Custom Object Permissions
Custom object permissions provide fine-grained access control for custom object records. For end users and agents in custom roles, admins can define which actions are allowed. Those permissions can either apply to all of an objects' records or be restricted by access rules, which specify conditions a record must meet in order to be available to a role.
Permission Policies
Permission policies define what actions (create, read, update, delete) different roles can perform on custom object records. Each policy is associated with either a custom role or the end-user system role.
Access Rules
Access rules are a collection of condition statements that define which records a role can access. Access rules are defined within a custom object and are built using field-based conditions with operators such as "is", "greater than", and "includes". You can combine multiple conditions using AND (all) or OR (any) logic.
Access rules can be referenced by permission policies to provide granular control. For example, a role might have update permissions only for records that match specific criteria defined in an access rule.
Permission Requirements
- If any write action (create, update, delete) is allowed, the read action must also be allowed
- If a write action has full access (no rule_id specified), the read action must also have full access
- Only admins can manage permission policies and access rules
Available Field Types for Access Rules
Access rules support various field types and operators:
- Text/multiline/regex fields:
is,is_not,present - Date fields:
is,is_not,greater_than,less_than,greater_than_equal,less_than_equal,present - Number/Decimal fields:
is,is_not,greater_than,less_than,greater_than_equal,less_than_equal,present - Dropdown fields:
is,is_not,present - Multi-select fields:
includes,not_includes,present - Lookup fields:
is,is_not,matches,present - System fields: Special operators like
matchesforcreated_by_userwith the dynamic valuecurrent_user
List Permission Policies
GET /api/v2/custom_objects/{custom_object_key}/permission_policies
Returns a list of permission policies for a custom object. Permission policies define what actions (create, read, update, delete) different roles can perform on custom object records.
Allowed For
- Admins
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
| custom_object_key | string | Path | true | The key of a custom object |
Code Samples
Curl
curl --request GET https://example.zendesk.com/api/v2/custom_objects/car/permission_policies \--header "Content-Type: application/json" \-u {email_address}/token:{api_token}
Go
import ("fmt""io""net/http")func main() {url := "https://example.zendesk.com/api/v2/custom_objects/car/permission_policies"method := "GET"req, err := http.NewRequest(method, url, nil)if err != nil {fmt.Println(err)return}req.Header.Add("Content-Type", "application/json")req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "{email_address}/token:{api_token}"client := &http.Client {}res, err := client.Do(req)if err != nil {fmt.Println(err)return}defer res.Body.Close()body, err := io.ReadAll(res.Body)if err != nil {fmt.Println(err)return}fmt.Println(string(body))}
Java
import com.squareup.okhttp.*;OkHttpClient client = new OkHttpClient();HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/custom_objects/car/permission_policies").newBuilder();String userCredentials = "your_email_address" + "/token:" + "your_api_token";String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(userCredentials.getBytes());Request request = new Request.Builder().url(urlBuilder.build()).method("GET", null).addHeader("Content-Type", "application/json").addHeader("Authorization", basicAuth).build();Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');var config = {method: 'GET',url: 'https://example.zendesk.com/api/v2/custom_objects/car/permission_policies',headers: {'Content-Type': 'application/json','Authorization': 'Basic <auth-value>', // Base64 encoded "{email_address}/token:{api_token}"},};axios(config).then(function (response) {console.log(JSON.stringify(response.data));}).catch(function (error) {console.log(error);});
Python
import requestsfrom requests.auth import HTTPBasicAuthurl = "https://example.zendesk.com/api/v2/custom_objects/car/permission_policies"headers = {"Content-Type": "application/json",}email_address = 'your_email_address'api_token = 'your_api_token'# Use basic authenticationauth = HTTPBasicAuth(f'{email_address}/token', api_token)response = requests.request("GET",url,auth=auth,headers=headers)print(response.text)
Ruby
require "net/http"require "base64"uri = URI("https://example.zendesk.com/api/v2/custom_objects/car/permission_policies")request = Net::HTTP::Get.new(uri, "Content-Type": "application/json")email = "your_email_address"api_token = "your_api_token"credentials = "#{email}/token:#{api_token}"encoded_credentials = Base64.strict_encode64(credentials)request["Authorization"] = "Basic #{encoded_credentials}"response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|http.request(request)end
curl - List permission policies
