Current OAuth 2.0 authentication support for webhooks only works with non-expiring tokens, as there is no mediation between Zendesk and the authentication provider.
Only the Bearer Token itself can be configured when setting up OAuth 2.0 authentication, which means, out-of-the-box, OAuth 2.0 authentication does not support mechanisms such as client-credentials flow:
https://auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow
Support for OAuth 2.0 client-credentials grant type for webhook authentication
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Your observation is correct that Zendesk’s current OAuth 2.0 support for webhooks is limited to static, non-expiring Bearer tokens configured directly in the webhook setup. Because Zendesk does not mediate the OAuth flow or handle token refreshes, it does not natively support dynamic OAuth flows like the client credentials flow, which require obtaining and refreshing access tokens programmatically. This means that out-of-the-box, Zendesk webhooks cannot perform the full OAuth 2.0 client-credentials flow or other token exchange mechanisms that involve interacting with an authorization server beyond simply sending a static Bearer token.
To implement such flows, you would need an external intermediary (like a proxy service) to handle OAuth token management and then forward requests with valid tokens to Zendesk or your webhook destination.