Working with the Zendesk API means dealing with error codes. It's not a matter of if you'll encounter them, but when. Whether you are building a custom integration, automating ticket workflows, or syncing data between systems, understanding these error codes can save you hours of debugging time.
This guide covers everything you need to know about Zendesk API error codes. We'll walk through HTTP status codes, authentication errors, rate limiting, and even email delivery status codes. By the end, you'll have a practical reference you can return to whenever something goes wrong.
If you are looking to reduce API complexity altogether, tools like eesel AI can handle ticket operations intelligently, minimizing the errors you need to troubleshoot in the first place. eesel AI acts as an AI agent for Zendesk, learning from your past tickets and help center to resolve customer issues autonomously.
Understanding Zendesk API error codes and HTTP status codes
The Zendesk API uses standard HTTP status codes to communicate success and failure. These fall into familiar ranges:
- 2xx (Success): The request worked as expected
- 3xx (Redirection): The resource has moved or has not changed
- 4xx (Client Error): Something is wrong with your request
- 5xx (Server Error): Something went wrong on Zendesk's end
Here is a quick reference for the most common codes you'll encounter:
| Status Code | Meaning | Common Cause |
|---|---|---|
| 200 | OK | Successful GET or PUT request |
| 201 | Created | Successful POST that created a resource |
| 204 | No Content | Successful DELETE request |
| 400 | Bad Request | Malformed request or missing required fields |
| 401 | Unauthorized | Authentication failed |
| 403 | Forbidden | Authenticated but lacking permissions |
| 404 | Not Found | Resource does not exist |
| 409 | Conflict | Concurrent modification or duplicate request |
| 422 | Unprocessable Entity | Valid JSON but semantic errors |
| 429 | Too Many Requests | Rate limit exceeded |
| 500 | Internal Server Error | Zendesk server issue |
| 503 | Service Unavailable | Maintenance or temporary outage |
When errors occur, Zendesk returns a JSON response with details. Here is the typical error format:
{
"error": "RecordInvalid",
"description": "Record validation errors",
"details": {
"value": [
{
"type": "blank",
"description": "can't be blank"
}
]
}
}
The Sell API (Zendesk's sales CRM) uses a slightly different format with an errors array and meta object containing the HTTP status and request ID.
Authentication and authorization errors: 401 and 403
The 401 and 403 errors cause the most confusion for developers new to the Zendesk API. They both relate to access control, but fail at different stages.
401 Unauthorized: Authentication failed
A 401 error means Zendesk could not authenticate your request. It doesn't know who you are, so it can't check permissions.
Common causes include:
- Missing or malformed Authorization headers
- Incorrect Base64 encoding for Basic Authentication
- Forgetting the
/tokensuffix when using API tokens - Expired or revoked tokens
- Using OAuth tokens in a Basic Auth header
Here is the correct format for API token authentication:
curl -v \
-u "agent@example.com/token:YOUR_API_TOKEN" \
"https://your_subdomain.zendesk.com/api/v2/tickets.json"
And in Node.js:
import fetch from "node-fetch";
import btoa from "btoa";
const subdomain = "your_subdomain";
const email = "agent@example.com";
const token = process.env.API_TOKEN;
const response = await fetch(
`https://${subdomain}.zendesk.com/api/v2/users/me.json`,
{
headers: {
'Authorization': 'Basic ' + btoa(`${email}/token:${token}`),
'Content-Type': 'application/json'
}
}
);
For OAuth, use the Bearer scheme:
curl \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
"https://your_subdomain.zendesk.com/api/v2/users/me.json"
403 Forbidden: Authenticated but not authorized
A 403 error means Zendesk knows who you are, but you don't have permission to do what you're trying to do.
Common causes include:
- OAuth tokens missing required scopes (a token with
tickets:readcannot create tickets) - Using end-user credentials to call agent-only endpoints
- Attempting to access resources belonging to another brand
- IP restrictions enabled on the account
- Suspended or downgraded agent accounts
If you receive a 403, check your OAuth scopes first. Scopes can't be modified after token creation, so you'll need to generate a new token with the correct permissions.
Quick diagnostic approach
When debugging access issues:
- Test with curl first to isolate the problem from your application code
- Verify you are using the correct subdomain (sandbox and production tokens are not interchangeable)
- Confirm your authentication method matches your token type
- Check the user role (many endpoints require agent or admin permissions)
- For OAuth, verify your token includes the required scopes
Rate limiting and throttling: Handling 429 errors
Zendesk enforces rate limits to ensure API stability. When you exceed these limits, you'll receive a 429 error. The response includes a Retry-After header indicating how many seconds to wait before retrying.
Zendesk also returns rate limit headers with every request:
X-Rate-Limit: 700
X-Rate-Limit-Remaining: 699
Rate limits vary by plan: Team plans get 200 requests per minute, Professional plans get 400, Enterprise plans get 700, and Enterprise Plus plans get 2,500. Bulk endpoints and search have lower limits.