curl https://{subdomain}.zendesk.com/api/v2/custom_objects/{custom_object_key}/permission_policies.json \-v -u {email_address}/token:{api_token}
Example response(s)
200 OK
// Status 200 OK{"policies": [{"id": "custom-role-6678128886399","records": {"create": {"allowed": false,"rule_id": null},"delete": {"allowed": true,"rule_id": 6862342718335},"read": {"allowed": true,"rule_id": 6862342718335},"update": {"allowed": true,"rule_id": 6862342718335}},"role_name": "Custom Role"},{"id": "end-user","records": {"create": {"allowed": true,"rule_id": null},"delete": {"allowed": false,"rule_id": null},"read": {"allowed": true,"rule_id": null},"update": {"allowed": false,"rule_id": null}},"role_name": "End User"}]}
Show Permission Policy
GET /api/v2/custom_objects/{custom_object_key}/permission_policies/{id}
Returns a permission policy for a specific role on a custom object. The policy ID can be:
custom-role-{custom_role_id}for custom rolesend-userfor the end user system role
Allowed For
- Admins
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
| custom_object_key | string | Path | true | The key of a custom object |
| id | string | Path | true | The permission policy ID. Use custom-role-{custom_role_id} for custom roles or end-user for the end user system role. |
Code Samples
Curl
curl --request GET https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399 \--header "Content-Type: application/json" \-u {email_address}/token:{api_token}
Go
import ("fmt""io""net/http")func main() {url := "https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399"method := "GET"req, err := http.NewRequest(method, url, nil)if err != nil {fmt.Println(err)return}req.Header.Add("Content-Type", "application/json")req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "{email_address}/token:{api_token}"client := &http.Client {}res, err := client.Do(req)if err != nil {fmt.Println(err)return}defer res.Body.Close()body, err := io.ReadAll(res.Body)if err != nil {fmt.Println(err)return}fmt.Println(string(body))}
Java
import com.squareup.okhttp.*;OkHttpClient client = new OkHttpClient();HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399").newBuilder();String userCredentials = "your_email_address" + "/token:" + "your_api_token";String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(userCredentials.getBytes());Request request = new Request.Builder().url(urlBuilder.build()).method("GET", null).addHeader("Content-Type", "application/json").addHeader("Authorization", basicAuth).build();Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');var config = {method: 'GET',url: 'https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399',headers: {'Content-Type': 'application/json','Authorization': 'Basic <auth-value>', // Base64 encoded "{email_address}/token:{api_token}"},};axios(config).then(function (response) {console.log(JSON.stringify(response.data));}).catch(function (error) {console.log(error);});
Python
import requestsfrom requests.auth import HTTPBasicAuthurl = "https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399"headers = {"Content-Type": "application/json",}email_address = 'your_email_address'api_token = 'your_api_token'# Use basic authenticationauth = HTTPBasicAuth(f'{email_address}/token', api_token)response = requests.request("GET",url,auth=auth,headers=headers)print(response.text)
Ruby
require "net/http"require "base64"uri = URI("https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399")request = Net::HTTP::Get.new(uri, "Content-Type": "application/json")email = "your_email_address"api_token = "your_api_token"credentials = "#{email}/token:#{api_token}"encoded_credentials = Base64.strict_encode64(credentials)request["Authorization"] = "Basic #{encoded_credentials}"response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|http.request(request)end
curl - Show permission policy
curl https://{subdomain}.zendesk.com/api/v2/custom_objects/{custom_object_key}/permission_policies/{id}.json \-v -u {email_address}/token:{api_token}
Example response(s)
200 OK
// Status 200 OK{"policy": {"id": "custom-role-6678128886399","records": {"create": {"allowed": false,"rule_id": null},"delete": {"allowed": false,"rule_id": null},"read": {"allowed": true,"rule_id": 6862342718335},"update": {"allowed": true,"rule_id": 6862342718335}},"role_name": "Custom Role"}}
Update Permission Policy
PATCH /api/v2/custom_objects/{custom_object_key}/permission_policies/{id}
Updates a permission policy for a specific role on a custom object. Define what actions (create, read, update, delete) the role can perform and optionally specify access rules.
Allowed For
- Admins
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
| custom_object_key | string | Path | true | The key of a custom object |
| id | string | Path | true | The permission policy ID. Use custom-role-{custom_role_id} for custom roles or end-user for the end user system role. |
Example body
{"policy": {"records": {"create": {"allowed": false,"rule_id": null},"delete": {"allowed": false,"rule_id": null},"read": {"allowed": true,"rule_id": 6862342718335},"update": {"allowed": true,"rule_id": 6862342718335}}}}
Code Samples
Curl
