Zendesk
Zendesk is a comprehensive customer service platform that provides ticketing, messaging, live chat, and help center solutions for customer support teams. With Zendesk Support, teams can manage customer inquiries across multiple channels, track ticket resolution, collaborate with internal notes, automate workflows with triggers and macros, and gain insights into support performance. It's designed to help support teams deliver exceptional customer experiences at scale.
Authentication Types
Zendesk supports 2 authentication methods:
-
OAuth - Secure, app-based authentication with granular permission control through scopes.
- Pros: Most secure, scope-based permissions, token expiration/refresh, user-specific access, production-ready, supports CORS for client-side requests
- Cons: More complex setup, requires creating OAuth client in Zendesk Admin Center
- Best for: Organizations with compliance requirements, production deployments, applications with multiple users, integrations requiring specific permission scopes
-
API Token - Simple, personal API token for quick integration.
- Pros: Very simple setup, works immediately, no app registration needed, straightforward for single users
- Cons: Basic authentication (being phased out by Zendesk), no scope limitations, one token per user, less secure for shared environments
- Best for: Personal use, testing, quick prototypes, single-user scenarios, simple automations
General Settings
Before using the connector, you need to configure:
- Zendesk Subdomain - Your Zendesk subdomain (e.g., if your Zendesk URL is
https://mycompany.zendesk.com, entermycompany)
You can find your subdomain in your Zendesk URL. It's the part before .zendesk.com. For example:
- URL:
https://acmecorp.zendesk.com→ Subdomain:acmecorp - URL:
https://support-team.zendesk.com→ Subdomain:support-team
Setting up OAuth
To use Zendesk with OAuth, you need to create an OAuth client in your Zendesk Admin Center.
1. Access Admin Center
-
Log in to your Zendesk account as an administrator
-
Go to Admin Center
2. Navigate to OAuth Clients
-
In the Admin Center, go to Apps and integrations in the left sidebar
-
Click on APIs
-
Select the OAuth Clients tab
3. Create a New OAuth Client
-
Click Add OAuth client button
-
Fill in the required fields:
- Name - A descriptive name for your OAuth client
- Description - Details about what this client will be used for
- Company - Your company name
- Identifier - This will be used as the client ID in Webrix
- Client kind - Select Public
- Redirect URLs - Add the callback URL provided from Webrix
tipThe redirect URL must exactly match what's provided by Webrix. Include the protocol (https://) and any trailing slashes.
-
Click Save
-
Copy the generated Secret - you'll need this for Webrix configuration
warningThe secret is shown only once. Copy it now and store it securely. If you lose it, you'll need to generate a new secret.
4. Configure in Webrix
-
In Webrix, create a new Zendesk MCP Server
-
Under General Settings, enter your Zendesk Subdomain (e.g.,
mycompany) -
Under Authentication Type, select OAuth
-
Paste your Client ID (Identifier)
-
Paste your Client Secret
-
Configure Scopes
read- Read access to all resources (tickets, users, organizations, etc.)write- Write access to all resourcestickets:read- Read tickets onlytickets:write- Create and modify ticketsusers:read- Read user informationusers:write- Create and modify usersorganizations:read- Read organization informationorganizations:write- Create and modify organizationshc:read- Read Help Center contenthc:write- Modify Help Center content
tipStart with broader scopes like
readandwritefor full functionality. You can refine to specific scopes liketickets:readfor more restricted access. -
Click Save Changes
Setting up API Token
API Token authentication is simpler but provides broader access. Use this for personal testing or single-user scenarios.
1. Generate an API Token
-
Log in to your Zendesk account
-
Click on the Products icon in the sidebar (four squares icon)
-
Select Admin Center
-
Go to Apps and integrations → APIs → Zendesk API
-
In the Settings tab, ensure Token Access is enabled
-
Click the Add API token button (+ symbol)
-
Enter a description for the token (e.g., "Webrix Integration" or "AI Assistant")
tipUse descriptive names so you can identify tokens later. You can have up to 256 active tokens per account.
-
Copy the generated API token immediately
warningThe token is shown only once. Copy it now and store it securely. If you lose it, you'll need to generate a new token. You cannot retrieve an existing token.
