- Zendesk help
- Support
- Support advice and troubleshooting
- API and SDK
Dwight Bussman
- Edited
Zendesk Customer Care
Question
How can I authenticate API requests using one of Zendesk v2 APIs?
Answer
You must be a verified user to make API requests. To authenticate API requests, use basic authentication with your email address and password, your email address and an API token, or an OAuth access token.
All methods of authentication set the authorization header differently. Credentials sent in the payload or URL are not processed.
To view information on each authentication method, click each of the tabs below.
Password authentication
API token authentication
OAuth access token authentication
Password authentication
If you use basic authentication, combine your email address and password to generate the authorization header. To use basic authentication, enable Password access in Admin Center under Apps and integrations > APIs > Zendesk API, as well as within the relevant authentication section, either team member or end user.
Format the email address and password combination to be an Base-64 encoded string. For an example of how to format the authorization header, see the code block below.
Authorization: Basic {base-64-encoded email_address:password}API token authentication
If you use an API token, combine your email address and API token to generate the authorization header. Format the email address and API token combination to be an Base-64 encoded string. For an example of how to format the authorization header, see the code block below.
Authorization: Basic {base-64-encoded email_address/token:api_token}OAuth access token authentication
If you use OAuth to authenticate, format the authorization header as seen below.
Authorization: Bearer oauth_access_token
For more information, see this article: Using OAuth authentication with your application.
Viewing your authorization header
To see exactly what your app sends, use a third-party page such as Request Bin. Compare your headers to those being generated by a webhook using an OAuth authentication. Point the webhook to your requestb.in URL and, on the Add webhook page, click Test webhook to see this in action.
Once the request hits your requestb.in, it appears like this:
The string after Authorization: Bearer is the API key provided by RequestBin in your account settings under Programmatic Access.
If you use Python to make requests, set your session headers as follows.
session = requests.Session()
session.headers = {'Content-Type': 'application/json', 'Authorization': 'Basic Basic_64_encoded_code'}
For more information, see the developer documentation: Security and authentication.
Return to top
Date Votes
-
Bonaliza Garcia
Hi, I'm working on a custom request form for our end-users (but still within our Zendesk subdomain). When I try to submit the form and send the data to create the request, it returns with a 403 error. The same code works on postman and the request is being created.
See AlsoUse API Keys with Places API | Google for DevelopersSign In With Coinbase API Key Authentication | Coinbase CloudCoinbase Exchange: User Review Guide - Master The CryptoAPI security best practices | Google Maps Platform | Google for DevelopersI'm having a hard time figuring out why im getting a 403. I tried both email/token:api_key authentication and basic email:password authentication.
https://support.zendesk.com/hc/en-us/community/posts/1260800839050-403-error-when-creating-request-via-API
-
Tomer Ben-Arye
@...
I think my code 5 post above will help you.
https://support.zendesk.com/hc/en-us/articles/115000510267/comments/360005066074
-
Bonaliza Garcia
@Tomer did you mean the base64 encoded? I did that, my email/token:api_token is encoded. I tried manually encoding it using one of the websites and also dis btoa('email/token:api_token'); but both gave me a 403 error.
-
Bheem Aitha
Hi @...
I am getting the same authentication error. Can you please help me on this? I also created a ticket on this.
C:\Users\yyy> curl https://<subdomain>.zendesk.com/api/v2/users.json -u yyy@<company>.com/token:xxxxxxx
{"error":"Couldn't authenticate you"}
Thanks
-Bheem
-
Waseem Khan
- Edited
Hi Team,
Precindition: Token is created in zendesk
I as an admin share my email address and token with other team member. Can they acess the API's? or is it like i need to login to zendesk from the same system/pc from where the user is trying to access the API's?
Or they can just pass my email address and token simply without i being logged in to zendesk?
Regards,
Waseem
-
Dwight Bussman
Zendesk Customer Care
Waseem Khan
Simply having your email & API token is sufficient for any user to make API requests on behalf of your user. This gives them the ability to do anything your user would be able to do via the API. This includes deleting things like tickets/users/organizations/articles/sections/categories/triggers which can be very destructive. For this reason, I would encourage you to be very selective about who has access to these tokens.
-
Nick Bolton
Please make it clearer on this page that you have to Base-64 encode the token. Here's the command that I used on Mac to Base-64 encode my token.
echo -n '[email protected]/token:abc123' | base64
-
Dwight Bussman
Zendesk Customer Care
HeyO Nick,
Thanks for the feedback. I will make updates to this article to make that clearer.
-
Dan Reyes-Cairo(Staging)
I just ran into and resolved an issue using Postman for API requests where the following was returned:
"error": "Couldn't authenticate you"
Per the API documentation I was using the following so everything should have been set up correctly:
- Basic Auth
- Format: {admin_email}/token:{admin_api_key}
- URL: {my_domain}.zendesk.com/api/v2/{endpoint}
Turns out, when the base64 encoded Authentication value was being decoded in Postman, it was adding an additional colon : to the decoded username string (I had to check this using a third-party decoding site).
