Learn in this article what options exist to authentication against the Znuny / OTRS / OTOBO WebService REST APIs.
You will find also cURL examples for better understanding.
In the previous articles Access Znuny & OTRS API via REST, Znuny & OTRS REST API Routes we guide you thru the configuration steps of REST API in the role of the service provider. If you followed the steps your system is accessible via the new REST API and awaiting now your cURL access described in this article.
Authentication
As written in Znuny & OTRS REST API Routes we can access our REST API via:
http://{{znunyHostName}}/otrs/nph-genericinterface.pl/Webservice/Ticket%20REST%20API
Authentication types
There are two common authentication methods:
- UserLogin & Password
Authentication of each request with UserLogin and Password
OR - Session Auth (recommended)
Session authentication with UserLogin and Password to create Session, following with authentication of all next calls with obtained SessionID.
Authentication information is sent with request data as options. The data format is given by used HTTP method (i.e. for GET requests it has to be mentioned in Query string; for POST&PATCH in JSON Data). Alternatively starting from the version of Znyny 6.1.2 the authentication information can also be posted via X-OTRS-Header-(UserLogin|CustomerUserLogin|SessionID|Password).
Too complicated? No issue, read on. It will be clear later
integratION with Znuny REST API?
You require a integration of another system/application to share data between Znuny and your system.
You struggle to get started, as the implementation of the API is not that straight forward as you thought?
You are not alone, we have many customers with the same issue!
Get started with a hand crafted set of REST Call in Postman and Bruno
Example: Create a Ticket with user & password authenticated request
This is the most obvious way, many will choose. Anyway, the recommended way is to use session-based authentication.
REST API create a ticket with user & password in body data
Below you can see an example of user/password authenticated request creating a Ticket:
Request:
POST http://{{FQDN}}/otrs/nph-genericinterface.pl/Webservice/Ticket%20REST%20API/Ticket?Data in the body:
{
"data" : {
"UserLogin":"{{user}}",
"Password":"{{pass}}",
"Ticket":{
"Title":"Ticket created via REST API - minimal content",
"Queue":"Raw",
"StateID": 1 ,
"PriorityID": 3,
"CustomerUser":"{{CustomerUser}}"
},
"Article":{
"CommunicationChannel":"Email",
"Subject":"Test Article created with new Ticket via REST API type Email",
"Body":"email body.",
"ContentType":"",
"Charset":"utf-8",
"MimeType":"text/plain"
}
}
}Variables:
| Variable | Description |
| {{user}} | User name used to authenticate to OTRS authorized to create Ticket. |
| {{pass}} | User’s password |
| {{FQDN}} | The fully qualified domain name of the server with OTRS |
| {{CustomerUser}} | Login name of the Customer for which the Ticket has been open |
When converted into cURL the example of UserLogin&Password authenticated creation of a ticket looks like this:
curl --location --request POST 'http://localhost/otrs/nph-genericinterface.pl/Webservice/Ticket%20REST%20API/Ticket'
--header 'Content-Type: application/json'
--data-raw '{
"UserLogin":"userXYZ",
"Password":"plain-text-password",
"Ticket":{
"Title":"Ticket created via REST API - minimal content",
"Queue":"Raw",
"StateID": 1 ,
"PriorityID": 3,
"CustomerUser":"CustomerUser"
},
"Article":{
"CommunicationChannel":"Email",
"Subject":"Test Article created with new Ticket via REST API type Email",
"Body":"email body.",
"ContentType":"",
"Charset":"utf-8",
"MimeType":"text/plain"
}
}'
integratION with Znuny REST API?
You require a integration of another system/application to share data between Znuny and your system.
You struggle to get started, as the implementation of the API is not that straight forward as you thought?
You are not alone, we have many customers with the same issue!
Get started with a hand crafted set of REST Call in Postman and Bruno
REST API to create a ticket with user & password in query parameter (absolutely NOT recommended)
This example you will find in many examples around OTRS / Znuny / OTOBO. But exactly this way is absolutely the totally wrong way in terms of security.
Since you will pass your user and password to access the REST API in the query URL, it will be logged into all access-log files of your webservers. And thus whoever has access to these logs, has also some critical user & password information of Znuny, OTRS, or OTOBO users.
So simply: DO NOT USE THIS WAY IF YOU HAVE ANY SENSE FOR SECURITY FOR YOU OR YOUR CLIENT!!!
To shorten the description here is only a sample cURL, as said DO NOT use it
curl --location --request POST 'http://localhost/otrs/nph-genericinterface.pl/Webservice/Ticket REST API/Ticket?UserLogin=userXYZ&Password=plain-text-password' \
--header 'Content-Type: application/json' \
--data-raw '{
"Ticket":{
"Title":"Ticket created via REST API - minimal content",
"Queue":"Raw",
"StateID": 1 ,
"PriorityID": 3,
"CustomerUser":"CustomerL"
},
"Article":{
"CommunicationChannel":"Email",
"Subject":"Test Article created with new Ticket via REST API type Email",
"Body":"email body.",
"ContentType":"",
"Charset":"utf-8",
"MimeType":"text/plain"
}
}'Example: Create Ticket using SessionID authentication (recommended)
This method of authentication is recommended and also a very common standard in terms of API access. Also, this method is better in terms of generating less load on OTRS, Znuny, or OTOBO, since you do the authentication only once and all subsequent queries are already pre-authenticated.
