Using OAuth authentication with your application

Have more questions? Submit a request


  • Bryan Flynn

    Hi James. This article talks about the general OAuth grant flow for getting an authorization token to access the Zendesk Support product. We don't have any specific guidance if moving from the SalesForce solution you mention, however.

    If you have specific questions related to OAuth and Zendesk, we can work on answering those. Also, if you want to share your use case, maybe some additional information can help.

  • James Lertora

    Hi Brian,

    Thank you for the quick response! 

    We host files for download on apache server, but require auth for users. We have links in Zendesk pointing to these resources, but again need to be authenticated. So the link in Zendesk could relate to "First Use" in the diagram above, I think. Any pointers will be helpful. Thanks again.

  • Bryan Flynn

    If you're already authenticated into Zendesk Support product's agent interface, clicking on links inside ticket comments that lead to your asset server, that would be one scenario. This article might give a different perspective for that scenario (not necessarily an exact solution for you, but closer to this use case): Using OAuth to authenticate Zendesk API requests in a web app.

    If you're accessing these assets via an Apps framework app, that would be a different scenario and would benefit from secure settings.

    If these points still don't hit the mark James, I suggest reaching out to with more details related to your account and use cases and we can dig into more details there. Hope this is at least a step in the right direction.

  • Colin Smith

    Hi, I was hoping to use the client-credentials grant type, but that isn't documented here, is it supported?

  • Bryan Flynn

    Hi Colin,

    The OAuth client credentials grant type isn't supported in Zendesk Support.

    Zendesk Chat does support it, however. There are specific setup steps needed. Instructions are here: Implementing an OAuth authorization flow.

    Because there is no "non-agent"/system type user, any token created always belongs to a specific agent or admin. This means any actions made with that token will appear to be done by the user who created the token.

    Hope this helps!


Please sign in to leave a comment.

Powered by Zendesk