Building a server-side app - Bonus part: Secure the app

Have more questions? Submit a request


  • Benoit Mansoux
    Comment actions Permalink

    I guess the correct URL for the audience is :


    instead of:


    installation_id can be found via 


    which lists all apps installed in your zendesk instance, with each installation formatted in JSON like this:

    "settings":{"name": ...,"title": ...},
    "updated": ...,
  • Zhang Mr
    Comment actions Permalink

    Is there any java example to realize the validity of the token returned by zendesk.

  • Greg - Community Manager
    Comment actions Permalink

    Hi there! We do have some examples in this repo, however a lot of these are outdated, so it may not be the best option. I did find this repo available from auth0, hopefully that works for you!

  • Dev
    Comment actions Permalink

    The public key endpoint must be accessed either through API token or OAuth. So, you will get "forbidden" error when you try

    curl https://{subdomain}{id}/public_key.pem \
    -u {email_address}:{password}

    Go to Admin->API, turn on Token Access and generate a token. Then try

    curl -u {email_address}/token:{api_token} https://{subdomain}{id}/public_key.pem


Please sign in to leave a comment.

Powered by Zendesk