curl --request PATCH https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399 \--header "Content-Type: application/json" \-u {email_address}/token:{api_token} \--data-raw '{"policy": {"records": {"create": {"allowed": false,"rule_id": null},"delete": {"allowed": false,"rule_id": null},"read": {"allowed": true,"rule_id": 6862342718335},"update": {"allowed": true,"rule_id": 6862342718335}}}}'
Go
import ("fmt""io""net/http""strings")func main() {url := "https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399"method := "PATCH"payload := strings.NewReader(`{"policy": {"records": {"create": {"allowed": false,"rule_id": null},"delete": {"allowed": false,"rule_id": null},"read": {"allowed": true,"rule_id": 6862342718335},"update": {"allowed": true,"rule_id": 6862342718335}}}}`)req, err := http.NewRequest(method, url, payload)if err != nil {fmt.Println(err)return}req.Header.Add("Content-Type", "application/json")req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "{email_address}/token:{api_token}"client := &http.Client {}res, err := client.Do(req)if err != nil {fmt.Println(err)return}defer res.Body.Close()body, err := io.ReadAll(res.Body)if err != nil {fmt.Println(err)return}fmt.Println(string(body))}
Java
import com.squareup.okhttp.*;OkHttpClient client = new OkHttpClient();HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399").newBuilder();RequestBody body = RequestBody.create(MediaType.parse("application/json"),"""{\"policy\": {\"records\": {\"create\": {\"allowed\": false,\"rule_id\": null},\"delete\": {\"allowed\": false,\"rule_id\": null},\"read\": {\"allowed\": true,\"rule_id\": 6862342718335},\"update\": {\"allowed\": true,\"rule_id\": 6862342718335}}}}""");String userCredentials = "your_email_address" + "/token:" + "your_api_token";String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(userCredentials.getBytes());Request request = new Request.Builder().url(urlBuilder.build()).method("PATCH", body).addHeader("Content-Type", "application/json").addHeader("Authorization", basicAuth).build();Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');var data = JSON.stringify({"policy": {"records": {"create": {"allowed": false,"rule_id": null},"delete": {"allowed": false,"rule_id": null},"read": {"allowed": true,"rule_id": 6862342718335},"update": {"allowed": true,"rule_id": 6862342718335}}}});var config = {method: 'PATCH',url: 'https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399',headers: {'Content-Type': 'application/json','Authorization': 'Basic <auth-value>', // Base64 encoded "{email_address}/token:{api_token}"},data : data,};axios(config).then(function (response) {console.log(JSON.stringify(response.data));}).catch(function (error) {console.log(error);});
Python
import requestsimport jsonfrom requests.auth import HTTPBasicAuthurl = "https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399"payload = json.loads("""{"policy": {"records": {"create": {"allowed": false,"rule_id": null},"delete": {"allowed": false,"rule_id": null},"read": {"allowed": true,"rule_id": 6862342718335},"update": {"allowed": true,"rule_id": 6862342718335}}}}""")headers = {"Content-Type": "application/json",}email_address = 'your_email_address'api_token = 'your_api_token'# Use basic authenticationauth = HTTPBasicAuth(f'{email_address}/token', api_token)response = requests.request("PATCH",url,auth=auth,headers=headers,json=payload)print(response.text)
Ruby
require "net/http"require "base64"uri = URI("https://example.zendesk.com/api/v2/custom_objects/car/permission_policies/custom-role-6678128886399")request = Net::HTTP::Patch.new(uri, "Content-Type": "application/json")request.body = %q({"policy": {"records": {"create": {"allowed": false,"rule_id": null},"delete": {"allowed": false,"rule_id": null},"read": {"allowed": true,"rule_id": 6862342718335},"update": {"allowed": true,"rule_id": 6862342718335}}}})email = "your_email_address"api_token = "your_api_token"credentials = "#{email}/token:#{api_token}"encoded_credentials = Base64.strict_encode64(credentials)request["Authorization"] = "Basic #{encoded_credentials}"response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|http.request(request)end
curl - Update permission policy
curl https://{subdomain}.zendesk.com/api/v2/custom_objects/{custom_object_key}/permission_policies/{id}.json \-d '{"policy": {"records": {"create": {"allowed": false, "rule_id": null}, "read": {"allowed": true, "rule_id": null}, "update": {"allowed": true, "rule_id": 6862342718335}, "delete": {"allowed": true, "rule_id": 6862342718335}}}}' \-H "Content-Type: application/json" -X PATCH \-v -u {email_address}/token:{api_token}
Example response(s)
200 OK
// Status 200 OK{"policy": {"id": "custom-role-6678128886399","records": {"create": {"allowed": false,"rule_id": null},"delete": {"allowed": false,"rule_id": null},"read": {"allowed": true,"rule_id": 6862342718335},"update": {"allowed": true,"rule_id": 6862342718335}},"role_name": "Custom Role"}}
List Access Rules
GET /api/v2/custom_objects/{custom_object_key}/access_rules
Returns a list of access rules for a custom object. Access rules define conditions that restrict which custom object records a role can access.
