Agent API and user creation

  • 14 June 2013
  • 1 reply


I think you need to change the logic of the freshdesk API key and agent password logic. 

Here is why:

We have one agent but we no longer have her password, and you have no password retrieval option for agents on your site. 

You can only reset the password, but have to know it already. Please please change this - it's crazy that you can't request a password reminder or reset! What happens if an agent resets her or his password and leaves the company!

2. We need to be able to set up new customers with an account on freshdesk via your API as they come into our system. We have been unable to do this because the only way you can do it (that works) is with an agents email and password. You cannot do it as suggested with just the API key and 'X'.  

So if we knew the agents email and password we could set up new users accounts using your API - but what happens when the Agent leaves, changes her password without telling the tech dept in our office or re-sets her API? I'll tell you, the API no longer works and we can no longer create new accounts on freshdesk for all the customers that sign up to our account. Solution: Don't have the API related to agents - instead you should associate an api key with the 'owner' of the account with freshdesk.

3. When we have the agents password and have the email we want to create a verified freshdesk accounts for our customers via the API. When they log into the admin area on our site we offer them your helpdesk system as part of the service. We don't want them to have to confirm an email from Freshdesk (who they don't know and will probably ignore) to activate their account as this will confuse them. We will create their account and once they log into our admin area they will be able to automatically click through to your system within an iframe on our system.

Please explain how we can set up verified accounts using the freshdesk API. Is it possible via API?

This is the code at the moment:

$url = '';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_USERPWD, "agentsname@domain.password");
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POSTFIELDS, $userData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$returndata = curl_exec ($ch);

Other than this the system works well and we'd really like to get going with it. I submitted a ticket but thought I should bring my frustrations to the forum so others could put me straight.

Many thanks,

Bob Harrison

This topic has been closed for comments

1 reply

Hi Bob

To answer the questions.

  1. Password retrieval for the Agent - If you can drop his/her Email to support, we can reset it and send you the info.
  2. Its actually recommended that you use the Account Admin or Admin Agent's API key, so you can know whose API key is being used and can be retrieved, in case Admin or Account Admins are about to leave or so.
  3. Currently its not possible to create a USER via API and automatically authenticate them. We've purposefully disabled this to prevent SPAM. In such cases, you can implement SSO with your App or website, so that when USERs are created, they can be authenticated via your App, so users also won't have to remember any username/Password or so

Here is a sample PHP code for SSO

define('FRESHDESK_SHARED_SECRET','____Place your Shared Secret here_____');
define('FRESHDESK_BASE_URL','');//With the trailing slash
function getSSOUrl($strName, $strEmail) {
return FRESHDESK_BASE_URL."login/sso/?name=".urlencode($strName)."&email=".urlencode($strEmail)."&hash=".getHash($strName,$strEmail);
function getHash($strName, $strEmail) {
return hash('md5',$strName.$strEmail.FRESHDESK_SHARED_SECRET);
header("Location: ".getSSOUrl("User's Name",""));

Github URL: