Using the API with 2-factor authentication enabled
If an agent or admin enables 2-factor authentication in their user profile, they'll no longer be able to use just their username and password to authenticate API requests . Alternatives include using an API token or implementing an OAuth authorization flow.
Using an API token
If an agent or admin has enabled 2-factor authentication, they can use an API token with their username, instead of a password, formatted as follows:
{email_address}/token:{api_token}
Example:
curl https://example.zendesk.com/api/v2/users.json
-u [email protected].com/token:6wiIBWbGkBMo1mRDMuVwsNkeUj95PIz2akv
You can obtain API tokens from the Admin Center interface at Apps and integrations > APIs > Zendesk API.
Use API tokens in the following cases:
- All curl examples in the API docs . See the example above
- Any internal scripts that rely on a username and password to make API requests
Implementing an OAuth authorization flow
Another option is to implement an OAuth authorization flow. Use OAuth in the following cases:
- Apps developed in-house that require per-user authentication
- Apps developed by any third-party app developers
See the following OAuth resources: