Passing API Header in HTTP Target

Completed


Posted Oct 24, 2017

My objective is to simply pass ticket information when a ticket is created to an external application using an HTTP API target. I am able to pass an API Key in the URL such as https://www.somewebsite.com/index.php/api/get_projects_and_boards/apikey/<key value> but that is an unsecure method and exposes my API key.

Similar to the "Form Encoded" method you can select when creating your HTTP target that gives you an option for a "key" and "Value," it would be extremely helpful if you were able to specify custom header keys to be passed in the api call.

 


21

37

37 comments

Official

image avatar

Chris Sos

Zendesk Product Manager

Hi all,

I'd like to provide an update here. Webhooks is the spiritual successor to HTTP targets. With webhooks being in active development, we are exploring additional API authentication methods to be added. We absolutely agree that there needs to be more options for developers as basic auth just isn't what it was in 2015.

I'd love to hear a bit more about the different authentication schemes required for these notifications and which are the most common. For reference, here's what we're exploring adding:

  • AWS HMAC
  • OAuth 2.0

We'd love to hear about what other things people need. We understand there are other use-cases for custom headers outside of authentication, these may be further down our list. But we're keen to understand the needs here.

Cheers,

Chris

1


Also wishing for something more modern than basic auth. Services today often require a bearer token or custom auth headers. Please allow us to set custom headers in outbound messages.

 

9


I too agree that this needs to be addressed. In order to bypass this limitation, I had to create a web function in Azure that receives the "Zendesk" limited feature way, and does it appropriately on the other side but now I have to introduce another system in the middle to do this, which introduces costs, potential issues etc. Can we please address the root cause of the issue by allowing a simple customization of the auth headers?

5


Unfortunately basic auth is far less than standard now days and would mean creating another form of authentication for my APIs just to have Zendesk make a POST request.  The only reason we even need this is because the Zendesk API doesn't allow you to specify which custom field you are searching for when looking for a custom ticket field with a specific value.

4


Yes. Please! +1 for headers

4


Another vote for this... basic auth really isn't very helpful any more. I need the ability to pass in a Bearer Token in the header.

 

Looking forward to an update on this from the zendesk team

4


Hello,

Is it possible to know when/if there will be an option to set headers to the api call?

Regards

3


Hi Wayne, Nicole,

I'll second that - I need to be able to pass Application ID and API Key as custom headers. Is this possible?

Cheers,
David.

3


Has anyone found a solution to this? The webhook feature is useless without the ability to pass a token in the header.

3


AWS API Gateway doesn't support basic auth. Please add the ability to set headers to support API Keys.

3


+1

 

2


Sign in to leave a comment.

Didn't find what you're looking for?

New post