Users can access the Zendesk API using any of three authentication methods. First, they can use their Zendesk password. This is known as basic authentication. Second, they can use an auto-generated password called an API token. Third, they can use an OAuth access token, which is different than an API token.
All three authentication methods are disabled by default in new accounts. This article explains how to enable and disable each method to manage how users access the Zendesk API.
- Managing password access to the API
- Managing API token access to the API
- Managing OAuth token access to the API
For information on using the Zendesk API, see the following pages:
Managing password access to the API
Users can use their Zendesk password to authenticate API requests. Only verified users can make API requests with their password.
Password access to the API is disabled by default in new accounts. You must enable password access in Admin Center before users can use their password.
To enable or disable password access
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API. - In the Settings tab, enable or disable password access.
To authenticate API requests with Zendesk passwords, see Basic authentication on developer.zendesk.com.
Managing API token access to the API
Users can use an API token to authenticate API requests. API tokens are auto-generated passwords that you can use with your username to authenticate API requests. They can also be used as part of two-factor authentication for integrations. Each API token can be used by any verified user on the account and isn't associated with a specific user. More than one token can be active at the same time.
API tokens are not the same as OAuth access tokens. See Differences between API tokens and access tokens on developer.zendesk.com.
To use an API token to authenticate API requests, see API token on developer.zendesk.com.
Enabling API token access
API token access is disabled by default. You must enable API token access in Admin Center before users can use API tokens.
To enable API token access
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- In the Settings tab, enable token access.
Generating API tokens
To generate an API token, you must be an administrator and API token access must be enabled in your account.
To generate an API token
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Click the Add API token button to the right of Active API tokens.
The token is generated and displayed.
- (Optional) Enter an API token description.
- Copy the token and paste it somewhere secure. When you click Save to close this window, the full token will never be displayed again.
- Click Save to return to the Zendesk API page.
If you click the token to reopen it, a truncated version of the token is displayed.
Deleting an API token
An API token is like a password: any verified user on the account or anyone with their email address can use it to authenticate API requests. If you become aware than an API token has been compromised, delete it immediately. Deleting a token deactivates it permanently.
To delete an API token
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Select the token in the list, then click Delete on the right side.
Managing OAuth token access to the API
You can use OAuth access tokens to authenticate API requests. OAuth provides a secure way for applications to access Zendesk data without having to store and use Zendesk passwords or API tokens, which are sensitive information.
You can't create OAuth access tokens directly in Admin Center like API tokens. You must first create an OAuth client in Admin Center, then use the OAuth client in a defined OAuth authorization flow to create an OAuth access token.
OAuth access tokens are not the same as API tokens. See Differences between API tokens and access tokens on developer.zendesk.com.
This section covers the following topics:
- Creating OAuth clients
- Creating access tokens with an OAuth client
- Deleting OAuth clients and tokens
To authenticate API requests with OAuth access tokens, see OAuth access token on developer.zendesk.com.
Creating OAuth clients
OAuth clients let you create OAuth access tokens that can be used to authenticate API requests. OAuth access tokens differ from API tokens. OAuth access tokens provides a secure way for applications to access the Zendesk API without having to store and use the passwords of your Zendesk users.
To create OAuth clients
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Select the OAuth Clients tab.
- To create a client, click the Add OAuth client button and follow the instructions in Registering your application with Zendesk.
- To delete a client, select the client in the list, then click Delete on the right side.
Next, use the OAuth client to create one or more OAuth access tokens.
Creating access tokens with an OAuth client
After creating an OAuth client in Admin Center, you can use it with a defined authorization flow to create OAuth access tokens. You can use different OAuth authorization flows. For the options, see Implementing an OAuth authorization flow in your application.
You can also use the OAuth client with the API to create access tokens without an authorization flow. You can use a password or an API token to authenticate these API requests. See Creating and using OAuth access tokens with the API on developer.zendesk.com.
Deleting OAuth clients and tokens
You can delete an OAuth client to deactivate all the access tokens created with the client. You can also revoke individual access tokens.
To delete an OAuth client
- In Admin Center, click
Apps and integrations in the sidebar, then select APIs > Zendesk API.
- Select the OAuth Clients tab.
- Select the client in the list, then click Delete on the right side.
To revoke a specific access token
- See Revoking an access token on developer.zendesk.com.
14 Comments
Hello we recently had to setup a new token and it doesn't appear to be working when we try to use it in our Okta instance. Is anyone else experiencing this issue?
Hey there,
Thanks for reaching out on our community post about your issue with the API Token and your Okta instance. In this situation, what I will be doing is creating a ticket so that we can work on this together internally and see what could be going on. Speak to you soon!
Russell Chee | Senior Customer Advocacy Specialist | Melbourne, Australia
Hi,
Is there any way that I generate an api key with restricted access? I want to write an app and add private comments to tickets, with the api key from customer i would have full access to customer data. I only want to add comments.
Yeah would be good to know Api token with restricted acess
Not sure if there is a documented way but I was able to do this. So after you create the api token under the user you want, you can downgrade the user's role to your custom role. Granted your account has access to create custom roles. The API's should be restricted based on what is defined in that role.
I Agree would be good to know Api token with restricted acess
Hello,
I am login into Admin Center using an admin account. When I go to Apps and Integrations I don't see the APIs Link, but just Salesforce, Event Connector for Amazon EventBridge, Shopify and Slack.
Is it because I need to set up something before reaching Apps and Integrations? Do I need special permissions?
Thank you very much for any pointers you can give me
Andres
You will need to make sure that your role is indeed an Admin once you go to your profile in Admin Center.
There's currently no permission restriction if you are indeed an Admin. If the same issue persisted, please contact our support directly.
I'm following the directions here to back up our KB using the Help Center API.
Our Zendesk requires SSO via Okta to log in, so I've created an API token and placed the following into the script:
credentials = 'your_email@domain.com/token'
but receive error 401.
Is there another way to format the credentials with the script?
Hi,
I'm setting up an integration for a customer and there's one question about API Token generation. In the past, if the user that generated the API Token was deleted, the API Token became invalid and another one needed to be generated.
Is it still valid or we can generate the API Token and after the setup is completed we can delete the user with no impact in the token usage?
Massashi Yasunaga
Hi Dev,
Deleting the user who created the API token will not affect the already created token. The token should still be available to use.
Hope this helps.
hy
if i created a new token and try to create a ticket i got this error
{"error":"invalid_token","error_description":"The access token provided is expired, revoked, malformed or invalid for other reasons."}
hi,
is it possible to generate a new api - token through API, using zendesk access token?
Generating an API token can be done within Apps and integrations > APIs > Zendesk API in the Admin Center. Only the OAuth access tokens can be created via API. You check this article for more information: Creating and using OAuth access tokens with the API
Please sign in to leave a comment.