If an agent or admin enables 2-factor authentication in their user profile, they'll no longer be able to use just their username and password to authenticate API requests . Alternatives include using an API token or implementing an OAuth authorization flow.
Using an API token
If an agent or admin has enabled 2-factor authentication, they can use an API token with their username, instead of a password, formatted as follows:
curl https://example.zendesk.com/api/v2/users.json -u email@example.com/token:6wiIBWbGkBMo1mRDMuVwsNkeUj95PIz2akv
You can obtain API tokens from the Zendesk Support admin interface at Admin > Channels > API .
Use API tokens in the following cases:
- All cURL examples in the API docs . See the example above
- Any internal scripts that rely on a username and password to make API requests
Implementing an OAuth authorization flow
Another option is to implement an OAuth authorization flow. Use OAuth in the following cases:
- Apps developed in-house that require per-user authentication
- Apps developed by any third-party app developers
See the following OAuth resources: