[API] - Configurable Scoped Tokens

2 Commentaires

  • Bryan - Community Manager
    Zendesk Developer Support

    Thank you for the feedback Zac. As you noted, there's a lot of power with "API Tokens", which can be turned off if this doesn't meet someone's needs or the token can't be securely maintained.

    The real solution here is to use OAuth tokens instead. Those do have more limited scopes, along the lines that you mention. As the platform moves forward, how granular authorization is and these different options are going to be looked at, so expect changes that make the product even more secure. Thank you again!

  • Zac

    Thanks Bryan! I appreciate your help on this. Quick question: is it true that when the OAuth scope requested by the application is changed by the application publisher, that Zendesk forces an admin to re-authorize the app?


Vous devez vous connecter pour laisser un commentaire.

Réalisé par Zendesk