Confusing Process to get API Client to Work - Help



Posted Aug 01, 2024

I'm baffled as to how to ultimately get our backend service to talk to the Chat API so we can add users/organizations programmatically. I have read the countless posts about it and besides being out of date they tend to use the same terminology for different things and ultimately link back to stuff that doesn't help. Surely I cannot be the only person trying to do this very simple thing.

 

Here's what I understand at this point. 

- There are 2 different APIs and oauth clients. The first API/client is related to “managing” Zendesk stuff. The second API/client is specifically for Chat API. I have no idea if this is correct or why this even exists but let's move on.

- In order to use client credentials for the Chat API we have to first create the OAuth client in the UX, then use Postman or related to update that client to mark it as confidential

 

Here's what we want to do.

- Programmatically create new/update existing users and organizations via the API with NO interaction from the actual end user.

- Integrate the chat web widget into our app and pass along the user ID we generated such that agents can see the user's data and related organizations. Ideally this would be done using the messenger widget and JWT but as documented on the support site and elsewhere this doesn't allow us to pass any data besides the user information which makes it mostly useless.

- We DO NOT have any plans to create a dummy redirect site to prompt the end user for any permissions to access their account. We create and manage these accounts and will be doing all this ourselves. 

 

Here's where I'm at.

- We added a Chat API Oauth client via (Apps and Integrations\Connections\OAuth Clients).  

- We have the widget hosted in our web app and we are generating and passing the correct JWT to ZD such that we should be able to connect to the correct user, once we get them programmatically created.

- We added an API OAuth client via (Apps and Integrations\APIs\Zendesk API\OAuth clients).

- Using the API client we are able to 

   - Use Postman to authenticate using password grant

   - Using token can get API Oauth clients and a few other endpoints to work

- In order to switch the Chat API Oauth client to confidential we need to get access to it.

  - Using the Chat API \ List Chats endpoint generates 401 because our API OAuth Client doesn't have permissions?

 

What we need help with.

- What are the 2 different OAuth clients used for and do we need both?

- How do we programmatically flip the Chat API Oauth client to confidential using our existing password grant OAuth client?

- Which OAuth client should we be using to add/edit users and organizations?

- Which OAuth client should we be using (if any) for the web widget integration that is already working?


0

3

3 comments

Thank you very much - we have few hoops to jump through but I really appreciate the time and effort you have put in this being thorough. Thanks again and I hope it all works out for you and your company

0


I ended up working with their architect directly to get answers. Here's some guidance that I learned.

  1. You need to use the Support API, not the Chat API, if you want B2B integration. The Support API is discussed [here](https://developer.zendesk.com/api-reference/).
  2. The Support API allows you to do everything that you likely need to do including creating users and customers and managing them. 
  3. The Support API is standard OAuth2, no consent needed, and is set up using the `Apps and Integrations > APIs > Zendesk API > OAuth Clients` setting.
  4. If you want to “login” users to the chat when they go to your app then you'll need to call the login API which requires a symmetric key and KeyId (`kid`). You then encode it in a JWT. To set this up you have to go to the `Account > Security > End user authentication > Messaging`. Then you create key. The `ID` in the UX is the `keyId` in the JWT while the `Secret` is the symmetric key you need to use to encode (as HMACSHA256) your JWT to send to Zendesk as the token. This needs to be done server side since the information is confidential and you don't to share your key.
  5. Once you have the encrypted token you can call their `chat/login` to login the user.
  6. If you're using the newer messenger widget then note that prefill isn't available anymore and unless you use an authenticated user then name/email cannot be sent unless you add it to your messaging bot and have the user provide it. Other conversation fields can be set, by ID, using the `messenger:set` and `conversationFields` call to `zE`.
  7. Note that email addresses for users MUST BE unique, and this includes agents. It doesn't matter about any of the other fields but if any 2 users have the same email address it will fail attempts to create or log in the user. This is a big limitation for us. After talking with them we are looking at using email+label addressing. Most email servers support it but it isn't a great solution for clients (because it won't map to user identities correctly in all cases) and not all servers actually support it.

Hope this helps.

1


My company, is going down this path as well and frankly not as well as you are doing so I appreciate the trail you are blazing here. We are trying to pull chat information into Salesforce to create an automated process to add leads information and potentially contact data, etc.

0


Sign in to leave a comment.

Didn't find what you're looking for?

New post