English (US)
  1. Zendesk help
  2. Support
  3. Advice and troubleshooting
  4. API

How can I authenticate API requests?

Dwight Bussman
  • Edited
Zendesk team member

Question

How can I authenticate API requests using one of Zendesk v2 API's?

Answer 

You must be a verified user to make API requests. You can authenticate API requests using basic authentication with your email address and password, with your email address and an API token, or with an OAuth access token.

All methods of authentication set the authorization header differently. Credentials sent in the payload (body) or URL are not processed.

This article includes information on the following topics:

Basic authentication

If you use basic authentication, combine your email address and password to generate the authorization header.

The email address and password combination need to be a Base-64 encoded string.

The authorization header should be formatted like this:

Authorization: Basic email_address:password

API token

If you use an API token, combine your email address and API token to generate the authorization header.

The email address and API token combination need to be a Base-64 encoded string.

The authorization header should be formatted like this:

Authorization: Basic email_address/token:api_token

OAuth access token

If you use OAuth to authenticate, the authorization header should be formatted like this:

Authorization: Bearer oauth_access_token

For more information, see this article: Using OAuth authentication with your application.

Viewing your authorization header

If you want to see exactly what is sent by your app, use a page like http://requestb.in/. It's helpful to compare your headers to those being generated by an HTTP target using basic authentication. Point an HTTP target to the same requestb.in page and choose Test Target to see this in action:

Once that hits your requestb.in, it shows up like this:

 

The string following "Authorization: Basic" is dXNlckBlbWFpbC5jb206b3BlbnNlc2FtZQ== 

This is the base64-encoded version of the username/password. To de-code that manually, head to a page like https://www.base64decode.org/, paste the string into the upper box, and click Decode:

  

If you use python to make requests, it should be possible to set your session headers as follows:

session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}

For more detailed information on authentication, see our developer documentation on Security and authentication.

Return to top
Have more questions? Submit a request

62 Comments

  • Bonaliza Garcia

    @Tomer did you mean the base64 encoded? I did that, my email/token:api_token is encoded. I tried manually encoding it using one of the websites and also dis btoa('email/token:api_token'); but both gave me a 403 error.

    0
  • Bheemsen Aitha

    Hi Dwight Bussman

    I am getting the same authentication error. Can you please help me on this? I also created a ticket on this.

    C:\Users\yyy> curl https://<subdomain>.zendesk.com/api/v2/users.json -u yyy@<company>.com/token:xxxxxxx

    {"error":"Couldn't authenticate you"}

    Thanks

    -Bheem

    0

Please sign in to leave a comment.

Related articles

Powered by Zendesk