What is the use of csrf token in api.
I was checking this link https://support.zendesk.com/hc/en-us/community/posts/4408861009434-How-to-get-CSRF-token-for-API-requests-in-Help-Center I got an doubts what if we can get that csrf token. Whether this token is used as Zendesk api key. To retrieve any information? Is this token is sensitive?
A CSRF token is used to prevent cross-site forgery attacks when making Zendesk API calls that are available for end users from the help center. A really good explanation of what it is can be found here.
Hope this helps!
there is one website of my client where thue endpoint api/v2/users/me.json was giving some tokens instead of 403.
So my question was the disclosing of this token is a sensitive information? Is this the intended behavior?
It's not sensitive information
api/v2/users/meis only available to logged in users. Similarly that CSRF token is only able to be used by the matching logged in user to access information and do actions that they would normally be able to do as a logged in user.
Please sign in to leave a comment.