English (US)
  1. Zendesk help
  2. Support
  3. Support advice and troubleshooting
  4. API

Authentication for API requests

Dwight Bussman
  • Edited

Question

I'm looking to make an API request using the Zendesk CORE API. How can I send my user credentials to authenticate that request?

Answer

Zendesk uses Basic authentication sent within the headers of an API request. We do not process credentials sent in the payload (body) or URL.

The authorization header should be formatted as follows:

  • Authorization: "Basic (base-64-encoded username:PASSWORD_HERE)"

If using an API-token to perform that authentication, the authorization header would look like this:

  • Authorization: "Basic (base-64-encoded username/token:API_TOKEN_HERE)"

If you'd like to see exactly what's being sent by your app, you can use a page like http://requestb.in/ to see what's coming over. It may be helpful to compare your headers to those being generated by an HTTP target using basic authentication. You can point an HTTP target to the same requestb.in page and choose Test Target to see this in action:

Here's what that'll look like within your Zendesk:

Screen_Shot_2016-12-27_at_2.15.13_PM.png 

Once that hits your requestb.in, it'll show up like this:

Screen_Shot_2016-12-27_at_2.18.39_PM.png

 

The string following "Authorization: Basic" is dXNlckBlbWFpbC5jb206b3BlbnNlc2FtZQ== 

This is the base64-encoded version of the username/password. To de-code that manually, head to a page like https://www.base64decode.org/, paste the string into the upper box, and click "Decode": 

Screen_Shot_2016-12-27_at_2.21.11_PM.png  

If you're using python to make requests, it should be possible to set your session headers as follows:

session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}

 

I would love feedback on this article. If you find it unhelpful, please leave a comment so that it can be improved!

Have more questions? Submit a request

13 Comments

Sort by Date Votes
  • Shlomi Cohen
    Permalink

    The example only talk about username password . but more relevant is the format of the username/token:password , which is not that straight forward in basic auth.

    0
  • Dwight Bussman
    Permalink

    Hi Shiomi,

    I believe what you're asking about is covered by the second part of the answer which starts "If using an API-token to perform that authentication..."

    Please let me know if I'm failing to understand your comment correctly so that I can help improve this article.

    Thanks!

    0
  • Shlomi Cohen
    Permalink

    you are right , but i thought an example of such should be here as well. 

    for example for me it didn't work at the beginning just because my browser also sent the cookies and probably zendesk authenticated me through that.

    also , i started to wonder which part should be base64 encoded , eventually got  it but it was nice if it was clearer for example Authorization: Basic (base64encode(user@domain/token:token_value))

     

    0
  • Dwight Bussman
    Permalink

    Thanks Shlomi!

    Our Developer Docs now include additional information about base-64 encoding this auth info:

    https://developer.zendesk.com/rest_api/docs/core/introduction#security-and-authentication

    Please let me know if this is clearer or if it could still use improvement.

    0
  • Tomer Ben Arye
    Permalink

    Can you add this example of how to send it properly?

    Add an example of sending requests:

    session = requests.Session()
    session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}

     

    0
  • Dwight Bussman
    Permalink

    Hi Tomer,

    Sure - good suggestion! I was trying to keep this as language-agnostic as possible, but having an example in Python could be useful as many folks use that for scripting.

    0
  • Matt Berry
    Permalink

    If I log into Zendesk with Google authentication, not my own Zendesk username and password, can I still use the API?

    0
  • Dwight Bussman
    Permalink

    Hi Matt,

    You'll need to create Zendesk credentials in order to authenticate API requests (or use an API/Oauth token). Google authentication will not work with the API.

    0
  • Yamile Martinez
    Permalink

    When trying to Authenticate a URL Target; i am getting a 401 Error which is 

    "error": "Couldn't authenticate you"

    I am editting the URL Target through Zendesk Settings/Extensions to include in the 
    Basic Authentication what i decoded the user:password.

    When i populate the user and Password (api token) it still gives me the same error.

    Can anyone help?
    Thanks,
    Yami
    0
  • Dwight Bussman
    Permalink

    Hi Yamile,

    I'm happy to reach out to you in a ticket to get more details about your workflow, but I suspect this may be related to how the user and token are being passed over.

    In order to leverage the API token in the basic authentication, you'll want to have the username look like this:


    Where the "/token" is appended after the user's email address, and the API token itself is put into the password field.  Please let me know if this helps to resolve this issue for you, or if you'd like me to create a ticket to look into this further.

    0
  • Yamile Martinez
    Permalink

    Hi Dwight,

    Yes, open a ticket.  I just tried what you suggested and i am still getting the same error (401) 

    "error": "Couldn't authenticate you"

    Thanks,

    Yami

    0
  • Priscila Giatti
    Permalink

    Hi Dwight,

    I am having the same issue, wondering how the above was fixed?

    Thank you!

    Priscila 

    0
  • Dwight Bussman
    Permalink

    Hi Priscila,

    The above issue appeared to be the result of a formatting issue within the target authentication values. I'll raise a ticket to work with you to resolve this matter on your account.

    0

Please sign in to leave a comment.

Related articles

Related articles

Powered by Zendesk