OAuth flow in Support App | Community
Skip to main content

OAuth flow in Support App

  • December 15, 2021
  • 3 replies
  • 0 views
Eran

Hey,

Quite new to the Zendesk ecosystem so it might be a foolish question, but I digged through the docs and couldn't figure it out...

We are developing an app that integrates to Zendesk, and then analyse and label tickets. From what I see, the Zendesk Support Apps (AKA the marketplace) is the more correct way to integrate to an external app (as it seems to be newer and better supported) and also allows for more Zendesk clients to find us. 

My question is whether it's possible to access the API offline with some sort of bearer token when using a marketplace app. We currently access the API using the OAuth flow but the the OAuth setup seems a bit incorrect for our use case

    3 replies

    E
    • Erica26
    • December 16, 2021
    Hi Eran,
     
    Thanks for posting your question to the community! It looks like you're wanting to build a server side app. With a server side app, you would be able to make requests to your external app and render that data in Zendesk Support. We have a walkthrough in our docs for getting started. You can take a look and see if this may best fit your use case. I'll link that [here](https://developer.zendesk.com/documentation/apps/build-an-app/building-a-server-side-app/part-1-core-concepts/).
     
    For authentication, typically with third party app developers we recommend OAuth because it eliminates the need for users/admins to manually supply their usernames and passwords and the need for third party apps to store them. You could also look into using API tokens. However, those are auto-generated by the user and would need to be supplied to you with their email address. 
     
    If you were having any specific issues or concerns with using OAuth, I would be more than happy to take a look and see how we can best fit your needs.
     
    Best, 
     
    Erica - Dev Support
    Eran
    • Eran
    • Author
    • December 19, 2021

    Hey Erica! Thank you very much for the time and effort you put into answering our question! I really appreciate it

    Regarding the server-side app, from my understanding it only lets us to access the data when the user is in the app and not (for example) access incoming ticket without the user going into the app. I think (and please correct me if I'm wrong) that OAuth with Bearer Token (which is different from API token) is the intended way to access data assuming we want to access the data even when the user is offline

    TBH, I think the separation between apps and OAuth client it non-trivial and not required, and I would recommend you would look into Shopify's apps ecosystem for reference

    Thanks again, Eran

    E
    • Erica26
    • December 23, 2021
    You're welcome Eran!
     
    With a server side app, so long as you have OAuth setup (to get the proper authentication/access) then you can make requests to the Zendesk account. For your specific use case, (and so long as you're not trying to display any data specifically in a Zendesk instance) you may want to look into a the Background app location. If you did want to display any data and have a some sort of visible UI in Zendesk then I would recommend the Top Bar app location. The location is important just in terms of what data is available for you to access.
     
    OAuth just allows for a more secure way to gain authentication since it doesn't require you to store physical user credentials on your end. Here's some more [info](https://developer.zendesk.com/documentation/apps/working-with-data/sending-data-to-an-external-application/) regarding sending data to an external app. We also have [info](https://developer.zendesk.com/documentation/apps/working-with-data/getting-data-from-an-external-application/) regarding receiving data from an external app. These should hopefully explain better how you can achieve authentication to receive and send data with your external app and Zendesk.
     
    Hope this helps!
     
    Erica - Dev Support
    Terms & ConditionsCookie settingsAccessibility statement