API tokens can be used to as part of 2-factor authentication for integrations. You can view, add, delete, and manage API tokens in the Zendesk Admin interface. To generate an API token, you must be an administrator and API token access must be enabled.
This article includes the following sections:
Enabling API token access
API token access is disabled by default. Before you can generate an API token, enable API token access.
To enable API token access
- Click the Admin icon (
) in the sidebar, then select Channels > API. - Click the Token Access toggle to enable API token access.
Generating an API token
Once you have enabled API token access, you can generate an API token.
To generate an API token
- Click the Admin icon () in the sidebar, then select Channels > API.
- Click the Settings tab, and make sure Token Access is enabled.
- Click the + button to the right of Active API Tokens.
- Enter a name for the token, and click Create. The token is generated, and displayed for you in a pop-up window:
- Copy the token (in red), and paste it somewhere secure. Once you close this window, the full token will never be displayed again.
- Click OK, I've copied my token to return to the API page. A truncated version of the token is displayed:
28 Comments
The Token Access slider is set to 'enabled'. I cannot for the life of me find the 'Add new token' button/URL. I am an administrator. Help!
Cheers
Understandable, it is a very discreet looking plus sign below the slider(s).
Hi,
Is the following statement correct: "An API token is connected to the user who created it. If that user is deleted, or demoted from an admin role, any external platform using this token will not have access anymore".
If this is correct, is there a way for an admin to create a token which is connected to another admin user (e.g. an integrations user who will never leave the company or get another role)?
Hi Gal,
Yes, the token would still be valid if it was taken from a deleted user, so it should be possible to use it with another admin user.
Hi Team,
Is there a way to link a token to a user in Zendesk?
Currently if a token is shared to a user for them to use and they are a Light Agent, they can use this to call the API. If that user realises that instead of using their log in name, but instead uses the log in name of an Admin then they can use that token and the admin log in name to use the API. This seems incredibly insecure...
Is this our set up that we need to change? Or Zendesk set up in general?
Thank you, Heather.
You are correct in that if a user is going to have access to a token attributed to a different user it would be insecure, as tokens are inherently private methods of authentication. It would be similar to sending passwords out, and we advise against sharing Tokens amongst agents for this reason.
Light Agents still ought to be able to call basic endpoints with only their password as authentication, but if you need more scope you can utilize OAuth: https://support.zendesk.com/hc/en-us/articles/203663836-Using-OAuth-authentication-with-your-application
Thanks!
I have to say, we're trained (*cough*) to look for non grayed out items to click on.
My apologies for sounding harsh but it is counter intuitive to click on something like one of these controls. I don't mean to sound viciously critical, just trying to encourage a fix. :)
Thanks for sharing that feedback, Michael!
> select Channels > API
We don't see "API" under Channels, only social. Do we need to do something special get (back) access? I seem to remember we had this a year ago...
https://nauto.zendesk.com/
Hi Ernest,
Can you confirm you're logged in as an Admin on the account? The API option should show up under the Widget option as shown in the screenshot below:
I would also confirm whether or not other Admins on the account have access to this as well. If not, can you provide a screenshot of what you see on your end?
Thanks!
Hi guys,
The tokens has an expirate date?
Thanks.
Hi Andrei,
API tokens do not have an expiration date.
They can manually be revoked or deleted by another admin on the account.
Cheers!
Can agent's have their own API token, or do they need to be converted to an Admin in order to get a token?
Hey Tarun,
Only Admins on the account can request an API token :)
Hi,
I try to use the api's to get/create tickets and I have issues making calls through Postman. I'm an admin, I generated a token, encoded it, using the correct setup in GET call, but I get error:
{
"error": "Couldn't authenticate you"
}
I try to use a GET call to https://nejm15xxxxxxxx.zendesk.com/api/v2/tickets.json and using "Authorization" header with a value of "Basic xxxxx" where xxxxx= encoded value for {email_address}/token:{api_token}.
I tried the same call using curl, but I get the same error.
Can you provide an working example for Postman, or do i miss anything else?
Hi Sorin-
Using Postman you can simply select the 'Basic Auth' type under authorization and fill in the corresponding fields - don't forget to append
/tokento your email if using an API token. You shouldn't need to encode it beforehand.thank you Joseph, it worked
Hi, is it possible to generate an API key that is restricted in its permissions (i.e. limit to read-only calls)?
Thanks,
Yair.
HI i'm trying to make an api call with the token but i'm getting
{
"error": "Couldn't authenticate you"
}
https://xxxxxxx.zendesk.com/api/v2/tickets.json?xxxxx.xxxxxx@xxxxxx.com/token:******************
what i'm i doing wrong ? thx
Hi , I am not able to see API under widget , when i login to Zendesk,
I want to get data from API using vba code, but as API Key is missing , I am getting error : you must supply credential to complete this request
Hey Mohammad,
Can you confirm you're an Admin on the account? Only Admins would have access to the API option under the Admin settings.
If you are set up as an admin, can you provide a screenshot of what you see on your end?
Thanks!
Hi Brett, I got the API token , thanks for following up
I just set up a sandbox but my account doesn't have admin on it- how do I get an admin account on a sandbox instance so I can get a token so I can test my code against my sandbox instance?
Hey Linda,
Agent's don't transfer over to the new Sandbox account. You'll want to log in with whatever agent account you created the Sandbox account with. Then, once you're logged in you can navigate to Admin>Manage>People and add your new admin to do some testing with.
Let me know if the above doesn't make sense or if you continue to experience issues.
Cheers!
Is there a way to programmatically create an API token using an older API token (or username/password)? I am trying to automate rotation of Zendesk API keys and need a programmatic way to create Zendesk API tokens
Hello Harshit Beri,
As our product currently stands, we don't have endpoints for token creation in the API. I've gone ahead and linked an article below that covers the API in more detail for your development needs.
Support API
Best regards.
Hello,
For one of the brands we have an API integration to create new tickets in Zendesk.
In administration we can see the number of API calls in the last 24 hours. 2 Questions here:
1) Is there a way to separate successful-failure API calls ? also can we see the logs ?
2) Is there a way to extend the timeframe ? from 24 hours to a custom value ?
Thank you,
Cezar
Hey Cezar,
There isn't a way to customize the information displayed on the admin page you're referencing. If you need additional information, we recommend implementing API logging on your side.
There's no way of extending this time as it's hard coded into the system. However, you can set this up with your own API logging implementation if you choose to set one up.
Let me know if you have any other questions!
Please sign in to leave a comment.