Allowed For
- Admins
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
| custom_object_key | string | Path | true | The key of a custom object |
Code Samples
Curl
curl --request GET https://example.zendesk.com/api/v2/custom_objects/car/access_rules \--header "Content-Type: application/json" \-u {email_address}/token:{api_token}
Go
import ("fmt""io""net/http")func main() {url := "https://example.zendesk.com/api/v2/custom_objects/car/access_rules"method := "GET"req, err := http.NewRequest(method, url, nil)if err != nil {fmt.Println(err)return}req.Header.Add("Content-Type", "application/json")req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "{email_address}/token:{api_token}"client := &http.Client {}res, err := client.Do(req)if err != nil {fmt.Println(err)return}defer res.Body.Close()body, err := io.ReadAll(res.Body)if err != nil {fmt.Println(err)return}fmt.Println(string(body))}
Java
import com.squareup.okhttp.*;OkHttpClient client = new OkHttpClient();HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/custom_objects/car/access_rules").newBuilder();String userCredentials = "your_email_address" + "/token:" + "your_api_token";String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(userCredentials.getBytes());Request request = new Request.Builder().url(urlBuilder.build()).method("GET", null).addHeader("Content-Type", "application/json").addHeader("Authorization", basicAuth).build();Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');var config = {method: 'GET',url: 'https://example.zendesk.com/api/v2/custom_objects/car/access_rules',headers: {'Content-Type': 'application/json','Authorization': 'Basic <auth-value>', // Base64 encoded "{email_address}/token:{api_token}"},};axios(config).then(function (response) {console.log(JSON.stringify(response.data));}).catch(function (error) {console.log(error);});
Python
import requestsfrom requests.auth import HTTPBasicAuthurl = "https://example.zendesk.com/api/v2/custom_objects/car/access_rules"headers = {"Content-Type": "application/json",}email_address = 'your_email_address'api_token = 'your_api_token'# Use basic authenticationauth = HTTPBasicAuth(f'{email_address}/token', api_token)response = requests.request("GET",url,auth=auth,headers=headers)print(response.text)
Ruby
require "net/http"require "base64"uri = URI("https://example.zendesk.com/api/v2/custom_objects/car/access_rules")request = Net::HTTP::Get.new(uri, "Content-Type": "application/json")email = "your_email_address"api_token = "your_api_token"credentials = "#{email}/token:#{api_token}"encoded_credentials = Base64.strict_encode64(credentials)request["Authorization"] = "Basic #{encoded_credentials}"response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|http.request(request)end
curl - List access rules
curl https://{subdomain}.zendesk.com/api/v2/custom_objects/{custom_object_key}/access_rules.json \-v -u {email_address}/token:{api_token}
Example response(s)
200 OK
// Status 200 OK{"access_rules": [{"conditions": {"all": [{"field": "created_by_user","operator": "matches","value": "current_user"}],"any": [{"field": "custom_object.order.custom_fields.status","operator": "is","value": "pending"}]},"created_at": "2025-09-17T10:15:30Z","description": "Access rule that limits access to orders created by the current user","id": 6862342718335,"title": "Orders Created by Current User","updated_at": "2025-09-17T14:30:45Z"}]}
Create Access Rule
POST /api/v2/custom_objects/{custom_object_key}/access_rules
Creates a new access rule for a custom object. Access rules define conditions that restrict which records a role can access based on field values or relationships.
Allowed For
- Admins
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
| custom_object_key | string | Path | true | The key of a custom object |
Example body
{"access_rule": {"conditions": {"all": [{"field": "created_by_user","operator": "matches","value": "current_user"}],"any": [{"field": "custom_object.order.custom_fields.status","operator": "is","value": "pending"}]},"description": "Access rule that limits access to orders created by the current user","title": "Orders Created by Current User"}}
Code Samples
Curl
curl --request POST https://example.zendesk.com/api/v2/custom_objects/car/access_rules \--header "Content-Type: application/json" \-u {email_address}/token:{api_token} \--data-raw '{"access_rule": {"conditions": {"all": [{"field": "created_by_user","operator": "matches","value": "current_user"}],"any": [{"field": "custom_object.order.custom_fields.status","operator": "is","value": "pending"}]},"description": "Access rule that limits access to orders created by the current user","title": "Orders Created by Current User"}}'
Go
