token and paste it somewhere secure. When you clickSaveto close this window, the full token will never be displayed again.
- ClickSaveto return to the Zendesk API page.
If you click the token to reopen it, a truncated version of the token is displayed.
Deleting an API token
An API token is like a password: any verified user on the account or anyone with their email address can use it to authenticate API requests. If you become aware than an API token has been compromised, delete it immediately. Deleting a token deactivates it permanently.
To delete an API token
- InAdmin Center, clickApps and integrationsin the sidebar, then selectAPIs > Zendesk API.
- Select the token in the list, then click删除on the right side.
Managing OAuth token access to the API
You can use OAuth access tokens to authenticate API requests. OAuth provides a secure way for applications to access Zendesk data without having to store and use Zendesk passwords or API tokens, which are sensitive information.
You can't create OAuth access tokens directly in Admin Center like API tokens. You must first create an OAuth client in Admin Center, then use the OAuth client in a defined OAuth authorization flow to create an OAuth access token.
OAuth access tokens are not the same as API tokens. SeeDifferences between API tokens and access tokenson developer.zendesk.com.
This section covers the following topics:
- Creating OAuth clients
- Creating access tokens with an OAuth client
- Deleting OAuth clients and tokens
To authenticate API requests with OAuth access tokens, seeOAuth access tokenon developer.zendesk.com.
Creating OAuth clients
OAuth clients let you create OAuth access tokens that can be used to authenticate API requests. OAuth access tokens differ from API tokens. OAuth access tokens provides a secure way for applications to access the Zendesk API without having to store and use the passwords of your Zendesk users.
To create OAuth clients
- InAdmin Center, clickApps and integrationsin the sidebar, then selectAPIs > Zendesk API.
- Select theOAuth Clientstab.
- To create a client, click theAdd OAuth client按钮,按instructions inRegistering your application with Zendesk.
- To delete a client, select the client in the list, then click删除on the right side.
Next, use the OAuth client to create one or more OAuth access tokens.
Creating access tokens with an OAuth client
After creating an OAuth client in Admin Center, you can use it with a defined authorization flow to create OAuth access tokens. You can use different OAuth authorization flows. For the options, seeImplementing an OAuth authorization flow in your application.
You can also use the OAuth client with the API to create access tokens without an authorization flow. You can use a password or an API token to authenticate these API requests. SeeCreating and using OAuth access tokens with the APIon developer.zendesk.com.
Deleting OAuth clients and tokens
You can delete an OAuth client to deactivate all the access tokens created with the client. You can also revoke individual access tokens.
删除一个OAuth客户机
- InAdmin Center, clickApps and integrationsin the sidebar, then selectAPIs > Zendesk API.
- Select theOAuth Clientstab.
- Select the client in the list, then click删除on the right side.
To revoke a specific access token
- SeeRevoking an access tokenon developer.zendesk.com.
14 Comments
Hello we recently had to setup a new token and it doesn't appear to be working when we try to use it in our Okta instance. Is anyone else experiencing this issue?
Hey there,
Thanks for reaching out on our community post about your issue with the API Token and your Okta instance. In this situation, what I will be doing is creating a ticket so that we can work on this together internally and see what could be going on. Speak to you soon!
Russell Chee | Senior Customer Advocacy Specialist | Melbourne, Australia
Hi,
Is there any way that I generate an api key with restricted access? I want to write an app and add private comments to tickets, with the api key from customer i would have full access to customer data. I only want to add comments.
Yeah would be good to know Api token with restricted acess
Not sure if there is a documented way but I was able to do this. So after you create the api token under the user you want, you can downgrade the user's role to your custom role. Granted your account has access to create custom roles. The API's should be restricted based on what is defined in that role.
I Agree would be good to know Api token with restricted acess
Hello,
I am login into Admin Center using an admin account. When I go to Apps and Integrations I don't see the APIs Link, but just Salesforce, Event Connector for Amazon EventBridge, Shopify and Slack.
Is it because I need to set up something before reaching Apps and Integrations? Do I need special permissions?
Thank you very much for any pointers you can give me
Andres
You will need to make sure that your role is indeed an Admin once you go to your profile in Admin Center.
There's currently no permission restriction if you are indeed an Admin. If the same issue persisted, pleasecontact our support directly.
I'm following the directionshereto back up our KB using the Help Center API.
Our Zendesk requires SSO via Okta to log in, so I've created an API token and placed the following into the script:
credentials='your_email@domain.com/token'
but receive error 401.
Is there another way to format the credentials with the script?
Hi,
I'm setting up an integration for a customer and there's one question about API Token generation. In the past, if the user that generated the API Token was deleted, the API Token became invalid and another one needed to be generated.
Is it still valid or we can generate the API Token and after the setup is completed we can delete the user with no impact in the token usage?
Massashi Yasunaga
Hi Dev,
Deleting the user who created the API token will not affect the already created token. The token should still be available to use.
Hope this helps.
hy
if i created a new token and try to create a ticket i got this error
{"error":"invalid_token","error_description":"The access token provided is expired, revoked, malformed or invalid for other reasons."}
hi,
is it possible to generate a new api - token through API, using zendesk access token?
Generating an API tokencan be done within Apps and integrations > APIs > Zendesk API in the Admin Center. Only the OAuth access tokens can be created via API. You check this article for more information:Creating and using OAuth access tokens with the API
Pleasesign into leave a comment.