Question
How can I authenticate API requests using one of the Zendesk APIs?
Answer
You must be a verified user to make authenticated API requests. To authenticate API requests, use basic authentication with your email address and password, your email address and an API token, or an OAuth access token.
All authentication methods set the authorization header differently. Credentials sent in the payload or URL aren't processed. Each option is listed below:
API token authentication
If you use an API token, combine your email address and API token to generate the authorization header. Format the email address and API token combination as a Base-64 encoded string. For an example of how to format the authorization header, see the code block below.
Authorization: Basic {base-64-encoded email_address/token:api_token}OAuth access token authentication
If you use OAuth to authenticate, format the authorization header this way:
Authorization: Bearer oauth_access_token
For more information, see Using OAuth authentication with your application.
Viewing your authorization header
To see exactly what your app sends, use a third-party page such as Request Bin. Compare your headers to those generated by a webhook using OAuth authentication. Point the webhook to your requestb.in URL and, on the Add webhook page, click Test webhook to see this in action.
After the request hits your requestb.in, it appears like this:
The string after Authorization: Bearer is the API key provided by RequestBin in your account settings under Programmatic Access.
If you use Python to make requests, set your session headers as follows:
session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}
For more information, see the developer documentation: Security and authentication.