Hi ​@BLaRue1443 ,

I hope you are doing well :)

I understand that you want to safely integrate your website with Freshdesk. 

Note that the integration will work perfectly unless you reset your Freshdesk API or delete agent inside Freshdesk. I would advise you to setup SSO https://support.freshworks.com/en/support/solutions/articles/50000002351-what-is-and-how-to-configure-agent-sso-and-contact-sso-for-an-organization- and 2FA https://support.freshworks.com/en/support/solutions/articles/50000001025-how-can-i-enable-disable-two-factor-authentication- for additional security this way other than the actual account admins nobody can make modifications with agent’s profile. 

Feel free to respond to this thread for any queries :)

Thank you

​Hi @mahendarsingh, we are currently using an individual’s API for our integration and it does work, however we are looking for a way to connect to an API that is NOT tied to an individual.

Hi ​@BLaRue1443, In Freshdesk the API key is tied to agent profile however in Freshchat the API key is tied account level meaning for each account there is only one API key. I can take this as a feedback to our product team. 

Do let me know the challenges you are facing with individuals API key. 

​@mahendarsingh Thank you for pointing out the account-level API in Freshchat. However, since Freshchat is not included in our Freshdesk subscription and would require additional costs to enable, it presents a similar financial burden to purchasing an additional agent license solely for integration purposes. This makes it an impractical solution for our use case, as we're trying to address both functionality and cost efficiency within the constraints of our Freshdesk subscription.

Using an individual agent’s API key for integration purposes presents several significant challenges:

1. Integration Fragility and Business Continuity Risks:
   Integrations are tightly tied to the specific agent’s credentials. If the agent leaves the company or makes any changes to their Freshdesk account (e.g., updating passwords or disabling access), all associated integrations immediately break. This creates operational disruptions and requires urgent intervention to restore functionality.

2. Lack of Transparency and Accurate Attribution:
   When companywide automated processes rely on an individual’s API key, Freshdesk records the actions as being initiated by that specific agent. This leads to confusion during audits or troubleshooting, as the true source of these actions (the integration) is obscured. This inaccurate tracking can hinder accountability and make it difficult to distinguish between system-driven and agent-driven activities.

3. Additional Costs for Unused Licenses:
   The only workaround to avoid these issues involves purchasing a dedicated Freshdesk agent license exclusively for integrations. While functional, this solution is costly and inefficient, as the license is not used for actual agent activity. This unnecessary expense could factor into evaluating Freshdesk’s overall value proposition compared to more cost-effective alternatives.

​@mahendarsingh - just curious if this could be the solution we are looking for.. 

To improve the security and efficiency of your Freshdesk integration, consider using a dedicated user for API access, ensuring the API key is tied to a specific integration role with limited permissions. Instead of using personal API keys, opt for OAuth 2.0 authentication, which is more secure and allows for token revocation. Store sensitive information like API keys in environment variables rather than hardcoding them, and restrict API access with IP whitelisting and rate limiting. Regularly rotate API keys, monitor API activity for unusual behavior, and implement proper error handling and logging to ensure secure and efficient operations. These practices will help manage your Freshdesk integration securely.

​@BLaRue1443 I will definitely pass your request to our team and make some noise once there is an update on the API key feature.