How can I authenticate API requests?

Return to top
Have more questions? Submit a request

54 Comments

  • Brett Bowser
    Zendesk Community Team

    Hey Cem,

    You can create a trial account by navigating to https://www.zendesk.com/register and entering your information there.

    I hope this helps!

    0
  • Marco

    Having issues authenticating.

     

    Code in js:

     

    headers: {'content-type': 'application/json', authorization: 'basic myemai@email.co.uk/token:XXXX'}

     

    returns: {"error":"Couldn't authenticate you"}

    0
  • Dwight Bussman
    Zendesk team member

    Hi Marco,

    Could you try base-64 encoding that username/token:XXXX string as described in https://developer.zendesk.com/rest_api/docs/support/introduction#basic-authentication

    to see if that works better?

    0
  • Marco

    Hi Dwight,

     

    I tried but it still doesn't seem to work.

    _header: 'GET /api/v2/tickets/380289/comments.json HTTP/1.1\r\n' +
    'content-type: application/json\r\n' +
    'authorization: email@email.co.uk/token:XXXXX...3F5\r\n' +

     

    this is part of what outputs in my terminal. I'm trying to access ticket info and I'm using the token created via zendesk

     

    Removing my email and appending '==' didn't seem to fix the issue, if that is what the above is referring to?

    0
  • Dwight Bussman
    Zendesk team member

    Hi Marco,

    Apologies - I should've clarified better. You'll need to base-64 encode your email/token:TOKEN and use that within the authorization header.

    So if your credentials look like this:

    email@email.co.uk/token:token_value_here

    the base-64 encoded version would look like this:

    ZW1haWxAZW1haWwuY28udWsvdG9rZW46dG9rZW5fdmFsdWVfaGVyZQ==

    and the auth header would look like this:

    'Authorization: Basic ZW1haWxAZW1haWwuY28udWsvdG9rZW46dG9rZW5fdmFsdWVfaGVyZQ=='


    There are a number of tools to do that base-64 encoding. Here's a website that describes how to do so from the command-line: https://scottlinux.com/2012/09/01/encode-or-decode-base64-from-the-command-line/ 

    There are also online sites on which this can be done if you're not worried about security of the credentials involved: https://www.base64encode.org/ 

     

    If you're still having difficulty with this, please raise a ticket with our support team so we can take a closer look at logs for your account.

    1
  • Marco

    That's fixed it thank you!

    1
  • Yawei

    Except for using email: password, can I use other identity like phone: password to do the authentication?

    0
  • Dwight Bussman
    Zendesk team member

    Hi Yawei,

    Our API requires the use of either an email address or an OAuth bearer token.

    0
  • Yawei

    Is that mean if user does not have email we only can use OAuth to do authentication

    0
  • Dwight Bussman
    Zendesk team member

    That is correct. Per https://developer.zendesk.com/rest_api/docs/support/introduction#security-and-authentication

    0
  • Lavender Song

    hi Dwight Bussman,

    I called the api :/api/v2/targets.json to add a target. Set username and password in target and create target successfully. But found password has not set successfully.
    And when received the webhook found the Authorization header returned without password

    0
  • Dwight Bussman
    Zendesk team member

    HeyO Lavender Song,

    When testing this using a target payload as follows:

    {
    "target": {
    "title": "Target created from API",
    "type": "url_target_v2",
    "active": true,
    "method": "POST",
    "username": "user@example.com",
    "content_type": "application/json",
    "password": "somethingsecret",
    "target_url": "https://hookb.in/xxxxxxxxx"
    }
    }

    I see the following response:

    This means that the API call is ignoring that password parameter. I'm reaching out to the team in charge of Targets to see if there's another way to pass that in when creating a target, or if this is an intended limitation. I'll let you know what I hear back

    0
  • Dwight Bussman
    Zendesk team member

    Thanks for bringing this to our attention. Our Developers have just released code which resolves this issue of the password being stripped out when creating targets via the API.

    Dwight B. | Customer Advocate | support@zendesk.com

    Zendesk Experience Research Panel

    0
  • Lavender Song

    hi Dwight Bussman,

    Well done. Have tested and it works well now.

    Thanks

    0
  • Tomer Ben Arye

    Many questions raised here before me, for the last 2 years.

    If someone has an issue sending a base64 encoded API_Token, he can use my few lines of scripts to do so.

     

    Python3:

    import base64
    import requests

    email = input("Enter your Zendesk email: ").lower()
    api_token = input("Enter your Zendesk API token: ")
    full_string = email + '/token:' + api_token
    encoded_string = base64.b64encode(full_string.encode())
    session = requests.Session()
    session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic ' + encoded_string.decode()}

    response = session.get(url)
    data = response.json()

     

    0
  • Devan - Community Manager
    Zendesk Community Team

    Hello Tomer Ben Arye,

    Could you explain your problem with a bit more detail so we can better help you?

    Best regards. 

    0
  • Tomer Ben Arye

    Hey Devan,

    My post was a code to all the other people here, that were struggling to make it happen....

    So, my code works fine, but you're right, I didn't include a proper "header" for it.
    TL;DR,
    If someone has an issue sending a base64 encoded API_Token, he can use my few lines of scripts to do so.

     

    0
  • Nicole S.
    Zendesk Community Team

    Thank you for sharing your solution, Tomer! 

    0
  • Saori

    Hello, 

    I am using Postman. Auth is Basic Auth that is my email address and Zendesk password. When I run help_center GET request, 200 response returns. However, when I try to run Zendesk Support (GET) request, 401 Unauthocated returns even though I use the same email and password for Basic Auth. Has anyone experiences the same error before? Any insights for this solution?

    Sorry if I am missing very basic steps before running requests. 

    0
  • Dwight Bussman
    Zendesk team member

    Hi Saori,

    It looks like Password Access is disabled for your account. Could you please head into Admin > Channels > API > Settings and confirm that the password-access switch is flipped on? 

    I suspect the Help Center page works because it can return results un-authenticated, so it's ignoring the username/password.

    1
  • C. Taf

    I am successfully querying the search API using an API token, however, because our app uses SSO for user authentication, if that user is not logged into zendesk already, image content does not display. Based on the response above, using a JWT for authentication is not an option (although confusingly this does seem to be an option using the Zendesk widget, which appears to be making use of the same general API endpoints).

    How can I either pre-fetch or otherwise authenticate a user with regard to fetching restricted content media (images, specifically?). Using Oauth is not an option, since we are making use of SSO. 

    0
  • Bryan - Community Manager
    Zendesk Developer Support

    Hello C. Taf,

    There have been requests for additional means to authenticate (such as a JWT/Authorization header approach). However, the three approaches mentioned in the above article are the only ones currently available for straight API requests (i.e. ones that do not rely on a session cookie from a Support agent login).

    Keep in mind, too, that when using an API token, it should only be used by a server-side solution as you want to keep the token secure and not expose it client-side. 

    While this isn't the answer I'm sure you were hoping for, I wanted to set current expectations, so you can determine what the best next steps might be.

    0
  • C. Taf

    Thanks for your response, however, we weren't seeking an additional JWT-enabled mechanism for authenticating API requests (though this would be great, and again reading between the lines does appear to be an option with the widget). Authentication in general is not the issue (and of course the API token is kept server-side) as we are successfully querying the API. 

    The issue is that attachment content URLs return a 302 when utilizing an SSO implementation. 

    0
  • Bryan - Community Manager
    Zendesk Developer Support

    I see you created a new post C. Taf, so will pick things up over there.

    0

Please sign in to leave a comment.

Powered by Zendesk