What is the use of csrf token in api.



投稿日時:2022年11月23日

I was checking this link https://support.zendesk.com/hc/en-us/community/posts/4408861009434-How-to-get-CSRF-token-for-API-requests-in-Help-Center I got an doubts what if we can get that csrf token. Whether this token is used as Zendesk api key. To retrieve any information? Is this token is sensitive?

0

3

3件のコメント

Hi there,

It's not sensitive information api/v2/users/me is only available to logged in users. Similarly that CSRF token is only able to be used by the matching logged in user to access information and do actions that they would normally be able to do as a logged in user.  

0


Hi Eric,
there is one website of my client where thue endpoint api/v2/users/me.json was giving some tokens instead of 403.
So my question was the disclosing of this token is a sensitive information? Is this the intended behavior? 

0


Hey there,

A CSRF token is used to prevent cross-site forgery attacks when making Zendesk API calls that are available for end users from the help center. A really good explanation of what it is can be found here
 
Hope this helps!

0


サインインしてコメントを残します。

お探しのものが見つかりませんか?

新規投稿