REST API

With Zammad, "API First" applies. This means that you can do anything with the REST API that can be done through the interface. So you'll never have missing, incomplete, or outdated API interfaces again. (And a fun fact on the side: the interface itself is just an API client written in JavaScript that runs in the browser.)

Zammad's REST/JSON API supports three different authentication methods:

• HTTP Basic Authentication (username/password)
• HTTP Token Authentication (access token)
• OAuth2 (token access)

There are special API tokens that make it possible to further restrict access rights. This minimizes the attack surface and the extent of the damage if a token should fall into the wrong hands.

Request Format

In terms of request format, Zammad uses JSON for its API, so you need to set a “Content-Type: application/json” in each HTTP call. Otherwise, the response will be text/html. Proceeding like this you can perform CURL requests, for example, for tickets and users.

It is also possible to do a request on behalf of a different user. If you have your own application and you want to create a ticket for the customer (without the information that the API user has created this ticket) then you can transfer the target user with the request to create the ticket on behalf of the customer user.

Response Format

If a response is successful, an HTTP status code in the 200 or 300 range will be returned. If an item has been created or updated, all new attributes will be returned (including server-side generated attributes like created_at and updated_at).

API Clients

There are two official API clients (PHP and Ruby), as well as several community-maintained clients that allow even easier use of the API.


All resources support pagination.

More information about the REST API and details on how to use it can be found in our Admin Documentation.