Building a more secure API ecosystem as AI accelerates

In September we outlined how AI is reshaping service and why API security must modernize. Since then, hundreds of developers have updated their integrations, adopted OAuth credentials, added identifying API headers, completed security reviews, and updated data handling practices.

Security is paramount in an AI-first world. APIs now move more sensitive data than ever before. They automate essential tasks, connect systems that power service teams, and support AI-driven experiences. APIs are an entry point to customer information and stronger API security is about protecting the customers who rely on us every day.

The stakes are high right now as businesses scramble to secure their API ecosystems. One outdated or non-compliant integration can affect the system. The principle is straightforward: as the rate of innovation climbs, platform security has to climb faster.

What developers should do

Developers have made strong progress since we introduced these updates in September. And as the year comes to close, we want to remind anyone building on Zendesk to review their integration and confirm it aligns with the updated Developer Terms.

The core security requirements remain the same:

• Global OAuth for any public or multi-customer integration

• Identifying API headers on every request for public integrations

• Marketplace review for distributed apps

• Updated data-handling and storage practices

To help in this process, we improved token-management dashboards with better visibility, clearer scopes, and simpler ways to revoke access. Our documentation and support teams can help plan and implement change.

Following these practices also ensures that developers avoid any disruption. However, non-compliance with the Developer Terms will result in integrations being disabled. We want every developer to stay well ahead of being disabled, which is why our tools are designed to avoid disruption.

This is not about limiting functionality. It is about consistent protection and ensuring every integration meets modern standards.

What customers need to know

As the platform continues to evolve, customers should review third-party integrations that may need updates to meet current security requirements. If a developer updates an integration, you may be asked to reauthorize it. If access restrictions are required, they apply only to new integrations. Existing customer integrations are not affected.

Our priority is protecting your data and ensuring that every integration meets the level of security that modern platforms require. These updates support a safer and more reliable experience.

Looking forward

We continue to invest in secure-by-design practices across Zendesk, including AI workflow execution, data access, and identity management. These investments support a more resilient platform for customers and developers. As AI use grows, security measures must also evolve and strengthen to keep pace.The platform depends on every integration meeting modern standards with clear expectations.

We will keep improving our standards and tools as the landscape evolves and we will continue working closely with developers and customers throughout that process. The future of service belongs to platforms that treat security as a shared responsibility. We remain committed to keeping Zendesk secure and ready for the next wave of innovation.