Forums/Community/Community tips & tricks

Remote authentication from PHP

Thomas Pedersen
posted this on February 17, 2009 09:24

For all of you PHP lovers, here is an example of how you can use Zendesk's Remote Authentication API to authenticate users in your own database via PHP.


 * Remote authentication stub for PHP
 * This is meant as a template for your own customization. You can identify the user anyway you like,
 * integrate it into your intranet, web app or similar.
 * You may call this script directly or have Zendesk redirect to it using the
 * Remote Authentication URL.
 /* The following values should be set from your source of information */
$sFullName = "Firstname Lastname"; 
$sEmail = ""; 
$sExternalID = ""; 
$sOrganization = ""; 

 /* Insert the Autentication Token here */
$sToken = "52713bf24cc564c72asd249feb7de52de341195c"; 

 /* Insert your account prefix here. If your account is */
$sUrlPrefix = "yoursite"; 

 /* Build the message */
$sTimestamp = isset($_GET['timestamp']) ? $_GET['timestamp'] : time(); 
$sMessage = $sFullName.$sEmail.$sExternalID.$sOrganization.$sToken.$sTimestamp; 
$sHash = MD5($sMessage); 

$sso_url = "http://".$sUrlPrefix."".$sFullName."&email=".$sEmail."&external_id=".$sExternalID."&organization=".$sOrganization."&timestamp=".$sTimestamp."&hash=".$sHash;

header("Location: ".$sso_url);



User photo

Do you have any recommendations for how to handle a user that creates a ticket by emailing our support, but that user is not in our DB? The /access/normal url seems to only work for admins. I want to avoid having to creating them as a user in our system just so that we can authenticate them on your site because a user in our system without an account doesn't make sense. Is this possible or is the remote auth an all or nothing situation where we have to know who every user is?


October 17, 2009 13:43
User photo
Christian Pedersen
Zendesk Support

You run a fully open help desk, where users are automatically created when submitting their first ticket, or a help desk where users are asked to register when submitting their first ticket.

October 17, 2009 13:56
User photo
Robert Laing
My Gengo
We found that the above code breaks if you have '+' signs in emails (which are valid but a bit uncommon). To avoid this, just urlencode the email (and why not the full name too, for safety) in the $sso_url definition.
February 17, 2010 01:26
User photo
George Law

How would I include the ticket ID to go to in the above code.

For instance, ZD currently sends out emails with

ideally, I would like to show this as

This would submit to my normal login code, which would detect that it is a SSO ZD login and instead of logging into my portal, include the PHP code above (with the ticket number somewhere in a param), and then have it bounced them through into ZD as an authenticated user.


March 29, 2010 14:14
User photo

I belive access/remote accepts a return_to parameter which you could use to redirect to another page, once authenticated

May 03, 2010 05:05
User photo
Carsten Falborg

How do i retreive the LDAP info from our network with PHP, so i can send it back to ZD?

November 26, 2010 06:58
User photo
Kevin Mulligan
Hey..the Remote Authentication API link is broken. Please fix. :)
August 31, 2011 07:55
User photo
Joy Carletti

@Kevin, Thanks for bringing this to our attention; I've updated this. 

August 31, 2011 08:47
User photo
Khoa Bui
Hi guys, According to this page, we can able to send the tags along with the user information. But when I try, it doesnt work. here is how I do it: ... $tags = "tag1, tag2"; $message = $name.$email.$externalID.$organizationID.$tags.$token.$timestamp; $hash = MD5($message); $sso_url= "".$name."&email=".url...; Anyone having the same issue? Thank you. Khoa
August 31, 2011 21:26
User photo
Justin Marsan
Hello, I keep getting "Invalid token" error while I know for sure that it is correct and up to date (since I re-generated a new one and copy/pasted it like 5 times during the last hour)... The rest of the url seems to be normal. Any idea what could cause this ?
September 11, 2011 12:22
User photo
Dale Isham

Has anyone had any luck in integrating this script with a Drupal Userbase?

October 12, 2011 06:35
User photo
Jim Hoffman

Is there a parameter to add the a destination page once logged in vs. the default home page?

July 08, 2012 15:04
User photo

@Jim: You add the return_to url to the sso string.

August 23, 2012 09:32
User photo
Hiroyuki Oka

by the way , 

We use single sign on(SSO).
Customer could not change email address on zendesk for himself.
I saw this message on "setting page".
"You should disable this option if you use SSO (Single Sign-On) to populate and update your users in Zendesk (using the API). "

Do you have another way without using the api, on zendesk ?
to allow customers to change email in zendesk after logging in with SSO.

Do i need prepare another page(or system) for custormer can change email ?


best regards.

August 26, 2012 19:20
User photo
Jerome Ng

does anyone knows how to use this for magento ???


we can't integrate into a PHP magento site.

January 02, 2013 00:58
User photo

Sorry for the delayed response:

@Hiroyuki Oka: You'll need to have the customer update the email address on file in the SSO database. The point of SSO is for YOU to pass US the new email address of the customer.

@Jerome: Our Magento integration is all new. Give it a try and see if that solves your problem.

January 07, 2013 15:31
User photo
Chris Cinelli

You can try this one: if you want to add a Pic and tags

February 18, 2013 13:50
User photo
Justin Seymour

Thanks for the update! 

February 19, 2013 06:37
User photo
Hiroyuki Oka

@Adam Panzer ,@Chris Cinelli : Thank you for your idea.  I prepared customer's email address update page . It was solved . 

February 19, 2013 17:19