| Suite | Team, Growth, Professional, Enterprise, or Enterprise Plus |
| Support | Team, Professional, or Enterprise |
Users can access the Zendesk API using two authentication methods. First, they can use an auto-generated password called an API token. Second, they can use an OAuth access token, which is different than an API token.
Both authentication methods are disabled by default in new accounts. This article explains how to enable and disable each method to manage how users access the Zendesk API.
For information on using the Zendesk API, see the following pages:
Managing API token access to the API
Users can use an API token to authenticate API requests. API tokens are auto-generated passwords that you can use with your username to authenticate API requests. They can also be used as part of two-factor authentication for integrations. Each API token can be used by any verified user on the account and isn't associated with a specific user. More than one token can be active at the same time.
You can have up to 256 tokens. If you're at the limit, you must delete an existing token to add a new one. Accounts that currently have more than 256 tokens have a limit of 2048 tokens.
API tokens are not the same as OAuth access tokens. See Differences between API tokens and access tokens on developer.zendesk.com.
To use an API token to authenticate API requests, see API token on developer.zendesk.com.
Enabling API token access
API token access is disabled by default. You must enable API token access in Admin Center before users can use API tokens.
To enable API token access
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API. - In the Settings tab, enable token access.
Generating API tokens
To generate an API token, you must be an administrator and API token access must be enabled in your account.
To generate an API token
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Click the Add API token button to the right of Active API tokens.
The token is generated and displayed.
- (Optional) Enter an API token description.
- Copy the token and paste it somewhere secure. When you click Save to close this window, the full token will never be displayed again.
- Click Save to return to the Zendesk API page.
If you click the token to reopen it, a truncated version of the token is displayed.
Deleting an API token
An API token is like a password: any verified user on the account or anyone with their email address can use it to authenticate API requests. If you become aware than an API token has been compromised, delete it immediately. Deleting a token deactivates it permanently.
To delete an API token
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Select the token in the list, then click Delete on the right side.
Managing OAuth token access to the API
You can use OAuth access tokens to authenticate API requests. OAuth provides a secure way for applications to access Zendesk data without having to store and use API tokens, which are sensitive information.
You can't create OAuth access tokens directly in Admin Center like API tokens. You must first create an OAuth client in Admin Center, then use the OAuth client in a defined OAuth authorization flow to create an OAuth access token.
OAuth access tokens are not the same as API tokens. See Differences between API tokens and access tokens on developer.zendesk.com.
This section covers the following topics:
- Creating OAuth clients
- Creating access tokens with an OAuth client
- Deleting OAuth clients and tokens
To authenticate API requests with OAuth access tokens, see OAuth access token on developer.zendesk.com.
Creating OAuth clients
OAuth clients let you create OAuth access tokens that can be used to authenticate API requests. OAuth access tokens differ from API tokens. OAuth access tokens provides a secure way for applications to access the Zendesk API without having to store and use the API tokens of your Zendesk users.
To create OAuth clients
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Select the OAuth Clients tab.
- To create a client, click the Add OAuth client button and follow the instructions in Registering your application with Zendesk.
- To delete a client, select the client in the list, then click Delete on the right side.
Next, use the OAuth client to create one or more OAuth access tokens.
Creating access tokens with an OAuth client
After creating an OAuth client in Admin Center, you can use it with a defined authorization flow to create OAuth access tokens.
You can also use the OAuth client with the API to create access tokens without an authorization flow. You can use an API token to authenticate these API requests. See Creating and using OAuth access tokens with the API on developer.zendesk.com.
Deleting OAuth clients and tokens
You can delete an OAuth client to deactivate all the access tokens created with the client. You can also revoke individual access tokens.
To delete an OAuth client
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Select the OAuth Clients tab.
- Select the client in the list, then click Delete on the right side.
To revoke a specific access token
- See Revoking an access token on developer.zendesk.com.
21 comments
Sign in to leave a comment.