|November 29, 2022
|November 29, 2022
This announcement includes the following topics:
What is changing?
- We're adding support for three new authentication methods
- We're introducing allowed domains on connections that use these new methods
- We're making it even easier to use connections in your ZIS flows
Zendesk Integration Services (ZIS) includes connections, which makes it safer and easier to store and use the credentials your integration needs to make API requests.
New authentication methods
Connections already support two styles of OAuth-based authentication, the "Authorization Code" and "Client Credentials" grant types.
Today, we announce the expansion of Connections to include three new authentication types:
- Basic Auth: a standard approach for authentication using a username and password
- Bearer token: a common approach using the format "Authorization": "Bearer <your_token>"
- API key: a flexible method where you can customize both the header name and header value that are used to authenticate
We're also introducing the concept of allowed domains to connections, to help keep your credentials safer.
All connections that use the new methods require an allowed domain to be specified when the connection is created. This can be a single domain (e.g. myexample.com) or can include a wildcard in the subdomain (e.g. *.myexample.com).
When your ZIS flow runs and attempts to use connections to attach credentials to your API requests, the URL of the API request will be validated against the allowed domain. If they do not match, the flow will fail with an error.
Easier use of connections in ZIS actions
At the same time we are making it even easier to make use of these credentials in your ZIS flows.
Previously, to use credentials stored in connections, you needed to define the authentication header as part of your ZIS action.
Now, you can simply make use of the new connectionName property in your Action definition. Provide the name of the connection you wish to use, and ZIS will automatically attach the header to your API request. This new functionality works will all connection types.
Why is Zendesk making this change?
These additional authentication methods unlock the ability to integrate Zendesk with a wider range of SaaS products and bespoke customer systems, in a safe and secure manner.
Allowed domains help keep secret credentials safer. By preventing them from accidentally or maliciously attached to API requests to the wrong system, we limit the opportunity for them to be logged in plain text or captured by an attacker.
Automatically attaching headers to your API requests not only makes things easier, it's also another way to keep credentials safer. Using the new approach credentials are no longer variables within the flow, where they could accidentally be exposed.