Recent searches
No recent searches
Passing API Header in HTTP Target
Completed
Posted Oct 24, 2017
My objective is to simply pass ticket information when a ticket is created to an external application using an HTTP API target. I am able to pass an API Key in the URL such as https://www.somewebsite.com/index.php/api/get_projects_and_boards/apikey/<key value> but that is an unsecure method and exposes my API key.
Similar to the "Form Encoded" method you can select when creating your HTTP target that gives you an option for a "key" and "Value," it would be extremely helpful if you were able to specify custom header keys to be passed in the api call.
21
37
37 comments
Scott
Chris Sos This is great! Thanks for the update.
We would very much like support for API keys in custom headers. Specifically, we use the X-API-Key custom header for all of our APIs (hosted on Amazon API gateway). I'd imagine a lot of customers and other third-party developers would also want to use an API key at some point.
We're currently using a query string parameter in the target's URL, which is not ideal from a security perspective. Would be great if we can pass it as a header and hide the key's value.
X-API-Key is the standard header used by Amazon API gateway. See AWS's documentation.
Edit: just played around with the new Webhooks feature, and I was able to use the Bearer option as a workaround. Also nice that the token is scrubbed in webhook activity details. Couldn't get placeholders like {{ticket.id}} to work for path parameters, but I'm assuming that'll get fixed. Looking forward to migrating our targets to webhooks!
0
Official
Chris Sos
Hi all,
I'd like to provide an update here. Webhooks is the spiritual successor to HTTP targets. With webhooks being in active development, we are exploring additional API authentication methods to be added. We absolutely agree that there needs to be more options for developers as basic auth just isn't what it was in 2015.
I'd love to hear a bit more about the different authentication schemes required for these notifications and which are the most common. For reference, here's what we're exploring adding:
We'd love to hear about what other things people need. We understand there are other use-cases for custom headers outside of authentication, these may be further down our list. But we're keen to understand the needs here.
Cheers,
Chris
1
Justin Federico
Like others, I have a 3rd party app that does not support basic auth. I need to be able to pass an API token value in the auth header. Thus far I have not found a way to do this.
I was able to do this by using Zapier but I don't feel like we should have to involve another app.
1
Anton vh
3 Years in the making...and still no solution. You have my vote.
0
T Davis
Adding another voice in favor of this idea. Others have already noted how convoluted workarounds are required for basic integration with almost every platform besides the few with supported connectors. Setting-up complicated intermediary solutions to configure request headers is both costly and unsustainable.
It was a feature gap 3 years ago. Now, custom headers and conditional logic are standard functionality among many of the countless ZenDesk competitors–some of which are younger than this thread! Basic integration features like this have become ubiquitous, and so I struggle to recommend ZenDesk to any of my customers with multiple systems because of the lack of a timeline( or even a response) on this topic.
2
Scott
Revoting for this because we really need this option. Our main use case is to pass secure settings as headers. If we can use placeholders such as {{setting.my_secure_token}}, that would be amazing. Even Zapier has this option.
2
Nikos Karapanos
Totally agree, the ability to pass custom headers, esp. for authentication, is a must have for this type of functionality.
It would be really great if the Zendesk Product team could take an official stand on this, as to whether this will be considered for implementation and by when, or not.
2
The Original DKNY
The external HTTP target will soon be a bit worthless with out the ability to use some fairly standard headers like Authorization. It seems like this is another feature that has been asked for for a few years now.
1
Scott
Yes. Please! +1 for headers
4
Aaron Lupo
This is still a problem and seems like a pretty standard feature to have. Can someone please address this - it greatly reduces the flexibility of this feature by not allowing us to change the authentication type OR add headers.
1
Sign in to leave a comment.