How can I authenticate API requests?

Return to top

8 Comments

  • Bonaliza Garcia

    Hi, I'm working on a custom request form for our end-users (but still within our Zendesk subdomain). When I try to submit the form and send the data to create the request, it returns with a 403 error. The same code works on postman and the request is being created.

    I'm having a hard time figuring out why im getting a 403. I tried both email/token:api_key authentication and basic email:password authentication.

    https://support.zendesk.com/hc/en-us/community/posts/1260800839050-403-error-when-creating-request-via-API 

    0
  • Tomer Ben-Arye

    @...

    I think my code 5 post above will help you.

    https://support.zendesk.com/hc/en-us/articles/115000510267/comments/360005066074

     

    0
  • Bonaliza Garcia

    @Tomer did you mean the base64 encoded? I did that, my email/token:api_token is encoded. I tried manually encoding it using one of the websites and also dis btoa('email/token:api_token'); but both gave me a 403 error.

    0
  • Bheem Aitha

    Hi @...

    I am getting the same authentication error. Can you please help me on this? I also created a ticket on this.

    C:\Users\yyy> curl https://<subdomain>.zendesk.com/api/v2/users.json -u yyy@<company>.com/token:xxxxxxx

    {"error":"Couldn't authenticate you"}

    Thanks

    -Bheem

    1
  • Waseem Khan

    Hi Team,

    Precindition: Token is created in zendesk

    I as an admin share my email address and token with other team member. Can they acess the API's? or is it like i need to login to zendesk from the same system/pc from where the user is trying to access the API's?

     

    Or they can just pass my email address and token simply without i being logged in to zendesk?

    Regards,

    Waseem

    0
  • Dwight Bussman
    Zendesk Customer Care

    Waseem Khan

    Simply having your email & API token is sufficient for any user to make API requests on behalf of your user. This gives them the ability to do anything your user would be able to do via the API. This includes deleting things like tickets/users/organizations/articles/sections/categories/triggers which can be very destructive. For this reason, I would encourage you to be very selective about who has access to these tokens. 

    0
  • Nick Bolton

    Please make it clearer on this page that you have to Base-64 encode the token. Here's the command that I used on Mac to Base-64 encode my token.

    echo -n 'foo@bar.com/token:abc123' | base64

    1
  • Dwight Bussman
    Zendesk Customer Care

    HeyO Nick,

    Thanks for the feedback. I will make updates to this article to make that clearer.

    1

Please sign in to leave a comment.

Powered by Zendesk