POST /api/v2/oauth/tokens
Returns an OAuth access token with a specified scope.
Refresh tokens aren't used. An access token doesn't expire but it can be revoked.
For a tutorial, see Creating and using OAuth tokens with the API.
Note: For OAuth authorization code, use the Create Token for Grant Type endpoint. The two APIs don't share the same path, JSON format, or request parameters. However, both APIs return access tokens that can be used to authenticate API requests.
Allowed For
- Admins
Request parameters
The POST request takes a "token" object that contains an OAuth client's resource id and scopes.
| Name | Type | Description |
|---|---|---|
| client_id | integer | The resource id of an OAuth client (not the client's unique identifier). For the ids, see List Clients |
| scopes | array | Valid scopes for the token. See Scopes below |
Scopes
The scopes parameter defines whether requests authenticated with the token can post, put, and delete data, or only get data.
Note: Don't confuse the scopes parameter (plural) with the scope parameter (singular) for grant-type tokens.
The scopes parameter is an array of strings, each specifying a resource name and an access setting. Access is either "read" or "write". If you don't specify a resource, access to all resources is assumed. If you don't specify the access, read and write access are assumed.
The syntax is as follows:
"scopes": [resource:scope, ...]
where resource is optional.
Examples
"scopes": ["read"]
"scopes": ["tickets:read"]
To give read and write access to a resource, specify both scopes:
"scopes": ["users:read", "users:write"]
To give write access only to one resource and read access to everything else:
"scopes": ["organizations:write", "read"]
Note: The endpoint returns an access token even if you specify an invalid scope. Any request you make with the token will return a "Forbidden" error.
Available scopes
read- gives access to GET endpoints. Includes permission to sideload related resourceswrite- gives access to POST, PUT, and DELETE endpointsimpersonate- allows Zendesk Support admins to make requests on behalf of end users. See Making API requests on behalf of end users
Resources that can be scoped
- tickets
- users
- auditlogs (read only)
- organizations
- hc
- apps
- triggers
- automations
- targets
- webhooks
- macros
- requests
- satisfaction_ratings
- dynamic_content
- any_channel (write only)
- web_widget (write only)
Servers
- https://{subdomain}.{domain}.com
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
client_id |
Integer | No |
The id of the OAuth client |
all |
Boolean | No |
A boolean that returns all OAuth tokens in the account. Requires admin role |
global_client_id |
Integer | No |
The id of the global OAuth client |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.