Set up a global OAuth client

If you're developing an integration for Zendesk Support, you can use OAuth authentication to allow your integration to access a user's Zendesk Support account. If the integration is for only one Zendesk instance, you can create a single, subdomain-specific OAuth client in your Zendesk instance. This approach is described in Using OAuth authentication with your application.

However, the setup isn't as simple if you're developing an integration for more than one Zendesk instance. Fortunately, you can request a global OAuth client from Zendesk. A global OAuth client is a secure, cleaner way of using OAuth authentication with multiple Zendesk instances.

Note: We don't allow developers to create their own global OAuth clients for security reasons.

Do I need a global OAuth client?

Let's say you develop an internal app that pulls data from your company's Zendesk instance. Using a local OAuth client is an efficient solution because a Zendesk admin -- yourself or maybe a colleague -- can easily create the client in Zendesk.

Now suppose you work for a company that makes a CRM integration for multiple customers with their own Zendesk instances. You'd prefer not to ask your customers to manually create local OAuth clients in their Zendesk instances just to use your product. A global OAuth client is the solution.

Requesting a global OAuth client

  1. Develop your app using a local OAuth client in your Zendesk account. We use the local client to create the global client. After the app is finished and ready to use across multiple Zendesk accounts, submit your request as described below. Note: Make sure you note down the secret and the identifier before making your request. Otherwise you'll lose access to the client administration page after the local client is converted.
  2. Sign in to the Zendesk Developers portal and then select My Account from the menu on the upper-right corner.
  3. Click OAuth Client Globalization in the left navbar, then complete the request form. OAuth Page

If the request is approved, we'll convert your local OAuth client to a global OAuth client.

If your request is rejected, you can still implement OAuth in your integration using a local OAuth client. You'll need to have each of your customers create a local OAuth client and provide information about the OAuth client before they can connect your service to their Zendesk Support instance.

Frequently asked questions

Why do you need my subdomain even with a global client?

Unlike services like Twitter or Facebook that behave as global authentication systems, Zendesk maintains separate logins for each Zendesk account or subdomain. When a customer signs in, they're signing into a specific Zendesk subdomain. That carries over to OAuth. When a Zendesk account owner uses OAuth to authorize your service, they're authorizing the service for their subdomain. So we need to know the subdomain.

Why can't I edit my global client?

Zendesk must take control of the client to make it global. It can only be edited by our Platform Team. If you're having trouble with your global client, contact us for assistance.


Up next: Create assets