Question
How can I authenticate API requests using one of Zendesk v2 API's?
Answer
You must be a verified user to make API requests. You can authenticate API requests using basic authentication with your email address and password, with your email address and an API token, or with an OAuth access token.
All methods of authentication set the authorization header differently. Credentials sent in the payload (body) or URL are not processed.
This article includes information on the following topics:
Basic authentication
If using Basic authentication, you can combine your email address and password to generate the authorization header.
The email address and password combination needs to be a Base-64 encoded string.
The authorization header should be formatted like this:
Authorization: Basic email_address:password
API token
If using an API token, you can combine your email address and API token to generate the authorization header.
The email address and API token combination needs to be a Base-64 encoded string.
The authorization header should be formatted like this:
Authorization: Basic email_address/token:api_token
OAuth access token
If using OAuth to authenticate, the authorization header should be formatted like this:
Authorization: Bearer oauth_access_token
Please see Using OAuth authentication with your application for more information.
Viewing your authorization header
If you want to see exactly what's being sent by your app, use a page like http://requestb.in/ to see what's coming over. It's helpful to compare your headers to those being generated by an HTTP target using basic authentication. You can point an HTTP target to the same requestb.in page and choose Test Target to see this in action:
Once that hits your requestb.in, it shows up like this:
The string following "Authorization: Basic" is dXNlckBlbWFpbC5jb206b3BlbnNlc2FtZQ==
This is the base64-encoded version of the username/password. To de-code that manually, head to a page like https://www.base64decode.org/, paste the string into the upper box, and click Decode:
If you're using python to make requests, it should be possible to set your session headers as follows:
session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}
For more detailed information on authentication, see our developer documentation on Security and authentication.
27 Comments
The example only talk about username password . but more relevant is the format of the username/token:password , which is not that straight forward in basic auth.
Hi Shiomi,
I believe what you're asking about is covered by the second part of the answer which starts "If using an API-token to perform that authentication..."
Please let me know if I'm failing to understand your comment correctly so that I can help improve this article.
Thanks!
you are right , but i thought an example of such should be here as well.
for example for me it didn't work at the beginning just because my browser also sent the cookies and probably zendesk authenticated me through that.
also , i started to wonder which part should be base64 encoded , eventually got it but it was nice if it was clearer for example Authorization: Basic (base64encode(user@domain/token:token_value))
Thanks Shlomi!
Our Developer Docs now include additional information about base-64 encoding this auth info:
https://developer.zendesk.com/rest_api/docs/core/introduction#security-and-authentication
Please let me know if this is clearer or if it could still use improvement.
Can you add this example of how to send it properly?
Add an example of sending requests:
session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}
Hi Tomer,
Sure - good suggestion! I was trying to keep this as language-agnostic as possible, but having an example in Python could be useful as many folks use that for scripting.
If I log into Zendesk with Google authentication, not my own Zendesk username and password, can I still use the API?
Hi Matt,
You'll need to create Zendesk credentials in order to authenticate API requests (or use an API/Oauth token). Google authentication will not work with the API.
When trying to Authenticate a URL Target; i am getting a 401 Error which is
Hi Yamile,
I'm happy to reach out to you in a ticket to get more details about your workflow, but I suspect this may be related to how the user and token are being passed over.
In order to leverage the API token in the basic authentication, you'll want to have the username look like this:
Where the "/token" is appended after the user's email address, and the API token itself is put into the password field. Please let me know if this helps to resolve this issue for you, or if you'd like me to create a ticket to look into this further.
Hi Dwight,
Yes, open a ticket. I just tried what you suggested and i am still getting the same error (401)
"error": "Couldn't authenticate you"
Thanks,
Yami
Hi Dwight,
I am having the same issue, wondering how the above was fixed?
Thank you!
Priscila
Hi Priscila,
The above issue appeared to be the result of a formatting issue within the target authentication values. I'll raise a ticket to work with you to resolve this matter on your account.
Hi Dwight,
Many thanks for all the information.
Is it possible to gain access to a zendesk sandbox?
I am trying to send a request to Zendesk from NAV (2017) but am hitting the error:
"The request was aborted: Could not create SSL/TLS secure channel."
I am setting the username/password as the format given in the Zendesk API. Any help would be much appreciated.
Thanks
Hi Anant,
I'd be happy to look into this more closely in a ticket so we can discuss things more privately. I can then report back on our findings to this thread for the good of the community. I'll be reaching out to you in such a ticket shortly.
Hi, I'm having a similar auth issue. My format for the basic auth settings is as follows:
Username: email@email.com/token
Password: token
Getting a 401 Error, unable to authenticate you. Any help would be appreciated!
Hey Brian,
Could you try making an API request using the developer console here: Zendesk Developer Portal
I'm curious to know if you receive the same error.
Let me know!
Thanks Brett! The PUT request successfully updated the ticket using the API Console
Glad to hear it Brian :)
Sounds like it could be an issue with the client you're using to make the API call.
Hi Dwight,
I have a perl script that running fine until last week.
I receive the error "http status: 401 Unauthorized"
Ticket is created 4927775. Can you point me to some php or perl examples?
Thanks
Hi Dwight,
How about JWT? Can I put the JWT in the authentication header to authenticate API request?
Thanks.
Hi Peter,
We currently allow 3 methods of authentication:
While we allow JWT to authenticate your user logging into Zendesk, we do not currently support using SSO to authenticate API requests.
For more information on how to pass the above forms of authentication to our API, please see this article: https://developer.zendesk.com/rest_api/docs/support/introduction#security-and-authentication
Hi Chi - it appears the ticket you mentioned above has been resolved. Glad you were able to get to the bottom of that.
Hi Dwight,
If I want to have an OAuth Token with expire time (e.g. 2 hours), how can I do it?
Thanks!
Hi Peter,
I'm not aware of us allowing the time-based expiration of access tokens. They would have to be manually revoked using https://developer.zendesk.com/rest_api/docs/support/oauth_tokens#revoke-token
asm
I get the same error "error couldnt authenticate you" i have an agent profile only in zendesk would that matter?
Hi Pablo,
Agent-level credentials may not be sufficient depending on the endpoint you're trying to hit, as some endpoints require Admin-level permissions:
https://developer.zendesk.com/rest_api/docs/support/organizations#update-organization is one such endpoint
That having been said, the message you're seeing "401 - couldn't authenticate you" generally means that your credentials either aren't reaching us, or aren't correct (as opposed to a "403 - Forbidden" error which would indicate the permission-level issue).
I recommend raising a ticket to support@zendesk.com to have our team help with what you're doing more specifically. Please do NOT include your credentials in that request, but rather some details about when you were attempting this and on which subdomain you're working.
Please sign in to leave a comment.