import ("fmt""io""net/http""strings")func main() {url := "https://example.zendesk.com/api/v2/custom_objects/car/access_rules"method := "POST"payload := strings.NewReader(`{"access_rule": {"conditions": {"all": [{"field": "created_by_user","operator": "matches","value": "current_user"}],"any": [{"field": "custom_object.order.custom_fields.status","operator": "is","value": "pending"}]},"description": "Access rule that limits access to orders created by the current user","title": "Orders Created by Current User"}}`)req, err := http.NewRequest(method, url, payload)if err != nil {fmt.Println(err)return}req.Header.Add("Content-Type", "application/json")req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "{email_address}/token:{api_token}"client := &http.Client {}res, err := client.Do(req)if err != nil {fmt.Println(err)return}defer res.Body.Close()body, err := io.ReadAll(res.Body)if err != nil {fmt.Println(err)return}fmt.Println(string(body))}
Java
import com.squareup.okhttp.*;OkHttpClient client = new OkHttpClient();HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/custom_objects/car/access_rules").newBuilder();RequestBody body = RequestBody.create(MediaType.parse("application/json"),"""{\"access_rule\": {\"conditions\": {\"all\": [{\"field\": \"created_by_user\",\"operator\": \"matches\",\"value\": \"current_user\"}],\"any\": [{\"field\": \"custom_object.order.custom_fields.status\",\"operator\": \"is\",\"value\": \"pending\"}]},\"description\": \"Access rule that limits access to orders created by the current user\",\"title\": \"Orders Created by Current User\"}}""");String userCredentials = "your_email_address" + "/token:" + "your_api_token";String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(userCredentials.getBytes());Request request = new Request.Builder().url(urlBuilder.build()).method("POST", body).addHeader("Content-Type", "application/json").addHeader("Authorization", basicAuth).build();Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');var data = JSON.stringify({"access_rule": {"conditions": {"all": [{"field": "created_by_user","operator": "matches","value": "current_user"}],"any": [{"field": "custom_object.order.custom_fields.status","operator": "is","value": "pending"}]},"description": "Access rule that limits access to orders created by the current user","title": "Orders Created by Current User"}});var config = {method: 'POST',url: 'https://example.zendesk.com/api/v2/custom_objects/car/access_rules',headers: {'Content-Type': 'application/json','Authorization': 'Basic <auth-value>', // Base64 encoded "{email_address}/token:{api_token}"},data : data,};axios(config).then(function (response) {console.log(JSON.stringify(response.data));}).catch(function (error) {console.log(error);});
Python
import requestsimport jsonfrom requests.auth import HTTPBasicAuthurl = "https://example.zendesk.com/api/v2/custom_objects/car/access_rules"payload = json.loads("""{"access_rule": {"conditions": {"all": [{"field": "created_by_user","operator": "matches","value": "current_user"}],"any": [{"field": "custom_object.order.custom_fields.status","operator": "is","value": "pending"}]},"description": "Access rule that limits access to orders created by the current user","title": "Orders Created by Current User"}}""")headers = {"Content-Type": "application/json",}email_address = 'your_email_address'api_token = 'your_api_token'# Use basic authenticationauth = HTTPBasicAuth(f'{email_address}/token', api_token)response = requests.request("POST",url,auth=auth,headers=headers,json=payload)print(response.text)
Ruby
require "net/http"require "base64"uri = URI("https://example.zendesk.com/api/v2/custom_objects/car/access_rules")request = Net::HTTP::Post.new(uri, "Content-Type": "application/json")request.body = %q({"access_rule": {"conditions": {"all": [{"field": "created_by_user","operator": "matches","value": "current_user"}],"any": [{"field": "custom_object.order.custom_fields.status","operator": "is","value": "pending"}]},"description": "Access rule that limits access to orders created by the current user","title": "Orders Created by Current User"}})email = "your_email_address"api_token = "your_api_token"credentials = "#{email}/token:#{api_token}"encoded_credentials = Base64.strict_encode64(credentials)request["Authorization"] = "Basic #{encoded_credentials}"response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|http.request(request)end
curl - Create access rule
curl https://{subdomain}.zendesk.com/api/v2/custom_objects/{custom_object_key}/access_rules.json \-d '{"access_rule": {"title": "Orders Created by Current User", "description": "Access rule that limits access to orders created by the current user", "conditions": {"all": [{"field": "created_by_user", "operator": "matches", "value": "current_user"}]}}}' \-H "Content-Type: application/json" -X POST \-v -u {email_address}/token:{api_token}
Example response(s)
201 Created
// Status 201 Created{"access_rule": {"conditions": {"all": [{"field": "created_by_user","operator": "matches","value": "current_user"}],"any": [{"field": "custom_object.order.custom_fields.status","operator": "is","value": "pending"}]},"created_at": "2025-09-17T10:15:30Z","description": "Access rule that limits access to orders created by the current user","id": 6862342718335,"title": "Orders Created by Current User","updated_at": "2025-09-17T14:30:45Z"}}
Show Access Rule
GET /api/v2/custom_objects/{custom_object_key}/access_rules/{id}
Returns a specific access rule for a custom object.
