Using OAuth authentication with your application

Return to top
Have more questions? Submit a request


  • Nick Hemenway

    Hello, I'm trying to implement the Password grant type OAuth flow, and I'm having trouble understanding how I'm supposed to obtain the user's username and password in order to request the OAuth token for the first time. This section seems to imply that there is an endpoint to retrieve the username and password I need, but I haven't been able to find this endpoint. Any advice? Thanks

  • Vitaliy Markitanov


    Do you support OIDC brokering?
    Idea is that I have IDP and my web users should authenticate with my IDP via SSO.


  • Jason Schaeffer
    Zendesk Customer Advocate

    Hello Vitaliy,

    Zendesk does not currently support OpenID Connect, and according to our product team, this is not currently something on our Road Map.  Apologies for the inconvenience. 

  • Paul Moran

    The "authenticity_token" mentioned in the comment above doesn't work for me. The format of the csrf_token (which I was able to access using the v1 template api) and this authenticity_token are different. 

  • Bernardo Reis

    Hi there. I've implemented the OAuth authentication flow as suggested and have requested the following scopes:

    'users:write tickets:write organizations:write identities:write read'

    Everything works as expected, except when I try to use Zendesk's API to delete user identities. I get the following error:

    {"error":"Forbidden","description":"You are missing the following required scopes: write"}

    Shouldn't the 'users:write' scope let me manage user identities? Or do I need an additional scope? Looks like that 'identities:write' is not a valid option

  • Ariane Frances dela Cruz
    Zendesk Customer Advocate

    Hello Bernardo, 

    I'd like to look further into this, I'll be creating a ticket for you, kindly expect an email shortly. 

  • Greg - Community Manager
    Zendesk Developer Support Team

    Hi Tiel! Is this in relation to a Zendesk feature or is this just a general question about Oauth?

  • Nishant Gupta

    I have been trying to implement OAuth in Rest API.
    Please note that I don't have web app(in which I can use redirect URL)
    Only Backend - REST api

    With all the oauth Authentication types, it is confusing to follow which one is the best to do.?
    Which curl commands helps me authenticating with Zendesk successfully using oauth

    Is the password grant type best suited for this type with below curl command? or what alternatives we have ?

    curl https://{subdomain} \
      -H "Content-Type: application/json" \
      -d '{"grant_type": "password", "client_id": "{your_client_id}", 
        "client_secret": "{your_client_secret}", "scope": "read",
        "username": "{zendesk_username}", "password": "{zendesk_password}"}' \
      -X POST
  • Viktor Hristovski

    Hi, im generating an OAuth token in Zendesk for our developers, but we are getting :unauthorised" even in the simple curl  command for example:

    curl \ -H "Authorization: Bearer gErypPlm4dOVgGRvA1ZzMH5MQ3nLo8bo"

    we are getting : {"error":"invalid_token","error_description":"The access token provided is expired, revoked, malformed or invalid for other reasons."}

    What are we doing wrong?

  • Chinh Phan


    How can I get the full access token within just one API? I'm using javascript to call, and implement a ticket form from my website.


  • Cheeny Aban
    Zendesk Customer Advocate

    Hi Chinh Phan

    What do you mean by full access API token? Can you tell us more about your use case so we can check it for you?


  • Chinh Phan

    Hi Cheeny Aban,

    I'm implement the contact form from Frontend via Javascript, submit Ticket to Zendesk. Look like this: 

    When I try to POST a ticket to zendesk, I'm facing the CORs issue (I used all tokens, aouth in zendesk setting).

    Ticket's API requires the authorization is "Bearer " + access_token.

    I thought the API get access_token work when I tested via Postman: https://{subdomain}
    But no, when I apply API get access token to javascript code. I'm also facing the CORs issue.

    If I implement as in the document at:

    when browser redirect to the url: https://{subdomain}{your_redirect_url}&client_id={your_unique_identifier}&scope=read%20write

    It forces I have to login into zendesk. It is not feasible for users who do not have an account.


Please sign in to leave a comment.

Powered by Zendesk