Creating Token For Specific API-Chat API-Conversation APIAnswered
Tokens are created on Zendesk accountwide which creates Cyber security issues whenever we want to integrate any application or any other institution. This situation abondon us to make new projects.
Our demand is, every API should have its own token especially for Cyber Security issues. A token shouldn't give authorization to open all the gates for all API's in Zendesk. Prioritized Tokens for specific API is a must in today's world. Zendesk must find a way for this problem.
Have a nice day.
Thanks for the feedback Erkin. Agree that having the option to have scoped or restricted clients is something that could be added to improve security best practices.
Today, you can restrict the scope to read/write in Chat: https://developer.zendesk.com/api-reference/live-chat/chat-api/oauth_clients/
For Support, you have more granular read/write settings per data type: https://developer.zendesk.com/api-reference/ticketing/oauth/grant_type_tokens/#scope
As we work to consolidate and align the API offerings we have, we can consider making scope also include platform components like the conversations APIs. This is currently not on the roadmap for the next nine months but if that changes we will let you know here.
Please sign in to leave a comment.