最近搜索


没有最近搜索

What is the use of csrf token in api.



已于 2022年11月23日 发布

I was checking this link https://support.zendesk.com/hc/en-us/community/posts/4408861009434-How-to-get-CSRF-token-for-API-requests-in-Help-Center I got an doubts what if we can get that csrf token. Whether this token is used as Zendesk api key. To retrieve any information? Is this token is sensitive?

0

3

3 条评论

Hi there,

It's not sensitive information api/v2/users/me is only available to logged in users. Similarly that CSRF token is only able to be used by the matching logged in user to access information and do actions that they would normally be able to do as a logged in user.  

0


Hi Eric,
there is one website of my client where thue endpoint api/v2/users/me.json was giving some tokens instead of 403.
So my question was the disclosing of this token is a sensitive information? Is this the intended behavior? 

0


Hey there,

A CSRF token is used to prevent cross-site forgery attacks when making Zendesk API calls that are available for end users from the help center. A really good explanation of what it is can be found here
 
Hope this helps!

0


登录以发表评论。

找不到所需的内容?

新建帖子