Turning on and off API access

All Suites

Team, Growth, Professional, Enterprise, or Enterprise Plus

Support

Team, Professional, or Enterprise

Summary: ◀▼

You can activate API access by accepting terms and enabling API token or password access. API tokens protect agent passwords and require enabling before use. End users can have password access turned on or off for authenticated or anonymous API requests. Turning off token or password access disables those authentication methods, requiring reactivation to use them again. OAuth access is managed separately.

Location: Admin Center > Apps and integrations > APIs > API configuration

Users can access the Zendesk API using these authentication methods:

They can use an auto-generated password called an API token.
They can use an OAuth access token, which is different from an API token.
End users can use API password access to make authenticated or anonymous API requests.

Use the API configuration page to turn on password and API token access to the Zendesk API. For OAuth access, see Using OAuth authentication with your application. For more information about the Zendesk API, see the Zendesk Developer Documentation.

This article includes these sections:

Activating API access
Turning on and off API token access
Turning on and off API password access for end users

Managing access to the Zendesk API
Developer documentation: Security and authentication

Activating API access

If you’re accessing the Zendesk API for the first time, you need to accept the Zendesk Terms of Service and the Application Developer and API Agreement.

To activate API access

In Admin Center, click Apps and integrations in the sidebar, then select APIs > API configuration.
Click the checkbox to accept the terms and agreements.
Click Get started.

Turning on and off API token access

You use API tokens to keep your agent’s passwords safe. When authenticating with tokens, add /token to the end of your email address. API token access is disabled by default. You must enable API token access before users can use API tokens.

To turn on token access to the API

In Admin Center, click Apps and integrations in the sidebar, then select APIs > API configuration.
Select Allow API token access.
Click Save.

After you turn on API token access, you can generate API access tokens. See Generating API tokens.

To turn off token access to the API

In Admin Center, click Apps and integrations in the sidebar, then select APIs > API configuration.
Deselect Allow API token access.
Click Save.

When you turn off token access, your tokens stop working. You’ll need to turn token access back on to reactivate them.

Turning on and off API password access for end users

Note: Some older accounts may include a setting for activating API password access for team members (in addition to API token access). API password access for team members has been deprecated and is not supported in new accounts.

By default, API password access for end users is turned off. Therefore, end-user access is considered anonymous.

Turning on two-factor authentication, whether required or optionally enrolled by end users, does not affect the ability to make API requests using email and password.

To turn on API password access for end users

In Admin Center, click Apps and integrations in the sidebar, then select APIs > API configuration.
Select Allow password access for end users.
Click Save.

After turning on API password access, end users can make authenticated or anonymous API requests.

To turn off API password access for end users

In Admin Center, click Apps and integrations in the sidebar, then select APIs > API configuration.
Deselect Allow password access for end users.
Click Save.

After turning off API password access, end-user access is considered anonymous.