To resolve, I had to:
- Copy the rendered Authorization value in the Header's tab
- set Postman to "No Auth"
- Manually input the "Authorization" key on the Header's tab
- Paste in the copied value
- Remove the "g==" that had been added to the encoded value (which removed the colon from the decoded value back to what I had originally input)
At that point my requests started going through. Hope this helps anyone else that runs into this with Postman!
-
Ramy Ben Aroya
I have setup SSO for my end users.
I want to show some of the Zendesk content on my own web app platform without having to proxy the requests to Zendesk API through my server.
Is there any option to issue /api/v2/help_center/* requests with the JWT token I get from /access/jwt endpoint?
Also what about CORS? Of course for now I get only 401 response but I see it is not supporting cross origin requests. -
Fraser, Vanessa
Hi! I'm trying to use Azure Logic Apps to Authentic for a POC but I keep getting 401 Couldn't authenticate you.
I've encoded my username/token:aaaa via powershell this way but I must be missing something.
$text = "[email protected]/token:tokentexthere"
$encoded = [convert]::ToBase64String([text.encoding]::Unicode.GetBytes($text))
$encodedI went through this article and tried OAuth, api, user/password but just not getting authenticated.
Any ideas would be welcome!
-
Dwight Bussman
Zendesk Customer Care
Hi Fraser, Vanessa
After doing that encoding are you passing the encoded value in as a Basic Authorization header as documented here: https://developer.zendesk.com/api-reference/introduction/security-and-auth/#basic-authentication
Authorization: Basic {base64-encoded-string}If that doesn't help sort things out for you, I recommend contacting our support team to look into logs for your specific account.
-
Fraser, Vanessa
- Edited
I'm sure it is something I'm doing wrong but I have been over and over that article and am not seeing what I have done wrong. I'll contact support. Also I can curl using the email/token:tokeninfo so it has to do with my encoding of the email/token:tokeninfo.
-
Felipe Costa
Hello, SSO authentication works to customer's side?
We don't have our customer's zendesk password. -
Dane
Zendesk Engineering
Hi Felipe,
Yes, you can use SSO for your end users. Please refer to Providing multiple sign-in options for team members and end users.
-
Dermot Doran Cato Networks
- Edited
Hi All!
If you are working on macOS, I recommend that you follow the tip given by Nick Bolton. I tried to create the base64 code using the -i option of the base64 comman, but it kept adding an extra character to the end of encoded output.
Cheers!!
Dermot
Please sign in to leave a comment.
More about
- API
Related articles
- Using OAuth authentication with your application
- Managing access to the Zendesk API
- Zendesk Support search reference
- End users receiving "Couldn't authenticate you..." error when signing in
- Exporting ticket, user, or organization data from your account
As an enthusiast with demonstrable expertise in Zendesk and its API authentication methods, I can confidently provide insights into the information presented in the provided article. Here's a breakdown of the concepts covered:
-
Zendesk v2 API Authentication Methods:
-
Password Authentication:
- Users need to be verified to make API requests.
- Basic authentication is used with the email address and password.
- Password access must be enabled in Admin Center under "Apps and integrations > APIs > Zendesk API."
- The email address and password combination are Base-64 encoded to generate the authorization header.
-
API Token Authentication:
- API tokens can be used for authentication.
- Combine the email address and API token, and encode them in Base-64 for the authorization header.
-
OAuth Access Token Authentication:
- OAuth authentication is another method.
- The authorization header is formatted as "Authorization: Bearer oauth_access_token."
-
-
Viewing Authorization Header:
- Third-party pages like Request Bin can be used to view what the app sends.
- In Python, headers for requests can be set using the provided Base-64 encoded code.
-
Troubleshooting and Community Interactions:
- Users like Bonaliza Garcia and Bheem Aitha face authentication issues and seek help in the Zendesk community.
- Tomer Ben-Arye offers assistance in resolving a 403 error.
- The article addresses issues raised by users, providing solutions and additional clarity.
-
User Authorization and Security Concerns:
- Waseem Khan inquires about API access and security.
- Dwight Bussman, from Zendesk Customer Care, clarifies that sharing email and API token is sufficient for API access, emphasizing the need for caution due to potential destructive actions.
-
Feedback and Improvements:
- Nick Bolton suggests making it clearer that the token must be Base-64 encoded.
- Dwight Bussman acknowledges the feedback and commits to updating the article.
-
Issues and Solutions:
- Dan Reyes-Cairo shares a resolution to a 403 error encountered in Postman due to Base-64 decoding issues.
- Fraser, Vanessa faces a 401 error and seeks help, and Dwight Bussman advises on correct encoding for authorization.
-
SSO Authentication and Multiple Sign-in Options:
- Ramy Ben Aroya inquires about using SSO for end users.
- Zendesk Engineering (Dane) confirms that SSO can be used for end users and provides a reference link.
-
Additional Tips and Recommendations:
- Dermot Doran shares a tip for macOS users regarding Base-64 encoding.
In summary, the article comprehensively covers various authentication methods, addresses common issues faced by users, provides troubleshooting guidance, and incorporates community interactions to enhance user understanding and resolve authentication challenges in the Zendesk API.