To access the API you have to process these steps:
- Create Session and get SessionID
- Create Ticket using SessionID authentication
- reuse the SessionID for any later API accesses
- refresh SessionID if the session expired (which will be explained in a different article)
Create Session and get SessionID
Request:
curl --location --request POST 'http://localhost/otrs/nph-genericinterface.pl/Webservice/Ticket%20REST%20API/Session'
--header 'Content-Type: application/json'
--data-raw '{
"UserLogin":"userXYZ",
"Password":"plain-text-password"
}'Response:
{
"SessionID": "Yx9TilyRyGveitmMKrdBy2Q8oqKqA4U2"
}integratION with Znuny REST API?
You require a integration of another system/application to share data between Znuny and your system.
You struggle to get started, as the implementation of the API is not that straight forward as you thought?
You are not alone, we have many customers with the same issue!
Get started with a hand crafted set of REST Call in Postman and Bruno
Create Ticket using SessionID authentication
CURL example of the SessionID authenticated creation of a ticket:
curl --location --request POST 'http://localhost/otrs/nph-genericinterface.pl/Webservice/Ticket%20REST%20API/Ticket'
--header 'Content-Type: application/json'
--data-raw '{
"SessionID":"Yx9TilyRyGveitmMKrdBy2Q8oqKqA4U2",
"Ticket":{
"Title":"Ticket created via REST API - minimal content",
"Queue":"Raw",
"StateID": 1 ,
"PriorityID": 3,
"CustomerUser":"CustomerL"
},
"Article":{
"CommunicationChannel":"Email",
"Subject":"Test Article created with new Ticket via REST API type Email",
"Body":"email body.",
"ContentType":"",
"Charset":"utf-8",
"MimeType":"text/plain"
}
}'Related articles
To learn more about OTRS & Znuny REST API routes and request options please see Znuny & OTRS REST API URLs & Routes.
To learn how to setup the REST API in OTRS & Znuny installation please see Access Znuny & OTRS API via REST.
You want to integrate with Znuny REST API?
You require a integration of another system/application to share data between Znuny and your system.
You struggle to get started, as the implementation of the API is not that straight forward as you thought?
You are not alone, we have many customers with the same issue!
After spending lots of time in supporting our customer, we have created the most common API accesses in Postman and Bruno.
So that your business analysts or developers can test the API and may define or integrate your needs.
Just for completeness, we offer also such development support and we can assign you the corresponding experts.
Do you require experts with real expertise since 2006 on Znuny and OTRS?
Do you require help on solving your issues?
We have experts who can help you on:
Integrating Issue trackers
like
- Jira
- Redmine
- Azure DevOps, / Team Foundation Server
- IBM Rational ClearQuest
- IBM Engineering Workflow Management / Rational Team Concert / Jazz
- Siemens Polarion
- Adobe Workfront / AtTask
- Trello
- GitHub
- GitLab
- Asana
- and many more
Integrating CRM systems
like
- Salesforce
- Microsoft Dynamics 365
- Oracle CRM
- SAP CRM
- Adobe Experience Cloud / Marketo Engage, Workfront
- HubSpot CRM
- Zoho CRM
- SugarCRM / SuiteCRM / Vtiger CRM & OSS
- Pipedrive
- Zendesk Sell
- and many more
Integrating ERP systems
like
- SAP S/4HANA
- Oracle ERP Cloud
- Microsoft Dynamics 365
- Finance & Operations
- Sage X3
- Compiere / ADempiere / iDempiere
- Apache OFBiz
- Openbravo
- Odoo
- ERPNext
- Dolibarr
- and many more
Beside of the above named solutions we can help you to integrate into more business and branch specific solutions:
Integrating artificial intelligence / AI
like
- AI Chatbots to aid your support agents
- integrate private data chatbots, with exclusive access to your data without sharing to OpenAI, Microsoft or any other AI companies
- create and integrate AI models based on your data to get a unique business model for your team
- and many more
Integrating accounting systems
like
- DATEV Rechnungswesen, DATEV Unternehmen Online, sevDesk, Lexware (DE)
- BMD Business Software, RZL, DIAMANT (AT)
- Abacus (CH)
- Forvis Mazars, Swiss21, Banana Accounting (CH)
- Cegid XRP Flex, Captivea, EBP (FR)
- QuickBooks, Freshbooks
- and many more
Integrating branch specific systems
like
- Sage Handwerk, TopKontor Smart-Handwerk,
STREIT Handwerkersoftware, CENDAS, OfficeOn,
openHandwerk, ToolTime, Plancraft, HERO,
Das Programm, Craftboxx, Taifun, M‑Soft, extragroup, PraKom - and many more