Allowed For
- Admins
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
| custom_object_key | string | Path | true | The key of a custom object |
| id | string | Path | true | The access rule ID |
Code Samples
Curl
curl --request GET https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335 \--header "Content-Type: application/json" \-u {email_address}/token:{api_token}
Go
import ("fmt""io""net/http")func main() {url := "https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335"method := "GET"req, err := http.NewRequest(method, url, nil)if err != nil {fmt.Println(err)return}req.Header.Add("Content-Type", "application/json")req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "{email_address}/token:{api_token}"client := &http.Client {}res, err := client.Do(req)if err != nil {fmt.Println(err)return}defer res.Body.Close()body, err := io.ReadAll(res.Body)if err != nil {fmt.Println(err)return}fmt.Println(string(body))}
Java
import com.squareup.okhttp.*;OkHttpClient client = new OkHttpClient();HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335").newBuilder();String userCredentials = "your_email_address" + "/token:" + "your_api_token";String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(userCredentials.getBytes());Request request = new Request.Builder().url(urlBuilder.build()).method("GET", null).addHeader("Content-Type", "application/json").addHeader("Authorization", basicAuth).build();Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');var config = {method: 'GET',url: 'https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335',headers: {'Content-Type': 'application/json','Authorization': 'Basic <auth-value>', // Base64 encoded "{email_address}/token:{api_token}"},};axios(config).then(function (response) {console.log(JSON.stringify(response.data));}).catch(function (error) {console.log(error);});
Python
import requestsfrom requests.auth import HTTPBasicAuthurl = "https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335"headers = {"Content-Type": "application/json",}email_address = 'your_email_address'api_token = 'your_api_token'# Use basic authenticationauth = HTTPBasicAuth(f'{email_address}/token', api_token)response = requests.request("GET",url,auth=auth,headers=headers)print(response.text)
Ruby
require "net/http"require "base64"uri = URI("https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335")request = Net::HTTP::Get.new(uri, "Content-Type": "application/json")email = "your_email_address"api_token = "your_api_token"credentials = "#{email}/token:#{api_token}"encoded_credentials = Base64.strict_encode64(credentials)request["Authorization"] = "Basic #{encoded_credentials}"response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|http.request(request)end
curl - Show access rule
curl https://{subdomain}.zendesk.com/api/v2/custom_objects/{custom_object_key}/access_rules/{id}.json \-v -u {email_address}/token:{api_token}
Example response(s)
200 OK
// Status 200 OK{"access_rule": {"conditions": {"all": [{"field": "created_by_user","operator": "matches","value": "current_user"}],"any": [{"field": "custom_object.order.custom_fields.status","operator": "is","value": "pending"}]},"created_at": "2025-09-17T10:15:30Z","description": "Access rule that limits access to orders created by the current user","id": 6862342718335,"title": "Orders Created by Current User","updated_at": "2025-09-17T14:30:45Z"}}
Update Access Rule
PATCH /api/v2/custom_objects/{custom_object_key}/access_rules/{id}
Updates an existing access rule for a custom object.
Allowed For
- Admins
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
| custom_object_key | string | Path | true | The key of a custom object |
| id | string | Path | true | The access rule ID |
Example body
{"access_rule": {"conditions": {"all": [{"field": "custom_object.order.custom_fields.total_amount","operator": "greater_than","value": "1000"}]},"description": "Access rule for orders above a certain value","title": "High Value Orders"}}
Code Samples
Curl
curl --request PATCH https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335 \--header "Content-Type: application/json" \-u {email_address}/token:{api_token} \--data-raw '{"access_rule": {"conditions": {"all": [{"field": "custom_object.order.custom_fields.total_amount","operator": "greater_than","value": "1000"}]},"description": "Access rule for orders above a certain value","title": "High Value Orders"}}'
Go
import ("fmt""io""net/http""strings")func main() {url := "https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335"method := "PATCH"payload := strings.NewReader(`{"access_rule": {"conditions": {"all": [{"field": "custom_object.order.custom_fields.total_amount","operator": "greater_than","value": "1000"}]},"description": "Access rule for orders above a certain value","title": "High Value Orders"}}`)req, err := http.NewRequest(method, url, payload)if err != nil {fmt.Println(err)return}req.Header.Add("Content-Type", "application/json")req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "{email_address}/token:{api_token}"client := &http.Client {}res, err := client.Do(req)if err != nil {fmt.Println(err)return}defer res.Body.Close()body, err := io.ReadAll(res.Body)if err != nil {fmt.Println(err)return}fmt.Println(string(body))}
Java
import com.squareup.okhttp.*;OkHttpClient client = new OkHttpClient();HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335").newBuilder();RequestBody body = RequestBody.create(MediaType.parse("application/json"),"""{\"access_rule\": {\"conditions\": {\"all\": [{\"field\": \"custom_object.order.custom_fields.total_amount\",\"operator\": \"greater_than\",\"value\": \"1000\"}]},\"description\": \"Access rule for orders above a certain value\",\"title\": \"High Value Orders\"}}""");String userCredentials = "your_email_address" + "/token:" + "your_api_token";String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(userCredentials.getBytes());Request request = new Request.Builder().url(urlBuilder.build()).method("PATCH", body).addHeader("Content-Type", "application/json").addHeader("Authorization", basicAuth).build();Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');var data = JSON.stringify({"access_rule": {"conditions": {"all": [{"field": "custom_object.order.custom_fields.total_amount","operator": "greater_than","value": "1000"}]},"description": "Access rule for orders above a certain value","title": "High Value Orders"}});var config = {method: 'PATCH',url: 'https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335',headers: {'Content-Type': 'application/json','Authorization': 'Basic <auth-value>', // Base64 encoded "{email_address}/token:{api_token}"},data : data,};axios(config).then(function (response) {console.log(JSON.stringify(response.data));}).catch(function (error) {console.log(error);});
