Recent searches


No recent searches

How can I authenticate API requests?



image avatar

Dwight Bussman

Zendesk Customer Care

Edited Aug 15, 2024


2

20

20 comments

Hi, I'm working on a custom request form for our end-users (but still within our Zendesk subdomain). When I try to submit the form and send the data to create the request, it returns with a 403 error. The same code works on postman and the request is being created.

I'm having a hard time figuring out why im getting a 403. I tried both email/token:api_key authentication and basic email:password authentication.

https://support.zendesk.com/hc/en-us/community/posts/1260800839050-403-error-when-creating-request-via-API 

0


0


@Tomer did you mean the base64 encoded? I did that, my email/token:api_token is encoded. I tried manually encoding it using one of the websites and also dis btoa('email/token:api_token'); but both gave me a 403 error.

0


Hi @...

I am getting the same authentication error. Can you please help me on this? I also created a ticket on this.

C:\Users\yyy> curl https://<subdomain>.zendesk.com/api/v2/users.json -u yyy@<company>.com/token:xxxxxxx

{"error":"Couldn't authenticate you"}

Thanks

-Bheem

1


Hi Team,

Precindition: Token is created in zendesk

I as an admin share my email address and token with other team member. Can they acess the API's? or is it like i need to login to zendesk from the same system/pc from where the user is trying to access the API's?

 

Or they can just pass my email address and token simply without i being logged in to zendesk?

Regards,

Waseem

0


image avatar

Dwight Bussman

Zendesk Customer Care

Waseem Khan

Simply having your email & API token is sufficient for any user to make API requests on behalf of your user. This gives them the ability to do anything your user would be able to do via the API. This includes deleting things like tickets/users/organizations/articles/sections/categories/triggers which can be very destructive. For this reason, I would encourage you to be very selective about who has access to these tokens. 

0


Please make it clearer on this page that you have to Base-64 encode the token. Here's the command that I used on Mac to Base-64 encode my token.

echo -n 'foo@bar.com/token:abc123' | base64

4


image avatar

Dwight Bussman

Zendesk Customer Care

HeyO Nick,

Thanks for the feedback. I will make updates to this article to make that clearer.

1


I just ran into and resolved an issue using Postman for API requests where the following was returned:

"error": "Couldn't authenticate you"

Per the API documentation I was using the following so everything should have been set up correctly:

  • Basic Auth
  • Format: {admin_email}/token:{admin_api_key}
  • URL: {my_domain}.zendesk.com/api/v2/{endpoint}

Turns out, when the base64 encoded Authentication value was being decoded in Postman, it was adding an additional colon : to the decoded username string (I had to check this using a third-party decoding site).

To resolve, I had to:

  1. Copy the rendered Authorization value in the Header's tab
  2. set Postman to "No Auth"
  3. Manually input the "Authorization" key on the Header's tab
  4. Paste in the copied value
  5. Remove the "g==" that had been added to the encoded value (which removed the colon from the decoded value back to what I had originally input)

At that point my requests started going through. Hope this helps anyone else that runs into this with Postman!

2


I have setup SSO for my end users.
I want to show some of the Zendesk content on my own web app platform without having to proxy the requests to Zendesk API through my server.
Is there any option to issue /api/v2/help_center/* requests with the JWT token I get from /access/jwt endpoint?
Also what about CORS? Of course for now I get only 401 response but I see it is not supporting cross origin requests.

2


Hi!  I'm trying to use Azure Logic Apps to Authentic for a POC but I keep getting 401  Couldn't authenticate you.  

I've encoded my username/token:aaaa via powershell this way but I must be missing something.

$text = "myname@mydomain.com/token:tokentexthere"
$encoded = [convert]::ToBase64String([text.encoding]::Unicode.GetBytes($text))
$encoded

I went through this article and tried OAuth, api, user/password but just not getting authenticated.  

Any ideas would be welcome!

0


image avatar

Dwight Bussman

Zendesk Customer Care

Hi Fraser, Vanessa

After doing that encoding are you passing the encoded value in as a Basic Authorization header as documented here: https://developer.zendesk.com/api-reference/introduction/security-and-auth/#basic-authentication 

Authorization: Basic {base64-encoded-string}

If that doesn't help sort things out for you, I recommend contacting our support team to look into logs for your specific account.

0


I'm sure it is something I'm doing wrong but I have been over and over that article and am not seeing what I have done wrong.  I'll contact support.  Also I can curl using the email/token:tokeninfo so it has to do with my encoding of the email/token:tokeninfo.

0


Hello, SSO authentication works to customer's side?
We don't have our customer's zendesk password.

0


image avatar

Dane

Zendesk Engineering

Hi Felipe,

Yes, you can use SSO for your end users. Please refer to Providing multiple sign-in options for team members and end users.

-1


Hi All!

If you are working on macOS, I recommend that you follow the tip given by Nick Bolton.  I tried to create the base64 code using the -i option of the base64 comman, but it kept adding an extra character to the end of encoded output.

Cheers!!

Dermot

0


Hi All,

I ran into the same issues described by some people. Here's my working solution: 

I enconded the credentials mentioned on the dokumention '{email_address}/token:{api_token}'

with UTF-8

$Base64AuthInfo = "{email_address}/token:{api_token}"
$Base64AuthInfo = [convert]::ToBase64String([text.encoding]::UTF8.GetBytes($Base64AuthInfo))

My previous attempt encoding with unicode did not work. 

$Base64AuthInfo = "{email_address}/token:{api_token}"
$Base64AuthInfo = [convert]::ToBase64String([text.encoding]::Unicode.GetBytes($Base64AuthInfo))

 

Maybe a mention of that could be usefull inside the API documentation. 

 

Cheers!!

Benedikt

2


Hi all

I have similar concern with Ramy Ben Aroya' s comment here

I want to show some Zendesk content in my web app. As far as I know, I can do it either through Oauth2 or by making a request on behalf of an user, but eventually I will need end users' passwords, is there a way I can do it without having to request their passwords?

0


image avatar

Paolo

Zendesk Engineering

Hi Glenn,
 
If you need the actual user's password, unfortunately, there is no way on getting this unless you ask them. In addition, it is not recommended to have your end user's password as this may arise security concerns. Can you please explain further the purpose of why the actual user password is needed, and the an OAuth or a token is not sufficient?
 
Best,
Paolo | Technical Support Engineer | Zendesk

0


Hi Paolo,

First, I need to emphasize that “I don't want to ask users about their passwords”.
I want to show some Zendesk content in my web app based on users' authorization status.

 

If I go with Oauth2, I will need to ask user's password, this is the example from Oauth2 Password grant type

curl https://{subdomain}.zendesk.com/oauth/tokens \
  -H "Content-Type: application/json" \
  -d '{"grant_type": "password", "client_id": "{your_client_id}", 
    "client_secret": "{your_client_secret}", "scope": "read",
    "username": "{zendesk_username}", "password": "{zendesk_password}"}' \
  -X POST

 

If I go with Making API requests on behalf of end users, I also need password from the user.

curl https://{subdomain}.zendesk.com/api/v2/oauth/tokens.json \
-H "Content-Type: application/json" \
-d '{"token": {"client_id": "your_client_id", "scopes": ["impersonate", "write"]}}' \
-X POST -v -u {email_address}:{password}

 

Either way I need users' passwords to do it, is there a way I can do it without requesting their passwords?
 

0


Please sign in to leave a comment.