Skip to main content

Hi Guys,

I am trying to view all tickets of a contact and trying to login as a contact with email and password using API list but what i am getting is Response are {"code":"invalid_credentials","message":"You have to be logged in to perform this action."}

what i am doing that i am calling the function to view all tickets and for authentication i am passing email & password to the curl 

even though my credentials are right, am i doing something wrong?



Hello Zain,


You'll have to provide an agent or an admin API key or credentials to fetch details via API. Only agents are authenticated to pull data from the helpdesk. You can use your own credentials in this API command to obtain the list of tickets for a specific contact.


Cheers!


Hi Aravind,


I have an API key from admin and if i am using that API key then i can login with any dummy password to see all tickets if the email i am providing correct, that's not what i want to do, see the thing is i am providing the contacts an login form to get logged in before seeing the tickets and they have to be logged in with their registered credentials (email & password). How can i implement this basic authentication on the contact login, for now what i am doing in my code is given below

These are the credential
$password = "mypassword";

$yourdomain = "mydomain";

$email = "myemail@email.com";

Below is the API url i am hitting
$url = "https://$yourdomain.freshdesk.com/api/v2/tickets?email=".$email;

This is how i am running my curl

$ch = curl_init($url);

curl_setopt($ch, CURLOPT_USERPWD, "$email:$password");




Hello Zain,


The API authentication requires an agent key and the resources cannot be accessed by an end user profile. In case if you'd like to fetch tickets for a specific contact, you need to use your API key to fetch data and display it for the user. 


The login to the support portal has to either happen via the login page or through a Single Sign On authentication from your website.


Cheers!


Hi Aravind, 
But as i mentioned earlier, in my case consider it like this as a contact want to see his/her all tickets he/she created but what i want is that they must login with the registered account, i am already calling the API but i want that API called once the contacts are logged in,

Can you please elaborate about this Single Sign On, as i am not familiar with this terminology at all. 


Zain,


I understand that you wanted to establish an authentication mechanism for users to view their tickets. However, we don't support login via API for end users as of now. In case if you'd like the users to check their tickets, you can authenticate their profile using your website login system and then allow them to seamlessly sign in to the freshdesk portal without having to go through the login process again. 


You can read more about the Single Sign-On mechanism here.


Cheers!


@thanks, Aravind,

As i understand that Single Sign-On mechanism need a url to redirect when user trying to access fresh desk, can i redirect the credentials to my fresh desk support portal for authentication?

The second thing is, in the example the parameter mentioned are email and user name, can i authenticate with the password too ?



@Zain: The Single Sign On works best when you've a login mechanism on your website already. Imagine your users having to login again if they're redirected to the freshdesk support portal. Establishing a SSO connection between your website login mechanism and Freshdesk enables the user to seamlessly login to the Freshdesk support portal without having to do the login form again.


Only email, user name, phone number and company can be passed as variables for authentication via SSO.


Cheers!


@Thanks Aravind,

You were a great help.
Cheers....




Aravind, 
Is there any way to get the customer account details along with their account password ,As fetching contact only return the contact details with email and account status (active/non-active) but not the password.




Sorry, @Zain. The account passwords are extremely sensitive to be exposed via API. You can extract only the profile related information but not the password values for the users.



Cheers!