For OAuth authentication do the rate limits apply to the zendesk account that makes the API calls or Zendesk account that owns the data?

Hi George! I'll go through your questions one by one:

How does rate limiting apply in this scenario? The rate limits are applied to the third party  app Zendesk account or the Zendesk support account?

The rate limit is applied to the account that the app is installed in.

What authentication type is recommended for managing multiple Zendesk support accounts?

Global OAuth would be the most secure way of doing this.

If global OAuth is recommended, the process of obtaining it is slow?

It's difficult to say exactly how long a request will take, as it depends on the number of pending requests, time of week, etc. If a request is taking longer than you would expect, you can email platformteam@zendesk.com.

Thanks for your reply @Greg - Community Manager.
So to clarify this answer:

The rate limit is applied to the account that the app is installed in.

The rate limit will apply to the Zendesk account that granted permission to the third party app and not to the third party app Zendesk account, right? For more clarification, the OAuth token is not needed for Zendesk apps, but for an external service that is processing the data and serving it to a Zendesk support app (browser iframe). The Zendesk support app is not using the OAuth token.

Happy to clarify! Any request that is made to a specific account's API will be tied directly to that account. As an example:

Company A creates an app that updates the current ticket with a comment via "{{subdomain}}.zendesk.com/api/v2/tickets/{{ticket.id}}"

Company B installs that app

When the app runs in Company B's instance, that API call that is made to "companyb.zendesk.com/api/v2/tickets/{{ticket.id}}" and will count against only their rate limits.

Let me know if that helps!

Your answer clarified the problem. Thank you for your answers @Greg - Community Manager

Glad to help!