I'm adding our softphone to Zendesk with the ZAF. The user logs in to our backend with their own personal credentials. This returns a login token which allows them to make and receive calls. However I don't know a good way to store the token, so every time the Zendesk page is refreshed, the user has to log in again.
Secure settings alone are not sufficient because the token is different between different users in an organization.
It should not be possible for other users to read the token. If the user logs out of Zendesk without logging out of the phone first, there should be no way to get the token except, perhaps, by logging in again with the same user.