Zendesk is removing API tokens: the no-code way to keep your ticket automations working
July 2, 2026
Zendesk has announced that it is removing API tokens as an authentication method for the Support, Ticketing, Help Center and Voice APIs. If your team has ever set up a webhook that makes a change back to a ticket, this affects you, and the simplest fix is SweetHawk Power Actions.
What is changing, and when
API tokens, the classic email address plus token credential, are being retired on a firm timeline:
- 28 July 2026: tokens unused for 30 or more days are automatically deactivated, and brand new accounts cannot use them at all.
- 27 October 2026: no new API tokens can be created.
- 30 April 2027: all remaining API tokens stop working. No opt-out, no extension.
These are Zendesk's published dates as of July 2026. Zendesk may adjust the timeline as the deadlines approach, so check Zendesk's announcement for the current schedule.
OAuth and app-proxy (session-based) authentication are not affected. The thing that goes away is the humble API token.
The pattern that quietly breaks: a ticket that acts on itself
One of the most common power-user recipes in Zendesk is having a ticket make an API call back to itself: updating a field, adding a tag, changing a value, or reaching another ticket, all via a webhook. It is the basis of countless internal automations, and it is the subject of one of our most-read guides, how to create a webhook to make any change to a Zendesk ticket.
Almost every one of those setups authenticates the webhook with an API token. After 30 April 2027, they will simply stop firing, and the calls will fail with authentication errors.
The official replacement is developer work
Zendesk's recommended path is OAuth. That is the right call at the platform level, but for the person who actually built the automation, it is a real project rather than a setting. It means:
- registering an OAuth client in Admin Center,
- wiring your webhook or connection to authenticate against it,
- and handling ongoing token rotation and refresh so it keeps working.
That is developer territory. A Zendesk admin, the person who set up the original tag-and-update webhook in an afternoon, generally is not going to stand up and maintain an OAuth integration. So for most teams, "just move to OAuth" is not a real option.
The no-code, no-token way: Power Actions
SweetHawk Power Actions lets a ticket act on itself, and make the kinds of changes that used to require an API call, without any API token and without building an OAuth integration. There is no client to register, no credential to rotate, and no code to maintain. You configure the action in the app, and it runs.
Put plainly: for a Zendesk admin, Power Actions is the only realistic way to keep "make a ticket change itself" automations working once API tokens are gone, without handing the problem to a developer.
Keep your ticket automations running, with no tokens to manage.
Get Power ActionsWhat to do now
- Audit your webhooks and integrations for anything authenticated with a Zendesk API token, especially ticket-updates-itself recipes.
- Replace those with Power Actions so there is nothing to migrate again when the deadline hits.
- Relax: no tokens, no OAuth clients, no rotation, and nothing to break in 2027.
Want a hand working out which of your automations are affected? Take a look at Power Actions or get in touch, and we are happy to help you map them across.