Is it possible to create service account to grant access in case the token invalidated after user is deleted ?

4 Comentarios

  • Stefan

    Hi Mike,

    You could address that by using an API Token which is associated with the account instead of a specific user. If you want to use OAuth, I’d suggest that you require that your app is installed by the account owner (who’s unlikely to be ever deleted).

    Hope that helps!

    I worked on the Zendesk integration for xkit.co - if you’d rather not build your integration by hand, reach out to us and we can help.

    0
  • Mike Chiu

    Hi Stefan, 

     

    I see, thanks for your reply :) 

    0
  • Kay
    Community Moderator

    Using the API token means the integration has unscoped access. When possible it's always preferred to have scoped access. From a security perspective I would advise using Scoped OAuth calls, and have a service account per integration.

    0
  • Mike Chiu

    Hi Kay,

    Yes, finally I didn't use API token for my implementation due the scoped access.

    But there's no scope setting for some API like incremental export, ticket_audits ,..., etc and have to ask for scope "read" for all resources which will make scoped access unavailable though.

     

    0

Iniciar sesión para dejar un comentario.

Tecnología de Zendesk