Passing API Header in HTTP Target
My objective is to simply pass ticket information when a ticket is created to an external application using an HTTP API target. I am able to pass an API Key in the URL such as https://www.somewebsite.com/index.php/api/get_projects_and_boards/apikey/<key value> but that is an unsecure method and exposes my API key.
Similar to the "Form Encoded" method you can select when creating your HTTP target that gives you an option for a "key" and "Value," it would be extremely helpful if you were able to specify custom header keys to be passed in the api call.
-
Official comment
Hi all,
I'd like to provide an update here. Webhooks is the spiritual successor to HTTP targets. With webhooks being in active development, we are exploring additional API authentication methods to be added. We absolutely agree that there needs to be more options for developers as basic auth just isn't what it was in 2015.
I'd love to hear a bit more about the different authentication schemes required for these notifications and which are the most common. For reference, here's what we're exploring adding:
- AWS HMAC
- OAuth 2.0
We'd love to hear about what other things people need. We understand there are other use-cases for custom headers outside of authentication, these may be further down our list. But we're keen to understand the needs here.
Cheers,
Chris
-
Also wishing for something more modern than basic auth. Services today often require a bearer token or custom auth headers. Please allow us to set custom headers in outbound messages.
-
I too agree that this needs to be addressed. In order to bypass this limitation, I had to create a web function in Azure that receives the "Zendesk" limited feature way, and does it appropriately on the other side but now I have to introduce another system in the middle to do this, which introduces costs, potential issues etc. Can we please address the root cause of the issue by allowing a simple customization of the auth headers?
-
Unfortunately basic auth is far less than standard now days and would mean creating another form of authentication for my APIs just to have Zendesk make a POST request. The only reason we even need this is because the Zendesk API doesn't allow you to specify which custom field you are searching for when looking for a custom ticket field with a specific value.
-
Another vote for this... basic auth really isn't very helpful any more. I need the ability to pass in a Bearer Token in the header.
Looking forward to an update on this from the zendesk team
-
Yes. Please! +1 for headers
-
Hello,
Is it possible to know when/if there will be an option to set headers to the api call?
Regards
-
AWS API Gateway doesn't support basic auth. Please add the ability to set headers to support API Keys.
-
Has anyone found a solution to this? The webhook feature is useless without the ability to pass a token in the header.
-
Hi Wayne, Nicole,
I'll second that - I need to be able to pass Application ID and API Key as custom headers. Is this possible?
Cheers,
David. -
Hi,
Just bumping up this discussion since we would also appreciate this functionality in one of our use cases of passing info from Zendesk to a 3rd party application with customized authorization headers.
-
+1
-
Totally agree, the ability to pass custom headers, esp. for authentication, is a must have for this type of functionality.
It would be really great if the Zendesk Product team could take an official stand on this, as to whether this will be considered for implementation and by when, or not.
-
Revoting for this because we really need this option. Our main use case is to pass secure settings as headers. If we can use placeholders such as {{setting.my_secure_token}}, that would be amazing. Even Zapier has this option.
-
Adding another voice in favor of this idea. Others have already noted how convoluted workarounds are required for basic integration with almost every platform besides the few with supported connectors. Setting-up complicated intermediary solutions to configure request headers is both costly and unsustainable.
It was a feature gap 3 years ago. Now, custom headers and conditional logic are standard functionality among many of the countless ZenDesk competitors–some of which are younger than this thread! Basic integration features like this have become ubiquitous, and so I struggle to recommend ZenDesk to any of my customers with multiple systems because of the lack of a timeline( or even a response) on this topic. -
HeyO Wayne & David,
While this isn't possible yet, I just spoke with one of our Product Managers who indicated this was a need that they are planning on addressing in the webhooks feature mentioned here: https://support.zendesk.com/hc/en-us/community/posts/115000453227-Feature-request-Webhooks Although the ability to pass headers isn't specifically mentioned in the post/comments, please know that it is being discussed as a related need.
We don't yet have a timeline for that yet, but it's definitely something that's planned that we hope to build soon! I recommend following the aforementioned community post so that you're notified when that gets launched. If there's a beta for that feature prior to its general release, they'd likely indicate within that thread. If you have additional questions related to this or would like to elaborate on the specifics of your use-case (although passing auth headers/API keys is understandable), please feel free to put those notes into either one of these posts.
Thanks again for this feedback request!
-
Hey Wayne & David,
One point I missed about your request previously is that we do actually support Basic Authentication on HTTP Targets. This will not enable you to set a custom header, but it will enable you to set a standard Basic value on the Authorization header. This is a standard way of passing a username and password, or just a token, as a Base 64 encoded string. https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Basic_authentication_scheme
With this and HTTPS you should have a nice secure, and standardized, way of passing credentials to the destination service. I know it won't work for every out-of-the-box destination API, but it should work for many APIs and any custom integrations you can dream up :)
-
I'm having trouble getting this to work with FreePBX REST interface. I don't think the token is being passed properly using the simple auth box?
-
HeyO Richard,
Apologies for the delay in replying to you! Our support team should be able to see whether authentication information is being passed successfully to Zendesk in your requests.
Depending on the action being taken, I would either expect a 401 or 403 error in response to the request. Are those what you're seeing? If so, I recommend reaching out to support@zendesk.com with your subdomain and an example of the request you're making (without credentials for security's sake) so that folks can look through logs for those.
-
Please, add ability to set custom auth headers for webhooks. Lack of that makes webhook feature useless.
-
This is still a problem and seems like a pretty standard feature to have. Can someone please address this - it greatly reduces the flexibility of this feature by not allowing us to change the authentication type OR add headers.
-
The external HTTP target will soon be a bit worthless with out the ability to use some fairly standard headers like Authorization. It seems like this is another feature that has been asked for for a few years now.
-
Like others, I have a 3rd party app that does not support basic auth. I need to be able to pass an API token value in the auth header. Thus far I have not found a way to do this.
I was able to do this by using Zapier but I don't feel like we should have to involve another app.
-
Hi Wayne -
Thanks for the feedback. I see that this is your first post - Welcome to the Zendesk Community! I encourage you to head over to the Welcome Thread in The Lounge to introduce yourself.
We look forward to seeing you around the Community. Happy Zendesking! -
Dwight - thanks for the speedy reply and info, it's much appreciated!
-
3 Years in the making...and still no solution. You have my vote.
-
@... This is great! Thanks for the update.
We would very much like support for API keys in custom headers. Specifically, we use the X-API-Key custom header for all of our APIs (hosted on Amazon API gateway). I'd imagine a lot of customers and other third-party developers would also want to use an API key at some point.
We're currently using a query string parameter in the target's URL, which is not ideal from a security perspective. Would be great if we can pass it as a header and hide the key's value.
X-API-Key is the standard header used by Amazon API gateway. See AWS's documentation.
Edit: just played around with the new Webhooks feature, and I was able to use the Bearer option as a workaround. Also nice that the token is scrubbed in webhook activity details. Couldn't get placeholders like {{ticket.id}} to work for path parameters, but I'm assuming that'll get fixed. Looking forward to migrating our targets to webhooks!
-
+1 from me.
As we want to extend functionality of Zendesk Support for Jira integration plugin with some custom automations, we need to be able to pass to JIRA API custom basic auth headers. And NO, current Bearer token authentication just doesn't work :( -
+1 on custom headers
not only for improved authentication but some apis require accept header -
Any update on API Keys through Header?
Please sign in to leave a comment.
32 Comments