What is the use of csrf token in api.

image avatar

Shsb bdhd

Posted Nov 23, 2022

I was checking this link https://support.zendesk.com/hc/en-us/community/posts/4408861009434-How-to-get-CSRF-token-for-API-requests-in-Help-Center I got an doubts what if we can get that csrf token. Whether this token is used as Zendesk api key. To retrieve any information? Is this token is sensitive?

0

3

3 comments

Date
    Newest
      image avatar

      Eric Nelson

      Hi there,

      It's not sensitive information api/v2/users/me is only available to logged in users. Similarly that CSRF token is only able to be used by the matching logged in user to access information and do actions that they would normally be able to do as a logged in user.  

      0

      image avatar

      Shsb bdhd

      Hi Eric,
      there is one website of my client where thue endpoint api/v2/users/me.json was giving some tokens instead of 403.
      So my question was the disclosing of this token is a sensitive information? Is this the intended behavior? 

      0

      image avatar

      Eric Nelson

      Hey there,

      A CSRF token is used to prevent cross-site forgery attacks when making Zendesk API calls that are available for end users from the help center. A really good explanation of what it is can be found here
       
      Hope this helps!

      0

      Sign in to leave a comment.

      Didn't find what you're looking for?

      New post