Is it possible to create service account to grant access in case the token invalidated after user is deleted ?

Hi Mike,

You could address that by using an API Token which is associated with the account instead of a specific user. If you want to use OAuth, I’d suggest that you require that your app is installed by the account owner (who’s unlikely to be ever deleted).

Hope that helps!

I worked on the Zendesk integration for xkit.co - if you’d rather not build your integration by hand, reach out to us and we can help.

Hi Stefan, 

I see, thanks for your reply :) 

Using the API token means the integration has unscoped access. When possible it's always preferred to have scoped access. From a security perspective I would advise using Scoped OAuth calls, and have a service account per integration.

Hi Kay,

Yes, finally I didn't use API token for my implementation due the scoped access.

But there's no scope setting for some API like incremental export, ticket_audits ,..., etc and have to ask for scope "read" for all resources which will make scoped access unavailable though.