Zendesk Ticketing API: Auth, Endpoints & Rate Limits

The Zendesk Ticketing API (part of Zendesk's Support API, under /api/v2/) is the REST interface for managing tickets, users, organizations, and views in a Zendesk account. It authenticates with an API token (Basic auth) or an OAuth access token (Bearer), returns JSON, and is rate-limited per minute based on your Zendesk plan.

This page covers how authentication works, the endpoints and objects you'll use most, rate limits and pagination, and where Knit's unified API fits if you're connecting Zendesk alongside other ticketing tools.

Authentication

Zendesk supports two authentication methods: API tokens, sent as Basic auth using {email}/token:{api_token}, and OAuth access tokens, sent as Authorization: Bearer <access_token>. API token access must be explicitly enabled by an admin before tokens work, and OAuth is required if you're distributing an integration to multiple Zendesk accounts (Zendesk Developer Docs, Security and authentication).

For the full walkthrough - enabling token access, generating a token, and a working curl example - see How to Get a Zendesk API Token.

Core objects and endpoints

Common tasks

• Create a ticket: POST /api/v2/tickets.json with a ticket object containing subject, comment.body, and a requester (email or ID).
• Update a ticket: PUT /api/v2/tickets/{id}.json with the fields to change, such as status or priority - note the 30-updates-per-10-minutes-per-agent limit on this endpoint.
• List or search tickets: GET /api/v2/search.json?query=type:ticket status:open for filtered results, or GET /api/v2/tickets.json for all tickets with pagination.
• Read a ticket's conversation: GET /api/v2/tickets/{id}/comments.json returns the public and internal comments on a ticket in order.
• Bulk-sync changed records: use the incremental export endpoints (/api/v2/incremental/tickets/cursor.json, etc.) to pull everything changed since a given timestamp - the recommended approach for keeping an external system in sync.

Rate limits and pagination

Zendesk's Support and Help Center API rate limits depend on your plan, documented at developer.zendesk.com/api-reference/introduction/rate-limits:

Every response includes X-Rate-Limit and X-Rate-Limit-Remaining headers (Ticketing endpoints also add ratelimit-limit, ratelimit-remaining, and ratelimit-reset). Exceeding the limit returns 429 Too Many Requests with a Retry-After header. Some endpoints carry their own tighter limits regardless of plan - for example, the Update Ticket endpoint allows only 30 updates to the same ticket by the same agent within 10 minutes, and incremental export endpoints are capped at 10 requests/minute (30 with the High Volume add-on).

For pagination, Zendesk recommends cursor pagination: pass page[size] (max 100) and follow links.next until meta.has_more is false. The older offset pagination (page=N&per_page=...) is capped at the first 100 pages / 10,000 records - requests beyond that return 400 Bad Request (Zendesk Developer Docs, Pagination).

Build it yourself vs. use a unified API

Calling the Zendesk API directly works well for a single account: enable token access, handle the Basic-auth encoding, and watch the per-minute and per-endpoint rate limits. It gets more involved once you're connecting Zendesk alongside other ticketing systems - each with its own auth scheme, object model, and pagination style.

Knit's unified Ticketing API normalizes Zendesk tickets, users, and comments alongside connectors like Freshdesk, Intercom, and Jira behind one schema, handles the token/OAuth setup described in the Zendesk API token guide, and manages rate-limit backoff for you. See Knit's Zendesk Ticketing connector for what's available, or book a demo to see it against your own account. You can also sign up free and connect a sandbox Zendesk account.

FAQ

Is the Zendesk Ticketing API a REST API?

‍Yes - it follows REST conventions under /api/v2/, using GET, POST, PUT, and DELETE on resource URLs with JSON bodies. It's part of Zendesk's broader Support API, which also includes the Help Center API (separate rate limit) and Side Conversations API.

How do I authenticate to the Zendesk Ticketing API?

‍Use either an API token with Basic auth ({email}/token:{api_token}, base64-encoded) or an OAuth access token sent as Authorization: Bearer <token>. API token access must be turned on by an admin in Admin Center before tokens work. See the Zendesk API token guide for setup steps.

How do I sync all my Zendesk tickets into another system?

‍Use the incremental export endpoints (/api/v2/incremental/tickets/cursor.json and equivalents for users and organizations), which return everything changed since a given timestamp using cursor-based pagination — designed for bulk sync rather than one-off queries. These endpoints have their own tighter rate limit (10/minute, or 30/minute with the High Volume add-on). Knit's unified API exposes equivalent sync primitives across ticketing connectors without needing endpoint-specific incremental-export logic.

What happens if I exceed Zendesk's API rate limits?

‍Zendesk returns 429 Too Many Requests with a Retry-After header specifying how many seconds to wait. The X-Rate-Limit and X-Rate-Limit-Remaining headers on every response let you monitor usage before hitting the limit. Limits range from 200 to 2,500 requests/minute depending on your plan, and some endpoints (like ticket updates) have their own separate caps. Knit handles this backoff automatically across the Zendesk connections it manages.