Python
import requestsimport jsonfrom requests.auth import HTTPBasicAuthurl = "https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335"payload = json.loads("""{"access_rule": {"conditions": {"all": [{"field": "custom_object.order.custom_fields.total_amount","operator": "greater_than","value": "1000"}]},"description": "Access rule for orders above a certain value","title": "High Value Orders"}}""")headers = {"Content-Type": "application/json",}email_address = 'your_email_address'api_token = 'your_api_token'# Use basic authenticationauth = HTTPBasicAuth(f'{email_address}/token', api_token)response = requests.request("PATCH",url,auth=auth,headers=headers,json=payload)print(response.text)
Ruby
require "net/http"require "base64"uri = URI("https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335")request = Net::HTTP::Patch.new(uri, "Content-Type": "application/json")request.body = %q({"access_rule": {"conditions": {"all": [{"field": "custom_object.order.custom_fields.total_amount","operator": "greater_than","value": "1000"}]},"description": "Access rule for orders above a certain value","title": "High Value Orders"}})email = "your_email_address"api_token = "your_api_token"credentials = "#{email}/token:#{api_token}"encoded_credentials = Base64.strict_encode64(credentials)request["Authorization"] = "Basic #{encoded_credentials}"response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|http.request(request)end
curl - Update access rule
curl https://{subdomain}.zendesk.com/api/v2/custom_objects/{custom_object_key}/access_rules/{id}.json \-d '{"access_rule": {"title": "High Value Orders", "description": "Access rule for orders above a certain value", "conditions": {"all": [{"field": "custom_object.order.custom_fields.total_amount", "operator": "greater_than", "value": "1000"}]}}}' \-H "Content-Type: application/json" -X PATCH \-v -u {email_address}/token:{api_token}
Example response(s)
200 OK
// Status 200 OK{"access_rule": {"conditions": {"all": [{"field": "created_by_user","operator": "matches","value": "current_user"}],"any": [{"field": "custom_object.order.custom_fields.status","operator": "is","value": "pending"}]},"created_at": "2025-09-17T10:15:30Z","description": "Access rule that limits access to orders created by the current user","id": 6862342718335,"title": "Orders Created by Current User","updated_at": "2025-09-17T14:30:45Z"}}
Delete Access Rule
DELETE /api/v2/custom_objects/{custom_object_key}/access_rules/{id}
Permanently deletes an access rule for a custom object.
Allowed For
- Admins
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
| custom_object_key | string | Path | true | The key of a custom object |
| id | string | Path | true | The access rule ID |
Code Samples
Curl
curl --request DELETE https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335 \--header "Content-Type: application/json" \-u {email_address}/token:{api_token}
Go
import ("fmt""io""net/http")func main() {url := "https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335"method := "DELETE"req, err := http.NewRequest(method, url, nil)if err != nil {fmt.Println(err)return}req.Header.Add("Content-Type", "application/json")req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "{email_address}/token:{api_token}"client := &http.Client {}res, err := client.Do(req)if err != nil {fmt.Println(err)return}defer res.Body.Close()body, err := io.ReadAll(res.Body)if err != nil {fmt.Println(err)return}fmt.Println(string(body))}
Java
import com.squareup.okhttp.*;OkHttpClient client = new OkHttpClient();HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335").newBuilder();String userCredentials = "your_email_address" + "/token:" + "your_api_token";String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(userCredentials.getBytes());Request request = new Request.Builder().url(urlBuilder.build()).method("DELETE", null).addHeader("Content-Type", "application/json").addHeader("Authorization", basicAuth).build();Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');var config = {method: 'DELETE',url: 'https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335',headers: {'Content-Type': 'application/json','Authorization': 'Basic <auth-value>', // Base64 encoded "{email_address}/token:{api_token}"},};axios(config).then(function (response) {console.log(JSON.stringify(response.data));}).catch(function (error) {console.log(error);});
Python
import requestsfrom requests.auth import HTTPBasicAuthurl = "https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335"headers = {"Content-Type": "application/json",}email_address = 'your_email_address'api_token = 'your_api_token'# Use basic authenticationauth = HTTPBasicAuth(f'{email_address}/token', api_token)response = requests.request("DELETE",url,auth=auth,headers=headers)print(response.text)
Ruby
require "net/http"require "base64"uri = URI("https://example.zendesk.com/api/v2/custom_objects/car/access_rules/6862342718335")request = Net::HTTP::Delete.new(uri, "Content-Type": "application/json")email = "your_email_address"api_token = "your_api_token"credentials = "#{email}/token:#{api_token}"encoded_credentials = Base64.strict_encode64(credentials)request["Authorization"] = "Basic #{encoded_credentials}"response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|http.request(request)end
curl - Delete access rule
curl https://{subdomain}.zendesk.com/api/v2/custom_objects/{custom_object_key}/access_rules/{id}.json \-X DELETE \-v -u {email_address}/token:{api_token}
Example response(s)
204 No Content
// Status 204 No Contentnull
List Access Rule Definitions
GET /api/v2/custom_objects/{custom_object_key}/access_rules/definitions
Returns the available field definitions and operators that can be used when creating access rules for a custom object. This endpoint helps you understand what fields are available for filtering and what operators can be applied to each field type.
