API
Note
Anything involving the Zendesk API is classified as ad-hoc.Note
All Zendesk API tokens are admin level tokens. They are extremely dangerous and should only be issued when absolutely necessary.Token creation requests
Note
All token naming should be a link to the item the token was issued for.All requests for an API token should be done via a access request issue.
There are two exceptions to this:
- API tokens for Support Operations team members’ personal use
- API tokens for Support Operations scripts/automations/etc.
Once an access request is filed, the requester’s manager must approve the request.
After that has been done, the provisioner for the instance (traditionally a Fullstack Engineer, Customer Support Operations) will review the request.
During this review, we carefully review the business reasons and use-case of each request due to the significant access level that an API token provides.
If deemed acceptable, the Fullstack Engineer, Customer Support Operations will then create the API token. The name of the token in Zendesk should be a link to the access request.
The API token will then be DM’d in Slack to the requester.
See: Zendesk API Tokens
Integration requests
Note
These are significantly harder to revoke than API tokens. We should only ever create these via the Integration bot
for the instance:
Due to the security risk, we do not currently do integration requests for Zendesk US Government.
All requests for an integration token should be done via a access request issue.
Once an access request is filed, the requester’s manager must approve the request.
After that has been done, the provisioner for the instance (traditionally a Fullstack Engineer, Customer Support Operations) will review the request.
During this review, we carefully analyze the business reasons and use-case due to the significant access level that an API token provides. Integrations pose even higher risks and should be avoided whenever possible. While API tokens can be quickly and easily revoked, integrations cannot.
If deemed acceptable, the Fullstack Engineer, Customer Support Operations will then create the integration. The exact means for this are going to vary from integration to integration, but the key point is it will be done by logging in as the Integration bot
for the Zendesk instance.
See: Zendesk OAuth Applications
5438b3e5
)