Users can access the Zendesk API using two authentication methods. First, they can use an auto-generated password called an API token. Second, they can use an OAuth access token, which is different than an API token.
Both authentication methods are disabled by default in new accounts. This article explains how to enable and disable each method to manage how users access the Zendesk API.
For information on using the Zendesk API, see the following pages:
Managing API token access to the API
Users can use an API token to authenticate API requests. API tokens are auto-generated passwords that you can use with your username to authenticate API requests. They can also be used as part of two-factor authentication for integrations. Each API token can be used by any verified user on the account and isn't associated with a specific user. More than one token can be active at the same time.
You can have up to 256 tokens. If you're at the limit, you must delete an existing token to add a new one. Accounts that currently have more than 256 tokens have a limit of 2048 tokens.
API tokens are not the same as OAuth access tokens. See Differences between API tokens and access tokens on developer.zendesk.com.
To use an API token to authenticate API requests, see API token on developer.zendesk.com.
Enabling API token access
API token access is disabled by default. You must enable API token access in Admin Center before users can use API tokens.
To enable API token access
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- In the Settings tab, enable token access.
Generating API tokens
To generate an API token, you must be an administrator and API token access must be enabled in your account.
To generate an API token
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Click the Add API token button to the right of Active API tokens.
The token is generated and displayed.
- (Optional) Enter an API token description.
- Copy the token and paste it somewhere secure. When you click Save to close this window, the full token will never be displayed again.
- Click Save to return to the Zendesk API page.
If you click the token to reopen it, a truncated version of the token is displayed.
Deleting an API token
An API token is like a password: any verified user on the account or anyone with their email address can use it to authenticate API requests. If you become aware than an API token has been compromised, delete it immediately. Deleting a token deactivates it permanently.
To delete an API token
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Select the token in the list, then click Delete on the right side.
Managing OAuth token access to the API
You can use OAuth access tokens to authenticate API requests. OAuth provides a secure way for applications to access Zendesk data without having to store and use API tokens, which are sensitive information.
You can't create OAuth access tokens directly in Admin Center like API tokens. You must first create an OAuth client in Admin Center, then use the OAuth client in a defined OAuth authorization flow to create an OAuth access token.
OAuth access tokens are not the same as API tokens. See Differences between API tokens and access tokens on developer.zendesk.com.
This section covers the following topics:
- Creating OAuth clients
- Creating access tokens with an OAuth client
- Deleting OAuth clients and tokens
To authenticate API requests with OAuth access tokens, see OAuth access token on developer.zendesk.com.
Creating OAuth clients
OAuth clients let you create OAuth access tokens that can be used to authenticate API requests. OAuth access tokens differ from API tokens. OAuth access tokens provides a secure way for applications to access the Zendesk API without having to store and use the API tokens of your Zendesk users.
To create OAuth clients
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Select the OAuth Clients tab.
- To create a client, click the Add OAuth client button and follow the instructions in Registering your application with Zendesk.
- To delete a client, select the client in the list, then click Delete on the right side.
Next, use the OAuth client to create one or more OAuth access tokens.
Creating access tokens with an OAuth client
After creating an OAuth client in Admin Center, you can use it with a defined authorization flow to create OAuth access tokens.
You can also use the OAuth client with the API to create access tokens without an authorization flow. You can use an API token to authenticate these API requests. See Creating and using OAuth access tokens with the API on developer.zendesk.com.
Deleting OAuth clients and tokens
You can delete an OAuth client to deactivate all the access tokens created with the client. You can also revoke individual access tokens.
To delete an OAuth client
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Select the OAuth Clients tab.
- Select the client in the list, then click Delete on the right side.
To revoke a specific access token
- See Revoking an access token on developer.zendesk.com.
20 comments
Xometry Zendesk Integrations
Hello we recently had to setup a new token and it doesn't appear to be working when we try to use it in our Okta instance. Is anyone else experiencing this issue?
0
Russell Chee
Hey there,
Thanks for reaching out on our community post about your issue with the API Token and your Okta instance. In this situation, what I will be doing is creating a ticket so that we can work on this together internally and see what could be going on. Speak to you soon!
