Hide Secret Token by 3rd Party API Call on Zendesk

Hi there, In terms of Zendesk, there currently isn't native support for environment variable-like entities similar to a .env file. This means there's no standard way to hide sensitive information, like an API token, in a secure file within Zendesk itself.
 
As you mentioned, storing sensitive information directly in code or configuration files is not a best practice. In this case, the recommended approach will depend on the specifics of your use case and the capabilities provided by your system architecture.
 
That being said, it's usually best to handle API calls involving sensitive data server-side rather than client-side, where the code is available publicly. For Zendesk, you could use Zendesk Apps Framework (ZAF) and OAuth to securely pass tokens between Zendesk and your integrations, but this may not work for some APIs.

I also see that you've reached out to our Advocacy team and informed you to submit this community forum. Rest assured that your post will be routed to our Dev team and see if they can consider this in the future. Thank you and have a lovely day!