Announced on Rollout starts Rollout ends
July 1, 2024 July 31, 2024 January 12, 2026

On July 1, 2024, Zendesk announced that it will no longer offer email and password as an authentication method for API calls. This is a reminder that this authentication method will be turned off on January 12, 2026. 

This announcement includes the following topics:

  • What is changing?
  • Why is Zendesk making this change?
  • What do I need to do?

What is changing?

Starting July 31, 2024, we no longer offer email and password as an authentication method for API calls for new accounts and for accounts that are not using this method. If you are actively using this method today, you will be able to continue until January 12, 2026, when the method will begin to be phased out in all remaining Zendesk accounts over a period of 10 days. You must switch to using API tokens or OAuth before January 12, 2026 to avoid any impact due to this removal.

End user authentication is not affected

End users in closed Zendesk instances, meaning end users must sign in to view the help center, can still authenticate with email and password unless you specifically turn off “Allow password access for end users” in Admin Center. For more information on closed Zendesk instances, see Options for end user access.

Why is Zendesk making this change?

Your account security is our top priority. The option to access APIs with a username and password is inherently insecure as passwords can be compromised, reused and this method no longer aligns with modern best practices for API authentication. Removing the ability to use the same username and password for API access mitigates the risk of unauthorized access and changes to your account in case your credentials are compromised.

What do I need to do?

If you are currently authenticating API requests with your email and password, switch to using API tokens. To do this:

  1. Generate an API token in Admin Center. See Generating API tokens.
  2. Update your authentication method. Use your email address with /token appended, and the API token as the password.

    Previous (email and password):
    curl https://yourdomain.zendesk.com/api/v2/users.json \
    -u "user@example.com:your_password"

    With API token:
    curl https://yourdomain.zendesk.com/api/v2/users.json \ 
    -u "user@example.com/token:your_api_token"
     
  3. After updating, test your API calls to ensure they authenticate successfully.

If you have feedback or questions related to this announcement, visit our community forum where we collect and manage customer product feedback. For general assistance with your Zendesk products, contact Zendesk Customer Support.

Powered by Zendesk