Russell Chee | Senior Customer Advocacy Specialist | Melbourne, Australia
1
Gokcem Gokce Kaplan
Hi,
Is there any way that I generate an api key with restricted access? I want to write an app and add private comments to tickets, with the api key from customer i would have full access to customer data. I only want to add comments.
5
Philip Larner
Yeah would be good to know Api token with restricted acess
2
Shawn Oudavanh
Not sure if there is a documented way but I was able to do this. So after you create the api token under the user you want, you can downgrade the user's role to your custom role. Granted your account has access to create custom roles. The API's should be restricted based on what is defined in that role.
1
Zendesk Admin
I Agree would be good to know Api token with restricted acess
1
Andres Valdes
Hello,
I am login into Admin Center using an admin account. When I go to Apps and Integrations I don't see the APIs Link, but just Salesforce, Event Connector for Amazon EventBridge, Shopify and Slack.
Is it because I need to set up something before reaching Apps and Integrations? Do I need special permissions?
Thank you very much for any pointers you can give me
Andres
1
Dane
You will need to make sure that your role is indeed an Admin once you go to your profile in Admin Center.
There's currently no permission restriction if you are indeed an Admin. If the same issue persisted, please contact our support directly.
1
Sean Gustilo
I'm following the directions here to back up our KB using the Help Center API.
Our Zendesk requires SSO via Okta to log in, so I've created an API token and placed the following into the script:
credentials = 'your_email@domain.com/token'
but receive error 401.
Is there another way to format the credentials with the script?
1
user1005
Hi,
I'm setting up an integration for a customer and there's one question about API Token generation. In the past, if the user that generated the API Token was deleted, the API Token became invalid and another one needed to be generated.
Is it still valid or we can generate the API Token and after the setup is completed we can delete the user with no impact in the token usage?
Massashi Yasunaga
0
Noly Maron Unson
Hi Dev,
Deleting the user who created the API token will not affect the already created token. The token should still be available to use.
Hope this helps.
0
Ashwin ck
hy
if i created a new token and try to create a ticket i got this error
{"error":"invalid_token","error_description":"The access token provided is expired, revoked, malformed or invalid for other reasons."}
0
siddusidharthar
hi,
is it possible to generate a new api - token through API, using zendesk access token?
0
Joyce
Generating an API token can be done within Apps and integrations > APIs > Zendesk API in the Admin Center. Only the OAuth access tokens can be created via API. You check this article for more information: Creating and using OAuth access tokens with the API
0
Jed Hollander
Was this ever answered?
I want to give someone API Access to work on an integration but I do not want them to have access to reporting. Is this possible?
Thanks.
0
Ivan Miquiabas
Thanks for reaching out!
While we do know that having access to API can only be by an administrator as per this article you can actually restrict them on Explore access via the Custom roles, so that even though users has access to API, you still do have control on accessing certain reports in your Zendesk account.
Hope that helps!
0
Jed Hollander
Ivan Miquiabas thank you for confirming.
0
SUbodh Singh
Hi Team,
I'm integrating Zendesk in my tool/application where we need the OAuth 2.0 process for authorization, I have gone through the official documentation of API reference for the same, but facing an issue.
Issue:
I have created an account on Zendesk and created the Oauth Client APP. when we are authorized with the same account it works fine. when we authorize another Zendesk account then it's not working getting an error (Invalid Authorization Request No such client)
here is URL for the reference:
https://{subdomain}.zendesk.com/oauth/authorizations/new?response_type=code&redirect_uri=http://localhost:49417/listen/zendesk&client_id=Cloudsocial_zendesk&scope=read+write
If possible, let's us help to connect with developers for a quick call.
1
Charles Eljay Cruz
Hello. Our Information Security team plan to enable the Zendesk API to integrate external application. How can we accomplish this? Thank you!
0
Audrey Ann Cipriano
Hi Charles Eljay Cruz welcome to our Community!
You and your team may follow our guide here :)
Making requests to API
List Tickets
0