Set up a global OAuth client

If you distribute a public app or an integration app to multiple Zendesk customers, you must use global OAuth tokens to authenticate requests. You may not use regular API tokens or OAuth tokens because the Zendesk Developer Terms prohibits Zendesk customers from sharing their API credentials with you.

This requirement doesn't apply if you're developing applications or integrations for internal use.

You must request a global OAuth client from Zendesk to create global OAuth tokens. For security reasons, Zendesk doesn't allow developers to create their own global OAuth clients.

Requesting a global OAuth client

To request a global OAuth client

  1. Develop your app using a local OAuth client in your Zendesk account. For more information, see Using OAuth authentication with your application. Ensure your Unique Identifier is prefixed with the string "zdg-". For example, "zdg-global-unique-identifier". Make sure all fields are filled out on the local client (even the one's labeled "optional") as they are required for global clients.

  2. When your app is finished and ready to use across multiple Zendesk accounts, submit your request as described below.

    Note: Make sure you note down the secret and the identifier before making your request. You will lose access to the client administration page after the local client is converted to a global client.

  3. Sign in to the Zendesk Marketplace portal, and select Organization from the menu on the left side. Then navigate to the Global OAuth Request tab.

  4. Complete the request form. Ensure the subdomain includes the prefix "d3v-". We will not accept submissions from non-d3v- accounts. Note: The "d3v-" and the "zdg-" are prefilled in the form. Make sure the values are properly created on the local OAuth client in your sponsored account and that your sponsored account has the proper account prefix as well.

    To request a sponsored developer account, see Getting a trial or sponsored account for development

  5. Done! You'll receive an email and a ticket reference with updates on your submission. Please add "[email protected]" to your contact list to ensure you receive e-mail communications from us regarding your submission.

If the request is approved, Zendesk converts your local OAuth client to a global OAuth client.

If your request is rejected, you can still implement OAuth in your integration using a local OAuth client. Before your customers can connect your service to their Zendesk Support instance, they will need to each create a local OAuth client and provide information about the OAuth client.

Frequently asked questions

Why do you need my subdomain even with a global client?

Unlike services like X (formerly Twitter) or Facebook that behave as global authentication systems, Zendesk maintains separate logins for each Zendesk account or subdomain. When a customer signs in, they're signing into a specific Zendesk subdomain which carries over to OAuth. When a Zendesk account owner uses OAuth to authorize your service, they're authorizing the service for their subdomain. So we need to know your subdomain.

Why can't I edit my global client?

Zendesk must take control of the client to make it global. It can only be edited by our Marketplace Operations Team. If you are having trouble with your global client, reach out to Zendesk Support by following the instructions here and using "Option 2". Be sure to mention "global oauth" when you describe your issue to the bot and include the client_id as well as the changes you need made.

Can I use my global OAuth client for my bot?

You will need to request a separate OAuth token when creating a bot. You cannot use a Zendesk Support global OAuth for building a bot using Sunshine Conversations.

Does this global OAuth client work with Zendesk Sell?

No, these instructions only apply for Zendesk Support and Chat (Agent Workspace enabled) accounts. For Zendesk Sell, you will need to register a Multi-User Application as part of the authentication flow.


Next steps: Create assets