Session Revocation — Zendesk
Session Revocation — Zendesk
Challenge bulk-deletes all active sessions for a Zendesk user.
Credentials
- In Zendesk Admin Center, enable API token access and create an API token.
- Use an admin account email plus API token for Basic authentication.
- In Challenge under Integrations → Session Revocation → Zendesk, enter:
- Subdomain (e.g.
companyforcompany.zendesk.com) - Admin email
- API token
- Subdomain (e.g.
API calls Challenge makes
| Step | Method | Endpoint |
|---|---|---|
| Lookup | GET | /api/v2/users/search.json?query=email:{email} |
| Revoke | DELETE | /api/v2/users/{user_id}/sessions |
Authentication: Basic auth with {email}/token:{api_token}.
Username format
Use the agent or end-user email address.
Expected outcomes
- 204 on revoke → all sessions deleted
- Empty search results → user not found
Troubleshooting
| Symptom | Check |
|---|---|
http_401 | Wrong subdomain, email, or API token |
http_403 | Admin role cannot manage sessions |
| Multiple users in search | Use unique email; ambiguous matches fail safely |