Zendesk Token
Description
General
- Documentation: https://developer.zendesk.com/rest_api
- Summary: Zendesk helps companies to manage customer relationships with support and sales tools. The Zendesk APIs give programmatically access to Zendesk features and enable to integrate external services with it. To authenticate a request, an application needs a user email and an API token. This detectors aims at catching this pair of credentials. With a valid API token, it is possible to access and edit customers listing, read and send messages from and to customers or access most of Zendesk features.
- IPs allowlist: As of the time of writing this documentation, this feature is not available.
- Scopes: As of the time of writing this documentation, this feature is not available.
Revoke the secret
To revoke a secret, go the Settings then API and revoke from here (<your_domain>.zendesk.com/agent/admin/api/settings).
Check for suspicious activity
To check for suspicious activity go to the Activity tab in the API settings page (<your_domain>.zendesk.com/agent/admin/api/activity).
Details for Zendesk Token
-
Family: credentials
-
Category: crm
-
Company: Zendesk
-
High recall: False
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: False
-
Only valid secrets raise an alert: True
-
Minimum number of matches: 3
-
Occurrences found for one million commits: 0.18
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- zendesk
Examples
- text: |
uri=https://mysuperdomain.zendesk.com
api_key=ubVBohcplaG55iiRCL3y91Wc1fOWUTX9n7oEjiGS
user=someone@my-awesome-company.com
subdomain: mysuperdomain
client_id: someone@my-awesome-company.com
client_secret: ubVBohcplaG55iiRCL3y91Wc1fOWUTX9n7oEjiGS
- text: uri=https://mysuperdomain.zendesk.com token=ubVBohcplaG55iiRCL3y91Wc1fOWUTX9n7oEjiGS user=someone@my-awesome-company.com
subdomain: mysuperdomain
client_id: someone@my-awesome-company.com
client_secret: ubVBohcplaG55iiRCL3y91Wc1fOWUTX9n7oEjiGS
Details for Zendesk Token
-
Family: credentials
-
Category: crm
-
Company: Zendesk
-
High recall: False
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: False
-
Only valid secrets raise an alert: True
-
Minimum number of matches: 3
-
Occurrences found for one million commits: 0.28
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- zendesk
- type: ContentWhitelistPreValidator
patterns:
- subdomain
Examples
- text: |
const ZENDESK_USER = 'someone@mysupersubdomain.com'
const ZENDESK_API_TOKEN = 'bvwDavE1oEhomexv8vUqGwsWxOmEedV6FlKmTZvb'
const ZENDESK_SUBDOMAIN = 'mysupersubdomain'
client_id: someone@mysupersubdomain.com
client_secret: bvwDavE1oEhomexv8vUqGwsWxOmEedV6FlKmTZvb
subdomain: mysupersubdomain
- text: |
env('ZENDESK_USER', 'bscm@yay.awesome')
env('ZENDESK_TOKEN','4CrWCZYrwAaS0Ie241y2ONMuQGFty9p5XUchHghv'),
env('ZENDESK_SUBDOMAIN', 'anotherone')
subdomain: anotherone
client_id: bscm@yay.awesome
client_secret: 4CrWCZYrwAaS0Ie241y2ONMuQGFty9p5XUchHghv
- text: const ZENDESK_USER = 'someone@mysupersubdomain.com' const ZENDESK_API_TOKEN = 'bvwDavE1oEhomexv8vUqGwsWxOmEedV6FlKmTZvb' const ZENDESK_SUBDOMAIN = 'mysupersubdomain'
client_id: someone@mysupersubdomain.com
client_secret: bvwDavE1oEhomexv8vUqGwsWxOmEedV6FlKmTZvb
subdomain: mysupersubdomain
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: True
- Total network call count: 1
- Total call count may vary: False
HTTP Calls
Requests are designed to capture metadata and not to function effectively.
- GET: /api/v2/users/me.json
Other Calls
Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.
