English (US) Deutsch Español Français 日本語 Português do Brasil
Zendesk Chat Help Center Zendesk Explore Help Center Zendesk Connect Help Center Zendesk Talk Help Center Zendesk Guide Help Center Zendesk Help Center Zendesk Develop Help Center
  1. Zendesk Support
  2. Advice and Troubleshooting
  3. API

Authentication for API requests Follow

Avatar
Dwight Bussman
Updated

Question

I'm looking to make an API request using the Zendesk CORE API. How can I send my user credentials to authenticate that request?

Answer

Zendesk uses Basic authentication sent within the headers of an API request. We do not process credentials sent in the payload (body) or URL.

The authorization header should be formatted as follows:

  • Authorization: "Basic (base-64-encoded username:PASSWORD_HERE)"

If using an API-token to perform that authentication, the authorization header would look like this:

  • Authorization: "Basic (base-64-encoded username/token:API_TOKEN_HERE)"

If you'd like to see exactly what's being sent by your app, you can use a page like http://requestb.in/ to see what's coming over. It may be helpful to compare your headers to those being generated by an HTTP target using basic authentication. You can point an HTTP target to the same requestb.in page and choose Test Target to see this in action:

Here's what that'll look like within your Zendesk:

Screen_Shot_2016-12-27_at_2.15.13_PM.png 

Once that hits your requestb.in, it'll show up like this:

Screen_Shot_2016-12-27_at_2.18.39_PM.png

 

The string following "Authorization: Basic" is dXNlckBlbWFpbC5jb206b3BlbnNlc2FtZQ== 

This is the base64-encoded version of the username/password. To de-code that manually, head to a page like https://www.base64decode.org/, paste the string into the upper box, and click "Decode": 

Screen_Shot_2016-12-27_at_2.21.11_PM.png  

I would love feedback on this article. If you find it unhelpful, please leave a comment so that it can be improved!

Comments

4 comments

Sort by Date Votes
  • Avatar
    Shlomi Cohen

    The example only talk about username password . but more relevant is the format of the username/token:password , which is not that straight forward in basic auth.

    0
    Permalink
  • Avatar
    Dwight Bussman

    Hi Shiomi,

    I believe what you're asking about is covered by the second part of the answer which starts "If using an API-token to perform that authentication..."

    Please let me know if I'm failing to understand your comment correctly so that I can help improve this article.

    Thanks!

    0
    Permalink
  • Avatar
    Shlomi Cohen

    you are right , but i thought an example of such should be here as well. 

    for example for me it didn't work at the beginning just because my browser also sent the cookies and probably zendesk authenticated me through that.

    also , i started to wonder which part should be base64 encoded , eventually got  it but it was nice if it was clearer for example Authorization: Basic (base64encode(user@domain/token:token_value))

     

    0
    Permalink
  • Avatar
    Dwight Bussman

    Thanks Shlomi!

    Our Developer Docs now include additional information about base-64 encoding this auth info:

    https://developer.zendesk.com/rest_api/docs/core/introduction#security-and-authentication

    Please let me know if this is clearer or if it could still use improvement.

    0
    Permalink

Please sign in to leave a comment.

Related articles

Related articles

Support Yourself.

Prepare for the worst with the best. Zendesk Support makes agents happier and more productive.

Try Zendesk Support
Powered by Zendesk