Allowed For
- Admins
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
| custom_object_key | string | Path | true | The key of a custom object |
Code Samples
Curl
curl --request GET https://example.zendesk.com/api/v2/custom_objects/car/access_rules/definitions \--header "Content-Type: application/json" \-u {email_address}/token:{api_token}
Go
import ("fmt""io""net/http")func main() {url := "https://example.zendesk.com/api/v2/custom_objects/car/access_rules/definitions"method := "GET"req, err := http.NewRequest(method, url, nil)if err != nil {fmt.Println(err)return}req.Header.Add("Content-Type", "application/json")req.Header.Add("Authorization", "Basic <auth-value>") // Base64 encoded "{email_address}/token:{api_token}"client := &http.Client {}res, err := client.Do(req)if err != nil {fmt.Println(err)return}defer res.Body.Close()body, err := io.ReadAll(res.Body)if err != nil {fmt.Println(err)return}fmt.Println(string(body))}
Java
import com.squareup.okhttp.*;OkHttpClient client = new OkHttpClient();HttpUrl.Builder urlBuilder = HttpUrl.parse("https://example.zendesk.com/api/v2/custom_objects/car/access_rules/definitions").newBuilder();String userCredentials = "your_email_address" + "/token:" + "your_api_token";String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(userCredentials.getBytes());Request request = new Request.Builder().url(urlBuilder.build()).method("GET", null).addHeader("Content-Type", "application/json").addHeader("Authorization", basicAuth).build();Response response = client.newCall(request).execute();
Nodejs
var axios = require('axios');var config = {method: 'GET',url: 'https://example.zendesk.com/api/v2/custom_objects/car/access_rules/definitions',headers: {'Content-Type': 'application/json','Authorization': 'Basic <auth-value>', // Base64 encoded "{email_address}/token:{api_token}"},};axios(config).then(function (response) {console.log(JSON.stringify(response.data));}).catch(function (error) {console.log(error);});
Python
import requestsfrom requests.auth import HTTPBasicAuthurl = "https://example.zendesk.com/api/v2/custom_objects/car/access_rules/definitions"headers = {"Content-Type": "application/json",}email_address = 'your_email_address'api_token = 'your_api_token'# Use basic authenticationauth = HTTPBasicAuth(f'{email_address}/token', api_token)response = requests.request("GET",url,auth=auth,headers=headers)print(response.text)
Ruby
require "net/http"require "base64"uri = URI("https://example.zendesk.com/api/v2/custom_objects/car/access_rules/definitions")request = Net::HTTP::Get.new(uri, "Content-Type": "application/json")email = "your_email_address"api_token = "your_api_token"credentials = "#{email}/token:#{api_token}"encoded_credentials = Base64.strict_encode64(credentials)request["Authorization"] = "Basic #{encoded_credentials}"response = Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|http.request(request)end
curl - List access rule definitions
curl https://{subdomain}.zendesk.com/api/v2/custom_objects/{custom_object_key}/access_rules/definitions.json \-v -u {email_address}/token:{api_token}
Example response(s)
200 OK
// Status 200 OK{"definitions": {"conditions_all": [{"group": "custom_object","metadata": {"collection_key": "users","field_id": null,"item_key": "user","source": null,"url": "api/v2/users/autocomplete"},"nullable": false,"operators": [{"terminal": false,"title": "Is","value": "is"},{"terminal": false,"title": "Matches","value": "matches"}],"repeatable": false,"subject": "created_by_user","title": "Created By","type": "autocomplete","values": [{"dynamic": true,"enabled": true,"title": "(current user)","value": "current_user"}]},{"group": "custom_object","nullable": false,"operators": [{"terminal": false,"title": "Is","value": "is"},{"terminal": false,"title": "Is not","value": "is_not"}],"repeatable": false,"subject": "name","title": "Name","type": "text"},{"group": "custom_object","nullable": true,"operators": [{"terminal": false,"title": "Includes","value": "includes"},{"terminal": false,"title": "Does not include","value": "not_includes"},{"terminal": true,"title": "Present","value": "present"},{"terminal": true,"title": "Not present","value": "not_present"}],"repeatable": false,"subject": "custom_object.all_field_type_object.custom_fields.custom_multiselect","title": "custom_multiselect","type": "list","values": [{"enabled": true,"title": "111","value": "111"},{"enabled": true,"title": "222","value": "222"},{"enabled": true,"title": "333","value": "333"}]}],"conditions_any": [{"group": "custom_object","metadata": {"collection_key": "users","field_id": null,"item_key": "user","source": null,"url": "api/v2/users/autocomplete"},"nullable": false,"operators": [{"terminal": false,"title": "Is","value": "is"},{"terminal": false,"title": "Matches","value": "matches"}],"repeatable": false,"subject": "created_by_user","title": "Created By","type": "autocomplete","values": [{"dynamic": true,"enabled": true,"title": "(current user)","value": "current_user"}]},{"group": "custom_object","nullable": false,"operators": [{"terminal": false,"title": "Is","value": "is"},{"terminal": false,"title": "Is not","value": "is_not"}],"repeatable": false,"subject": "name","title": "Name","type": "text"}]}}