-
Click Save
2. Find Your Email Address
You'll need your Zendesk email address for API Token authentication:
-
Click on your profile icon in the top right corner
-
Your email address is displayed under your name
-
Copy this email address
3. Configure in Your Integration Platform
-
In your integration platform, create a new Zendesk connection
-
Under General Settings, enter your Zendesk Subdomain (e.g.,
mycompany) -
Under Authentication Type, select API Token or API Key
-
Enter your Email Address (the one associated with your Zendesk account)
-
Paste your API Token in the token field
-
Click Save or Connect
4. Test the Connection
-
After saving, test the connection
-
If successful, you should be able to access your Zendesk data
API Token authentication uses the format {email}/token:{api_token} which is automatically base64-encoded in the Authorization header as Basic authentication.
Troubleshooting
Invalid Subdomain
Cause: The subdomain entered doesn't match your Zendesk account.
Solution:
- Check your Zendesk URL in the browser
- Ensure you're entering only the subdomain part (e.g.,
mycompany, notmycompany.zendesk.com) - Subdomain is case-sensitive in some cases - use the exact casing from your URL
OAuth Authorization Failed
Cause: Redirect URL mismatch or client credentials are incorrect.
Solution:
- Verify the redirect URL in your OAuth client settings exactly matches what your integration platform provides
- Check that your Client ID and Secret are correct
- Ensure the OAuth client is active in Zendesk Admin Center
- Try generating a new Client Secret if the current one isn't working
Insufficient Permissions / 403 Forbidden
Cause: The authenticated user doesn't have permission to perform the requested action, or required scopes are missing.
Solution:
For OAuth:
- Review the scopes selected in your OAuth client configuration
- Ensure you have
readandwritescopes, or specific scopes liketickets:writefor the resources you're accessing - Re-authorize the connection after updating scopes
For API Token:
- Verify that the user associated with the API token has the necessary role (agent or admin) to perform the action
- Check that the user has access to the specific tickets, users, or organizations you're trying to access
- Confirm that Token Access is enabled in Admin Center → Apps and integrations → APIs → Zendesk API
Rate Limiting / 429 Too Many Requests
Cause: You've exceeded Zendesk's API rate limits.
Solution:
- Zendesk limits API requests per minute based on your plan
- Implement exponential backoff - wait before retrying
- Reduce the frequency of API calls
- Use bulk endpoints where available
- Check the
Retry-Afterheader in the 429 response for how long to wait - Consider upgrading your Zendesk plan for higher rate limits
Cannot Modify Tags on Closed Tickets
Cause: The Tags API endpoint doesn't allow modifications to closed tickets.
Solution:
- Use the "Update Ticket" tool instead, which can modify tags on closed tickets
- Alternatively, reopen the ticket, modify tags, then close it again
- This is a Zendesk API limitation documented in their API reference
API Token Not Working
Cause: Token is expired, deleted, or Token Access is disabled.
Solution:
- Go to Admin Center → Apps and integrations → APIs → Zendesk API
- Verify that Token Access is enabled in Settings
- Check that your token appears in the Active API Tokens list
- If the token was deleted, generate a new one
- Ensure you're using the correct email address with the token
- Verify the email/token format:
[email protected]/token:your_token_here
OAuth Scopes Changed / Need More Permissions
Cause: Application needs additional permissions not originally requested.
Solution:
- Go to Admin Center → Apps and integrations → APIs → OAuth Clients
- Select your OAuth client
- Add the required scopes in the Scopes section
- Click Save
- In your integration platform, disconnect and reconnect to re-authorize with new scopes
- Users will need to re-authorize the application to grant the new permissions
Best Practices
Security
- OAuth over API Token: Use OAuth for production applications as it provides better security through scopes and token expiration
- Least Privilege: Only request the scopes you actually need (e.g., use
tickets:readinstead ofreadif you only need ticket access) - Token Rotation: Regularly rotate API tokens, especially if they're shared or exposed
- Secure Storage: Never commit API tokens or OAuth secrets to version control
Performance
- Cursor Pagination: Use cursor-based pagination instead of offset pagination for better performance with large datasets
- Rate Limits: Be aware of rate limits and implement retry logic with exponential backoff
- Batch Operations: Use bulk endpoints when creating or updating multiple resources
- Incremental Exports: For large data syncs, use the Incremental Ticket Export API instead of List Tickets
Data Management
- Search Wisely: The Search API is powerful but limited to 1,000 results - use specific filters to narrow results
- Comment Limits: Tickets can have a maximum of 5,000 comments - plan accordingly for high-volume tickets
- Custom Fields: Leverage custom fields for organization-specific data rather than workarounds
- Tags for Organization: Use consistent tagging conventions for easy filtering and automation