Remote authentication from PHP

For all of you PHP lovers, here is an example of how you can use Zendesk's Remote Authentication API to authenticate users in your own database via PHP.


/* * Remote authentication stub for PHP * * This is meant as a template for your own customization. You can identify the user anyway you like, * integrate it into your intranet, web app or similar. * * You may call this script directly or have Zendesk redirect to it using the * Remote Authentication URL. * */

/* The following values should be set from your source of information */ $sFullName = "Firstname Lastname"; $sEmail = " youremail@yourdomain.com "; $sExternalID = ""; $sOrganization = "";

/* Insert the Autentication Token here */ $sToken = "52713bf24cc564c72asd249feb7de52de341195c";

/* Insert your account prefix here. If your account is yoursite.zendesk.com: */ $sUrlPrefix = "yoursite";

/* Build the message */ $sTimestamp = isset($_GET['timestamp']) ? $_GET['timestamp'] : time(); $sMessage = $sFullName.$sEmail.$sExternalID.$sOrganization.$sToken.$sTimestamp; $sHash = MD5($sMessage);

$sso_url = "http://".$sUrlPrefix.".zendesk.com/access/remote/?name=".$sFullName."&email=".$sEmail."&external_id=".$sExternalID."&organization=".$sOrganization."&timestamp=".$sTimestamp."&hash=".$sHash;

header("Location: ".$sso_url);



  • 0

    Do you have any recommendations for how to handle a user that creates a ticket by emailing our support, but that user is not in our DB? The /access/normal url seems to only work for admins. I want to avoid having to creating them as a user in our system just so that we can authenticate them on your site because a user in our system without an account doesn't make sense. Is this possible or is the remote auth an all or nothing situation where we have to know who every user is?


  • 0
    Christian Pedersen

    You run a fully open help desk, where users are automatically created when submitting their first ticket, or a help desk where users are asked to register when submitting their first ticket.

  • 0

    We found that the above code breaks if you have '+' signs in emails (which are valid but a bit uncommon). To avoid this, just urlencode the email (and why not the full name too, for safety) in the $sso_url definition.

    $sso_url = "http://".$sUrlPrefix.".zendesk.com/access/remote/?" . 'name=' . urlencode($sFullName) . '&email=' . urlencode($sEmail) . '&external_id=' . $sExternalID . '&timestamp=' . $sTimestamp . '&hash=' . $sHash;


  • 0

    How would I include the ticket ID to go to in the above code.

    For instance, ZD currently sends out emails with http://mydomain.zendesk.com/ticket/1024

    ideally, I would like to show this as http://mydomain.com/login/?redir=support&ticket=1024

    This would submit to my normal login code, which would detect that it is a SSO ZD login and instead of logging into my portal, include the PHP code above (with the ticket number somewhere in a param), and then have it bounced them through into ZD as an authenticated user.


  • 0

    I belive access/remote accepts a return_to parameter which you could use to redirect to another page, once authenticated

  • 0

    How do i retreive the LDAP info from our network with PHP, so i can send it back to ZD?

  • 0

    Hey..the Remote Authentication API link is broken. Please fix. :)

  • 0

    @Kevin, Thanks for bringing this to our attention; I've updated this. 

  • 0

    Hi guys,

    According to this page http://www.zendesk.com/api/remote-authentication, we can able to send the tags along with the user information. But when I try, it doesnt work. here is how I do it: ...

    $tags = "tag1, tag2";

    $message = $name.$email.$externalID.$organizationID.$tags.$token.$timestamp; $hash = MD5($message);

    $sso_url= "http://mysite.zendesk.com/access/remote/?name=".$name."&email=".urlencode($email)."&external_id=".$externalID."&organization=".$organizationID."&tags=".urlencode($tags)."&timestamp=".$timestamp."&hash=".$hash;

    Anyone having the same issue?

    Thank you.


  • 0


    I keep getting "Invalid token" error while I know for sure that it is correct and up to date (since I re-generated a new one and copy/pasted it like 5 times during the last hour)...

    The rest of the url seems to be normal.

    Any idea what could cause this ?

  • 0

    Has anyone had any luck in integrating this script with a Drupal Userbase?

  • 0

    Is there a parameter to add the a destination page once logged in vs. the default home page?

  • 0

    @Jim: You add the return_to url to the sso string.

  • 0

    by the way , 

    We use single sign on(SSO).
    Customer could not change email address on zendesk for himself.
    I saw this message on "setting page".
    "You should disable this option if you use SSO (Single Sign-On) to populate and update your users in Zendesk (using the API). "

    Do you have another way without using the api, on zendesk ?
    to allow customers to change email in zendesk after logging in with SSO.

    Do i need prepare another page(or system) for custormer can change email ?


    best regards.

  • 0

    does anyone knows how to use this for magento ???


    we can't integrate into a PHP magento site.

  • 0

    Sorry for the delayed response:

    @Hiroyuki Oka: You'll need to have the customer update the email address on file in the SSO database. The point of SSO is for YOU to pass US the new email address of the customer.

    @Jerome: Our Magento integration is all new. Give it a try and see if that solves your problem.

  • 0

    You can try this one: https://gist.github.com/ChrisCinelli/4981051 if you want to add a Pic and tags

  • 0

    Thanks for the update! 

  • 0

    @Adam Panzer ,@Chris Cinelli : Thank you for your idea.  I prepared customer's email address update page . It was solved . 

Please sign in to leave a comment.