Zammad's REST/JSON API supports three different authentication methods:
There are special API tokens that make it possible to further restrict access rights. This minimizes the attack surface and the extent of the damage if a token should fall into the wrong hands.
In terms of request format, Zammad uses JSON for its API, so you need to set a “Content-Type: application/json” in each HTTP call. Otherwise, the response will be text/html. Proceeding like this you can perform CURL requests, for example, for tickets and users.
It is also possible to do a request on behalf of a different user. If you have your own application and you want to create a ticket for the customer (without the information that the API user has created this ticket) then you can transfer the target user with the request to create the ticket on behalf of the customer user.
If a response is successful, an HTTP status code in the 200 or 300 range will be returned. If an item has been created or updated, all new attributes will be returned (including server-side generated attributes like created_at and updated_at).
More information about the REST API and details on how to use it can be found in our Admin Documentation.