Last Updated: February 2025
In case you are using Zendesk software and want to authenticate any incoming processes, then you need to use application programming interface (API) token.
Actually, for integrations, you can use the Zendesk API token as part of two-factor authentication.
So, learn all the following details about Zendesk API from this article.
Benefits Of Zendesk API Tokens
1) Authentication
Usually, authentication is the process of verifying the identity of a user or a process. Here, by using Zendesk API Tokens, you can perform the authentication of API requests.
For example, you want to use Voleer templates with Zendesk. But to achieve this, the templates need to access Zendesk information and so you need to supply credentials for Voleer.
But, if you use an API token, you do not need any additional license for Voleer access and only require Voleer credentials.
2) Unlimited API Tokens
You are allowed to create any number of API access tokens that too with an unlimited lifetime.
However, you need to make sure to keep all the tokens in a secure location as they are important to prevent unauthorized access.
Also, read – Steps to Generate Zendesk Triggers
Steps To Create Zendesk API Token And Authenticating API Requests
In Zendesk, admins can add, view, delete, and manage API tokens. But first, the administrator should enable API token access as it is disabled by default.
Steps to Enable API Token Access
- Go to your admin center and click on Apps and integrations. It is available on the sidebar.
- Next, select APIs > Zendesk APIs.
- Now, click on the toggle beside Token Access to enable API token access.

Steps to Generate an API Token
- Go to your admin center. Click on Apps and integrations available on the sidebar and select APIs > Zendesk APIs.
- Next, click on the Settings tab and ensure that Token Access is enabled.
- On the right side of Active API Tokens, you can see an Add API token button. Click on it so the token is created.

- You need to enter a description in the textbox displayed in the API token description (optional).
- Now, click on Copy and paste it somewhere secure. Because, when you close the window, the entire token is never displayed again.
- Finally, click on the Save button to return to the API page.
In case you click it again to reopen, then a truncated token appears.

Also, read – How to Create Zendesk Out of Office Responses
Zendesk API Authentication
In Zendesk only a verified user can make API requests. You can authenticate API requests with
- Your email address and password,
- OAuth access token,
- Your email address and API token.
Email Address and Password
This is a basic authentication where you combine your email address and password to generate an authentication header.
Remember that the combination should be a Base-64 encoded string.
Format the authentication header as follows:
Authorization: Basic {base-64-encoded email_address:password}
OAuth Access Token
If you are using OAuth for authentication, then do as below.
Format the authentication header as follows:
Authorization: Bearer oauth_access_token
Also, know that the OAuth access token is equivalent to the Zendesk API key so you should keep it secure.
For more information, you can read about using OAuth authentication!
Email Address and API Token
For the generation of the authentication header, you will combine your email address and API token. Just like in the email address and password, here also the combination should be a Base-64 encoded string.
Format the authentication header as follows:
Authorization: Basic {base-64-encoded email_address/token:api_token}
Viewing Your Authorization Header
You can use third-party pages like Request Bin, to know exactly what is sent by the apps. Compare your headers and the ones generated by webhook using OAuth authentication.
To see this in action,
- You should point the webhook to your requestb.in URL.
- In the Add webhook page, click on the Test webhook button.

- When that hits requestb.in, it appears like the below image.

- After Authorization: Bearer, you can see a string. It is the API key provided in your account settings under Programmatic Access by the Request Bin.
- Then, you can decode the Base 64 format online by using websites like base64decode.

In case you are making requests using Python, then set the session header as below:
session = requests.Session()
session.headers = {‘Content-Type’: ‘application/json’, ‘Authorization’: ‘Basic Basic_64_encoded_code’}
Also, learn about Zendesk ticket API, Request API, and Zendesk support API which is also known as Ticketing API from here!
Why Zendesk Is Not Best For Using API Tokens
1) Never Displays the Entire Token
Once you save the token after its creation and exit the window, it never again shows the entire token even for the administrator. Whenever you reopen it to check the token, it only displays a shortened version of it.
2) Accessing Tokens
Non-admin level users are not allowed, only administrators can perform operations on API tokens of Zendesk.
That means, as long as your role in Zendesk software is admin, you can handle tokens.
3) Token Security
Remember that Zendesk does not validate a specific user or token or what permissions a token has. That is because they are meant to provide quick admin-level authorization.
So, if a Zendesk user replaces their own email with the admin email address, then they become an administrator instead of a designated one.
Moreover, an API token provides the scope, not the user, so it does not require any specific email address to utilize it.
Also, read – How to Merge Tickets in Zendesk
Saufter: AI-Powered Customer Engagement
Saufter.io integrates advanced AI technology to optimize customer engagement and marketing workflows. From real-time issue tracking to automated campaigns, it’s built to simplify and enhance your processes while providing powerful insights.
Key Features:
- Smart Campaigns: AI handles personalized campaigns, saving time and boosting impact.
- Creative Marketing Tips: Get weekly AI-suggested campaigns tailored to your audience.
- Proactive Issue Alerts: Spot and resolve customer issues promptly.
- Analytics on Demand: Real-time reporting keeps you data-driven.
- Customer Journey Insights: AI monitors the customer lifecycle for actionable trends.
- SEO Smarts: AI suggests trending content to improve your search ranking.
- Automated Marketing: Achieve more with less effort through AI-driven marketing tools.
Final Words
Follow the mentioned steps to create an API token in Zendesk and make sure to store it securely. Also, authenticate API requests through the ways provided in the Zendesk API authentication.
We hope that the benefits and disadvantages of API tokens are helpful to you.
And, in case you want to offer better customer services including self-help to your users, and improve your business by utilizing automation, marketing, integration, and other tools then use Saufter.