What is the use of csrf token in api.
I was checking this link https://support.zendesk.com/hc/en-us/community/posts/4408861009434-How-to-get-CSRF-token-for-API-requests-in-Help-Center
I got an doubts what if we can get that csrf token. Whether this token is used as Zendesk api key. To retrieve any information? Is this token is sensitive?
Hi Eric,
there is one website of my client where thue endpoint api/v2/users/me.json was giving some tokens instead of 403.
So my question was the disclosing of this token is a sensitive information? Is this the intended behavior?
Hi there,
It's not sensitive information
It's not sensitive information
api/v2/users/me is only available to logged in users. Similarly that CSRF token is only able to be used by the matching logged in user to access information and do actions that they would normally be able to do as a logged in user. Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
A CSRF token is used to prevent cross-site forgery attacks when making Zendesk API calls that are available for end users from the help center. A really good explanation of what it is can be found here.
Hope this helps!