Hi,

Our zendesk is not setup with whitelisting initially. Due to the complexity of implementing whitelisting now will have a huge impact to existing integrations, this is not viable solution.

Current https://<domain>.zendesk.com/admin/apps-integrations/apis/zendesk-api/activity do not list all the API and OAuth tokens' last known active activity and unique IP addresses to allow administrators to trace back to the integrated system current owners to review or identify illegal entry/usage. As part of cyber security governance, the unused API and OAuth tokens can be sunset, unknown IP addresses can be blocked or new tokens to be generated.

We tried requesting to Zendesk Support to retrieve this information for a one off cyber security governance exercise but was advised to raise this as a use case and feature request.

Thank you!