|Announced on||Available on|
|July 28, 2021||July 28, 2021|
Today we're announcing a new way to block unauthorized API traffic from using Zendesk.
The Requests (api/v2/requests) and Uploads (api/v2/uploads) API endpoints typically require authentication, but have an exception to allow anonymous ticket creation. Now there is a new customer (end user) setting that admins can enable if they want to block all unauthenticated requests from these endpoints, including anonymous ticket creation.
When this setting is enabled, anonymous ticket creation is prevented and all requests from the Requests and Uploads API endpoints must be authenticated. This is highly effective at preventing malicious spam, but can make it harder for end users to open tickets. For example, ticket submission by the Zendesk Web Widget Contact form, custom apps, and external web forms that rely on the unauthenticated anonymous ticket creation process will not get created.
Why did Zendesk make this change?
The goal of this change is to make the Requests and Uploads API endpoints more secure and to provide the option of blocking all unauthenticated and anonymous requests when necessary. These endpoints were both designed to support anonymous ticket creation, but we understand that this capability isn't always desirable. It could be an easy way for spammers to relay attacks.
What do I need to do?
This setting is optional. You can enable it and disable it as you need to. There is no change to existing product capabilities.
For more information about this change, see Managing end user settings.