3 Comentarios

  • Eric Nelson
    Zendesk Developer Advocacy
    Hey there,

    A CSRF token is used to prevent cross-site forgery attacks when making Zendesk API calls that are available for end users from the help center. A really good explanation of what it is can be found here
     
    Hope this helps!
    0
  • Shsb bdhd

    Hi Eric,
    there is one website of my client where thue endpoint api/v2/users/me.json was giving some tokens instead of 403.
    So my question was the disclosing of this token is a sensitive information? Is this the intended behavior? 

    0
  • Eric Nelson
    Zendesk Developer Advocacy
    Hi there,

    It's not sensitive information api/v2/users/me is only available to logged in users. Similarly that CSRF token is only able to be used by the matching logged in user to access information and do actions that they would normally be able to do as a logged in user.  
    0

Iniciar sesión para dejar un comentario.

Tecnología de Zendesk