Question
I'm looking to make an API request using the Zendesk CORE API. How can I send my user credentials to authenticate that request?
Answer
Zendesk uses Basic authentication sent within the headers of an API request. We do not process credentials sent in the payload (body) or URL.
The authorization header should be formatted as follows:
- Authorization: "Basic (base-64-encoded username:PASSWORD_HERE)"
If using an API-token to perform that authentication, the authorization header would look like this:
- Authorization: "Basic (base-64-encoded username/token:API_TOKEN_HERE)"
If you'd like to see exactly what's being sent by your app, you can use a page like http://requestb.in/ to see what's coming over. It may be helpful to compare your headers to those being generated by an HTTP target using basic authentication. You can point an HTTP target to the same requestb.in page and choose Test Target to see this in action:
Here's what that'll look like within your Zendesk:
Once that hits your requestb.in, it'll show up like this:
The string following "Authorization: Basic" is dXNlckBlbWFpbC5jb206b3BlbnNlc2FtZQ==
This is the base64-encoded version of the username/password. To de-code that manually, head to a page like https://www.base64decode.org/, paste the string into the upper box, and click "Decode":
If you're using python to make requests, it should be possible to set your session headers as follows:
session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}
I would love feedback on this article. If you find it unhelpful, please leave a comment so that it can be improved!
8 Comments
The example only talk about username password . but more relevant is the format of the username/token:password , which is not that straight forward in basic auth.
Hi Shiomi,
I believe what you're asking about is covered by the second part of the answer which starts "If using an API-token to perform that authentication..."
Please let me know if I'm failing to understand your comment correctly so that I can help improve this article.
Thanks!
you are right , but i thought an example of such should be here as well.
for example for me it didn't work at the beginning just because my browser also sent the cookies and probably zendesk authenticated me through that.
also , i started to wonder which part should be base64 encoded , eventually got it but it was nice if it was clearer for example Authorization: Basic (base64encode(user@domain/token:token_value))
Thanks Shlomi!
Our Developer Docs now include additional information about base-64 encoding this auth info:
https://developer.zendesk.com/rest_api/docs/core/introduction#security-and-authentication
Please let me know if this is clearer or if it could still use improvement.
Can you add this example of how to send it properly?
Add an example of sending requests:
session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}
Hi Tomer,
Sure - good suggestion! I was trying to keep this as language-agnostic as possible, but having an example in Python could be useful as many folks use that for scripting.
If I log into Zendesk with Google authentication, not my own Zendesk username and password, can I still use the API?
Hi Matt,
You'll need to create Zendesk credentials in order to authenticate API requests (or use an API/Oauth token). Google authentication will not work with the API.
Please sign in to leave a comment.