Managing OAuth token access to the API

Suite

Team, Growth, Professional, Enterprise, or Enterprise Plus

Support

Team, Professional, or Enterprise

Verified AI summary ◀▼

Manage OAuth tokens for API access. This approach ensures secure API authentication without needing to store and use API tokens. Create OAuth clients to generate tokens, view and delete them when needed, and edit client details. On Enterprise plans, view audit logs to track OAuth client activities.

Location: Admin Center > Apps and integrations > APIs > Oauth clients

You can use OAuth access tokens to authenticate API requests. OAuth provides a secure way for applications to access Zendesk data without having to store and use API tokens, which are sensitive information.

You can't create OAuth access tokens directly in Admin Center like API tokens. You must first create an OAuth client in Admin Center, then use the OAuth client in a defined OAuth authorization flow to create an OAuth access token.

OAuth access tokens are not the same as API tokens. See Differences between API tokens and access tokens in the Zendesk Developer Docs.

This article includes these sections:

Creating OAuth clients
Creating access tokens with an OAuth client
Viewing OAuth client tokens
Viewing scopes for OAuth client tokens
Deleting OAuth client tokens
Editing OAuth clients
Deleting OAuth clients
Viewing audit logs for an OAuth client (Enterprise)

To authenticate API requests with OAuth access tokens, see OAuth access token on developer.zendesk.com.

Creating OAuth clients

OAuth clients let you create OAuth access tokens that can be used to authenticate API requests. OAuth access tokens differ from API tokens. OAuth access tokens provides a secure way for applications to access the Zendesk API without having to store and use the API tokens of your Zendesk users.

Note: This section describes how to create OAuth clients for a single Zendesk instance. To create a global OAuth client, see Set up a global OAuth client.

To create OAuth clients

In Admin Center, click Apps and integrations in the sidebar, then select APIs > OAuth clients.
A list of OAuth clients added to the account by admins appears.
To create a client, click Add OAuth client and follow the instructions in Registering your application with Zendesk.

Creating access tokens with an OAuth client

After creating an OAuth client in Admin Center, you can use it with a defined authorization flow to create OAuth access tokens. You can also use the OAuth client with the API to create access tokens without an authorization flow. You can use an API token to authenticate these API requests. See Creating and using OAuth access tokens with the API in the developer docs.

Viewing OAuth client tokens

You can view the access tokens you’ve created for an OAuth client.

To view access tokens for an OAuth client

In Admin Center, click Apps and integrations in the sidebar, then select APIs > OAuth clients.
A list of OAuth clients appears. It shows OAuth client information including the client identifier, name, creation date, number of tokens, and status.
Find the client in the list to see the tokens.
Click the options menu icon () next to the client and select View tokens.

A list of access tokens for the OAuth client appears.

Clients without tokens will not see a View tokens option.

Viewing scopes for OAuth client tokens

Scopes define whether requests authenticated with the token can post, put, and delete data, or only get data.

To view the scopes for an OAuth client token

In Admin Center, click Apps and integrations in the sidebar, then select APIs > OAuth clients.
Find the client in the list.
Click the options menu icon () next to the client and select View tokens.
Find the token you want to view for scopes.
Click the options menu icon () next to the token and select View scopes.

Deleting OAuth client tokens

If you suspect a token for an OAuth client is compromised, you should delete it. You can also delete OAuth clients that are no longer used or shouldn’t be active.

To delete an OAuth client token

In Admin Center, click Apps and integrations in the sidebar, then select APIs > OAuth clients.
Find the client in the list.
Click the options menu icon () next to the client and select View tokens.
Find the token you want to delete.
Click the options menu icon () next to the token and select Delete.

Editing OAuth clients

You can use Admin Center to edit your OAuth client. You can update the client name, description, logo, redirect URLs, and so on.

To edit an OAuth client

In Admin Center, click Apps and integrations in the sidebar, then select APIs > OAuth clients.
Find the client in the list.
Click the options menu icon () next to the client and select Edit.

A description of the client appears with fields you can edit.
Make changes as needed, then click Save.

Deleting OAuth clients

Deleting an OAuth client deactivates all the access tokens created with the client. Deleting an OAuth client is permanent. It can’t be undone. When the client is removed all tokens (if any) associated with the client are revoked immediately.

You can also delete individual access tokens.

To delete an OAuth client

In Admin Center, click Apps and integrations in the sidebar, then select APIs > OAuth clients.
Find the client in the list. Click the options menu icon () next to the client and select Delete.
In the confirmation dialog, click Delete client.

Viewing audit logs for an OAuth client (Enterprise)

On Enterprise plans, the audit log records activity associated with OAuth clients, including when they are created, deactivated, or reactivated.

To view audit logs for the OAuth client

In Admin Center, click Apps and integrations in the sidebar, then select APIs > OAuth clients.
Find the client in the list.
Click the options menu icon () next to the client and select View audit log.
The audit log opens with a filter applied for the OAuth client you selected. The audit log shows the activities associated with the client.