| Suite | Team, Growth, Professional, Enterprise, or Enterprise Plus |
| Support | Team, Professional, or Enterprise |
Verified AI summary ◀▼
Manage API access to your Zendesk account by generating, editing, deactivating, reactivating, and deleting API tokens. On Enterprise plans, view the audit log for token activities.
Users can use an API token to authenticate API requests. API tokens are auto-generated passwords that you can use with your email address to authenticate API requests. They can also be used as part of two-factor authentication for integrations. Each API token can be used by any verified user on the account and isn't associated with a specific user. More than one token can be active at the same time
You can have up to 256 tokens. If you're at the limit, you must delete an existing token to add a new one. Accounts that currently have more than 256 tokens have a limit of 2048 tokens.
API tokens are not the same as OAuth access tokens. See Differences between API tokens and access tokens on developer.zendesk.com.
This article includes these sections:
Generating API tokens
To generate an API token, you must be an administrator and API token access must be turned on in your account.
To generate an API token
-
In Admin Center, click
Apps and integrations in the sidebar, then select APIs > API tokens.
A list of API tokens appears.
- Click Add API token.
- (Optional) Enter a Description for the token.
- Click Save to generate the token.
The token is generated and displayed.
-
Copy the token and paste it somewhere secure.
Note: When you click Save to close this window, the full token will never be displayed again.
- Click Save again to return to the list of Zendesk API tokens.
If you click the token to reopen it, a truncated version of the token is displayed.
Editing an API token
You can edit an API token to update the token description.
- In Admin Center, click Apps and integrations in the sidebar, then select APIs > API tokens.
- Find the token you want to edit.
- Click the options menu icon (
) next to the token and select Edit. - Enter a new Description for the token, then click Save.
Deactivating and reactivating an API token
In some cases, you may want to temporarily deactivate a token to make sure it hasn’t been compromised, or you might want to deactivate a token to investigate how it's being used without actually deleting it. Deactivated tokens can be reactivated.
To deactivate an API token
- In Admin Center, click Apps and integrations in the sidebar, then select APIs > API tokens.
- Find the token you want to deactivate.
- Click the options menu icon () next to the token and select Deactivate.
- In the confirmation dialog, select Deactivate.
The token status changes immediately. As soon as you deactivate a token, API calls using that token begin failing.
- In Admin Center, click Apps and integrations in the sidebar, then select APIs > API tokens.
- Find the token you want to reactivate.
- Click the options menu icon () next to the token and select Reactivate.
- In the confirmation dialog, click Reactivate.
The token status changes from Deactivated to Active. Reactivating a token restores its ability to authenticate API requests.
Deleting an API token
- In Admin Center, click Apps and integrations in the sidebar, then select APIs > API tokens.
- Find the token you want to delete and make sure the status is Deactivated.
- Click the options menu icon () next to the token and select Delete.
- In the confirmation dialog, click Delete.
Viewing audit logs for an API token (Enterprise)
On Enterprise plans, the audit log records activity associated with an API token, including when it was created, deactivated, or reactivated.
- In Admin Center, click Apps and integrations in the sidebar, then select APIs > API tokens.
- Find the token in the list.
- Click the options menu icon () next to the token and select View audit log.
The audit log opens with a filter applied for the API token you selected. The audit log shows the activities associated with the token.
25 comments
Sid Bhambhani
I know this is an older thread, but just wanted to share with the community in case anyone's still looking for a solution to restricting the API permissions - https://www.unevu.com/ provides a good solution for this by means of defining rules for which endpoints can be access, and even which fields should be available on a particular endpoint.
0
Alejandro Sánchez
Hola,
No me aparece la opción de API pese a tener la suscripción Team en Aplicaciones e integraciones.
Me aparecen solo Integraciones (logs e integraciones) y Conexiones (Conexiones y Clientes OAuth).
0
Audrey Ann Cipriano
Hi Charles Eljay Cruz welcome to our Community!
You and your team may follow our guide here :)
Making requests to API
List Tickets
0
Charles Eljay Cruz
Hello. Our Information Security team plan to enable the Zendesk API to integrate external application. How can we accomplish this? Thank you!
0
SUbodh Singh
Hi Team,
I'm integrating Zendesk in my tool/application where we need the OAuth 2.0 process for authorization, I have gone through the official documentation of API reference for the same, but facing an issue.
Issue:
I have created an account on Zendesk and created the Oauth Client APP. when we are authorized with the same account it works fine. when we authorize another Zendesk account then it's not working getting an error (Invalid Authorization Request No such client)
here is URL for the reference:
https://{subdomain}.zendesk.com/oauth/authorizations/new?response_type=code&redirect_uri=http://localhost:49417/listen/zendesk&client_id=Cloudsocial_zendesk&scope=read+write
If possible, let's us help to connect with developers for a quick call.
1
Jed Hollander
Ivan Miquiabas thank you for confirming.
0
Ivan Miquiabas
Thanks for reaching out!
While we do know that having access to API can only be by an administrator as per this article you can actually restrict them on Explore access via the Custom roles, so that even though users has access to API, you still do have control on accessing certain reports in your Zendesk account.
Hope that helps!
0
Jed Hollander
Was this ever answered?
I want to give someone API Access to work on an integration but I do not want them to have access to reporting. Is this possible?
Thanks.
0
Joyce
Generating an API token can be done within Apps and integrations > APIs > Zendesk API in the Admin Center. Only the OAuth access tokens can be created via API. You check this article for more information: Creating and using OAuth access tokens with the API
0
rahul siddu
hi,
is it possible to generate a new api - token through API, using zendesk access token?
0
Sign in to leave a comment.