English (US)
  1. Zendesk help
  2. Support
  3. Advice and troubleshooting
  4. API

How can I authenticate API requests?

Dwight Bussman
  • Edited
Zendesk Customer Care

Question

How can I authenticate API requests using one of Zendesk v2 API?

Answer 

You must be a verified user to make API requests. You can authenticate API requests using basic authentication with your email address and password, with your email address and an API token, or with an OAuth access token.

All methods of authentication set the authorization header differently. Credentials sent in the payload (body) or URL are not processed.

This article includes information on the following topics:

Basic authentication

If you use basic authentication, combine your email address and password to generate the authorization header.

The email address and password combination need to be a Base-64 encoded string.

The authorization header should be formatted like this:

Authorization: Basic email_address:password

API token

If you use an API token, combine your email address and API token to generate the authorization header.

The email address and API token combination need to be a Base-64 encoded string.

The authorization header should be formatted like this:

Authorization: Basic email_address/token:api_token

OAuth access token

If you use OAuth to authenticate, the authorization header should be formatted like this:

Authorization: Bearer oauth_access_token

For more information, see this article: Using OAuth authentication with your application.

Viewing your authorization header

If you want to see exactly what is sent by your app, use a third party page like Request Bin. Compare your headers to those being generated by an HTTP target using basic authentication. Point an HTTP target to the same requestb.in page and choose Test Target to see this in action:

Once that hits your requestb.in, it shows up like this:

 

The string following "Authorization: Basic" is dXNlckBlbWFpbC5jb206b3BlbnNlc2FtZQ== 

This is the base64-encoded version of the username/password. To de-code this version manually, head to a third party page like Base64Decode. Paste the string into the upper box, and click Decode.

  

If you use python to make requests, it should be possible to set your session headers as follows:

session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}

For more information, see our developer documentation: Security and authentication.

Return to top

4 Comments

  • Bonaliza Garcia

    Hi, I'm working on a custom request form for our end-users (but still within our Zendesk subdomain). When I try to submit the form and send the data to create the request, it returns with a 403 error. The same code works on postman and the request is being created.

    I'm having a hard time figuring out why im getting a 403. I tried both email/token:api_key authentication and basic email:password authentication.

    https://support.zendesk.com/hc/en-us/community/posts/1260800839050-403-error-when-creating-request-via-API 

    0
  • Tomer Ben-Arye

    @...

    I think my code 5 post above will help you.

    https://support.zendesk.com/hc/en-us/articles/115000510267/comments/360005066074

     

    0
  • Bonaliza Garcia

    @Tomer did you mean the base64 encoded? I did that, my email/token:api_token is encoded. I tried manually encoding it using one of the websites and also dis btoa('email/token:api_token'); but both gave me a 403 error.

    0
  • Bheem Aitha

    Hi @...

    I am getting the same authentication error. Can you please help me on this? I also created a ticket on this.

    C:\Users\yyy> curl https://<subdomain>.zendesk.com/api/v2/users.json -u yyy@<company>.com/token:xxxxxxx

    {"error":"Couldn't authenticate you"}

    Thanks

    -Bheem

    0

Please sign in to leave a comment.

Related articles

Powered by Zendesk