Skip to content

Zendesk API Key

Service Name: Zendesk

Service Description: Zendesk is a customer service software company that provides a cloud-based help desk management solution. It offers tools for customer support, ticketing systems, and knowledge base management to improve customer relationships.

Service Address: https://www.zendesk.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level in Zendesk Admin Center under Security settings.

Secret Access Scope: Grants programmatic access to Zendesk APIs, allowing management of tickets, users, organizations, and other Zendesk resources.

Secret Revokement URL: https://support.zendesk.com/hc/en-us/articles/4408889192858-Managing-API-tokens

Secret Example: 1abc2def3ghi4jkl5mno6pqr7stu8vwx

Suspicious Activity Investigation Instructions:

  • Review Zendesk audit logs for unusual API calls or access patterns
  • Check for unauthorized ticket creation, modification, or deletion
  • Monitor for unexpected data exports or bulk operations
  • Verify if there are any new integrations or applications connected to your Zendesk account
  • Look for unusual login locations or times associated with API usage

Mitigation Instructions:

  • Log in to your Zendesk Admin Center

  • Navigate to the Admin Center > Apps and integrations > APIs > Zendesk API

  • Find the compromised API token in the list
  • Click the delete (trash can) icon next to the token
  • Confirm deletion when prompted
  • Create a new API token with appropriate permissions if needed
  • Update any legitimate applications that were using the old token
  • Review and adjust API access permissions for all remaining tokens