Skip to content

Zendesk OAuth Client Secret

Service Name: Zendesk

Service Description: Zendesk is a customer service software company that provides a cloud-based help desk management solution. It offers tools for customer support, knowledge base management, and customer engagement across multiple channels.

Service Address: https://www.zendesk.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Zendesk's security settings.

Secret Access Scope: Grants programmatic access to Zendesk APIs and resources, allowing applications to interact with Zendesk on behalf of users.

Secret Revokement URL: https://support.zendesk.com/hc/en-us/articles/4408828740378-Managing-OAuth-clients-in-the-Zendesk-Support-Admin-Center

Secret Example: 6a12bc345d67ef8g90h1i2j3k4l5m6n7

Suspicious Activity Investigation Instructions:

  • Review Zendesk audit logs for unusual API calls or access patterns
  • Check for unauthorized application integrations in your Zendesk admin console
  • Monitor for unexpected changes to tickets, users, or configurations
  • Examine API usage metrics for abnormal spikes in activity
  • Verify that OAuth client applications are legitimate and authorized

Mitigation Instructions:

  • Log in to your Zendesk Admin Center

  • Navigate to Apps and integrations > APIs > OAuth Clients

  • Locate the compromised OAuth client
  • Click "Delete" to revoke the client credentials
  • Create new OAuth client credentials if needed
  • Review and update application integration permissions
  • Consider implementing IP restrictions for API access
  • Enable two-factor authentication for all admin accounts
  • Audit all integrations and remove any that are no longer needed