OAuth access and refresh tokens will now automatically expire for new global OAuth clients starting February 2, 2026, with default expiration times of 30 minutes for access tokens and 30 days for refresh tokens, whilst the deadline for existing local OAuth clients to adopt the refresh token flow has been extended to April 1, 2027. Zendesk administrators should review token activity in Admin Center under Apps and integrations > APIs > External OAuth clients to identify affected clients, and third-party developers must implement the refresh token flow using the /oauth/tokens endpoint with grant_type=refresh_token to handle token renewal and prevent service interruptions.
Announced on Rollout starts February 2, 2026 February 2, 2026 We’re making some changes to the default behavior of new global OAuth clients so that access and refresh tokens automatically expire. Additionally, the current deadline for existing local (non-global) OAuth clients to adopt the refresh to
Announced on Rollout starts Rollout ends April 30, 2025 April 30, 2025 May 30, 2025 Starting today, customers can adopt the OAuth refresh token grant type as per the OAuth 2.0 standard, along with support for access and refresh token expiration. Third-party app developers (those publishing integrati
Announced on Rollout on March 4, 2025 March 4, 2025 Starting today, Zendesk is adding support for the Client Credentials grant type for confidential OAuth clients. This announcement includes the following topics: What's changing? Why is Zendesk making this change? What do I need to do? What's changi