Question
I'm looking to make an API request using the Zendesk CORE API. How can I send my user credentials to authenticate that request?
Answer
Zendesk uses Basic authentication sent within the headers of an API request. We do not process credentials sent in the payload (body) or URL.
The authorization header should be formatted as follows:
- Authorization: "Basic (base-64-encoded username:PASSWORD_HERE)"
If using an API-token to perform that authentication, the authorization header would look like this:
- Authorization: "Basic (base-64-encoded username/token:API_TOKEN_HERE)"
If you'd like to see exactly what's being sent by your app, you can use a page like http://requestb.in/ to see what's coming over. It may be helpful to compare your headers to those being generated by an HTTP target using basic authentication. You can point an HTTP target to the same requestb.in page and choose Test Target to see this in action:
Here's what that'll look like within your Zendesk:
Once that hits your requestb.in, it'll show up like this:
The string following "Authorization: Basic" is dXNlckBlbWFpbC5jb206b3BlbnNlc2FtZQ==
This is the base64-encoded version of the username/password. To de-code that manually, head to a page like https://www.base64decode.org/, paste the string into the upper box, and click "Decode":
If you're using python to make requests, it should be possible to set your session headers as follows:
session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}
I would love feedback on this article. If you find it unhelpful, please leave a comment so that it can be improved!
15 Comments
The example only talk about username password . but more relevant is the format of the username/token:password , which is not that straight forward in basic auth.
Hi Shiomi,
I believe what you're asking about is covered by the second part of the answer which starts "If using an API-token to perform that authentication..."
Please let me know if I'm failing to understand your comment correctly so that I can help improve this article.
Thanks!
you are right , but i thought an example of such should be here as well.
for example for me it didn't work at the beginning just because my browser also sent the cookies and probably zendesk authenticated me through that.
also , i started to wonder which part should be base64 encoded , eventually got it but it was nice if it was clearer for example Authorization: Basic (base64encode(user@domain/token:token_value))
Thanks Shlomi!
Our Developer Docs now include additional information about base-64 encoding this auth info:
https://developer.zendesk.com/rest_api/docs/core/introduction#security-and-authentication
Please let me know if this is clearer or if it could still use improvement.
Can you add this example of how to send it properly?
Add an example of sending requests:
session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}
Hi Tomer,
Sure - good suggestion! I was trying to keep this as language-agnostic as possible, but having an example in Python could be useful as many folks use that for scripting.
If I log into Zendesk with Google authentication, not my own Zendesk username and password, can I still use the API?
Hi Matt,
You'll need to create Zendesk credentials in order to authenticate API requests (or use an API/Oauth token). Google authentication will not work with the API.
When trying to Authenticate a URL Target; i am getting a 401 Error which is
Hi Yamile,
I'm happy to reach out to you in a ticket to get more details about your workflow, but I suspect this may be related to how the user and token are being passed over.
In order to leverage the API token in the basic authentication, you'll want to have the username look like this:
Where the "/token" is appended after the user's email address, and the API token itself is put into the password field. Please let me know if this helps to resolve this issue for you, or if you'd like me to create a ticket to look into this further.
Hi Dwight,
Yes, open a ticket. I just tried what you suggested and i am still getting the same error (401)
"error": "Couldn't authenticate you"
Thanks,
Yami
Hi Dwight,
I am having the same issue, wondering how the above was fixed?
Thank you!
Priscila
Hi Priscila,
The above issue appeared to be the result of a formatting issue within the target authentication values. I'll raise a ticket to work with you to resolve this matter on your account.
Hi Dwight,
Many thanks for all the information.
Is it possible to gain access to a zendesk sandbox?
I am trying to send a request to Zendesk from NAV (2017) but am hitting the error:
"The request was aborted: Could not create SSL/TLS secure channel."
I am setting the username/password as the format given in the Zendesk API. Any help would be much appreciated.
Thanks
Hi Anant,
I'd be happy to look into this more closely in a ticket so we can discuss things more privately. I can then report back on our findings to this thread for the good of the community. I'll be reaching out to you in such a ticket shortly.
Please sign in to leave a comment.