Currently today Zendesk API Tokens do not offer enough security to allow non-admin teams to have access to tokens. As Zendesk does not validate a specific user to a token, or what a token has permission to do, all tokens are Admin level.
This is caused by a user only needing to know an admin email address and the token. If they replace their email with the admin email, they are now an Admin instead of the role that was designated to their user.
Please sign in to leave a comment.