Best practices for handling rate limits
Implement exponential backoff in your code:
import time
import requests
def make_request_with_retry(url, headers, max_retries=3):
for attempt in range(max_retries):
response = requests.get(url, headers=headers)
if response.status_code == 429:
retry_after = int(response.headers.get('Retry-After', 60))
time.sleep(retry_after)
continue
return response
raise Exception("Max retries exceeded")
For batch operations:
- Use bulk endpoints when available (they count as one request but handle multiple records)
- Implement request queuing to smooth out traffic
- Monitor your
X-Rate-Limit-Remainingheader and throttle proactively - Consider using cursor-based pagination instead of offset-based for large datasets
Data validation and conflict errors: 422 and 409
422 Unprocessable Entity
A 422 error means your request is syntactically valid JSON, but semantically incorrect. The server cannot process it due to business logic constraints.
Common scenarios:
- Trying to close a ticket that is already closed
- Missing required fields (like subject or comment body)
- Invalid field values (assigning to a non-existent agent)
- Violating business rules (setting a due date in the past)
The error response usually includes details about what specifically failed:
{
"error": "RecordInvalid",
"description": "Record validation errors",
"details": {
"base": [
{
"description": "Status: closed is not valid for ticket update"
}
]
}
}
409 Conflict
A 409 error indicates a conflict with the current state of the resource. This typically happens when two requests try to modify the same resource simultaneously.
To prevent 409 errors:
- Serialize requests that modify the same resource when possible
- Use the
Idempotency-Keyheader for POST requests to safely retry without creating duplicates - Implement optimistic locking by checking the
updated_attimestamp before updates
Here is how to use idempotency keys:
curl https://{subdomain}.zendesk.com/api/v2/tickets.json \
-d '{"ticket": {"subject": "Test", "comment": {"body": "Test"}}}' \
-H "Content-Type: application/json" \
-H "Idempotency-Key: unique-key-123" \
-v -u email/token:token -X POST
Keys expire after two hours. Reusing a key with different parameters returns an error.
Email delivery status codes
When working with the Email Notifications API, you will encounter delivery status codes that go beyond standard HTTP responses. These indicate what happened after Zendesk sent an email to its recipients.
The API returns delivery status information with id, name, code, and message properties for each recipient. Here are the most common codes you'll see:
| ID | Name | SMTP Code | Meaning |
|---|---|---|---|
| 0 | NONE | 0 | No delivery response received yet |
| 5 | DELIVERED | 200 | Email was delivered successfully |
| 16 | BAD_EMAIL_ADDRESS | 510 | Email address rejected (does not exist or misspelled) |
| 29 | MAILBOX_UNAVAILABLE | 550 | Mailbox unavailable or access denied |
| 31 | MAILBOX_FULL | 552 | Recipient's inbox is full |
| 39 | USER_DOES_NOT_EXIST | 550 5.1.1 | User does not exist (check for typos) |
| 40 | RECIPIENT_IS_INACTIVE | 550 5.2.1 | Email address is inactive |
| 52 | INCORRECT_AUTHENTICATION_LEVEL | 550 5.7.515 | Authentication requirements not met |
Microsoft Exchange connections have their own error codes:
| Code | Meaning |
|---|---|
| EC-001 | Exchange connection inactive or restricted |
| EC-002 | Insufficient storage on Exchange server |
| EC-003 | General Exchange error |
| EC-004 | Invalid recipient address |
| EC-005 | Microsoft API limits reached |
| EC-006 | Exchange authentication issue |
When troubleshooting email delivery issues, check the delivery_status object in the API response. The code field contains the SMTP status code, while message provides a human-readable explanation.
Troubleshooting best practices for Zendesk API errors
When you encounter an error, follow this systematic approach:
-
Check the status code first. It tells you broadly what category of problem you are dealing with.
-
Read the error message. Zendesk's error responses include descriptive messages. Don't just check the status code and guess.
-
Test with curl. Before debugging your application code, verify your credentials and request format work with a simple curl command. This isolates API issues from application bugs.
-
Check the X-Zendesk-Request-Id header. Every response includes this unique identifier. When contacting Zendesk support, include this ID so they can trace your specific request in their logs.
-
Verify your subdomain. API tokens are scoped to specific subdomains. A token for
company.zendesk.comwill not work oncompany-sandbox.zendesk.com. -
Review your authentication method. Mixing Basic Auth, OAuth, and JWT is a common source of confusion. Make sure your header format matches your token type.
-
Check for CORS issues. The Zendesk REST API does not support browser-origin authentication. Client-side JavaScript requests will fail. Use a backend service or a Zendesk App with the ZAF client instead.
Common mistakes to avoid:
- Omitting the
/tokensuffix in Basic Auth usernames - Sending OAuth tokens with Basic Auth headers instead of Bearer
- Using end-user credentials for agent-only endpoints
- Not handling 429 errors with proper retry logic
- Ignoring the
Retry-Afterheader on rate-limited responses
Handle Zendesk API errors automatically with eesel AI
Dealing with API errors is part of building on any platform, but what if you could reduce the complexity altogether? eesel AI works as an AI teammate for your Zendesk instance, handling ticket operations intelligently so you make fewer API calls in the first place.
Here is how it works: instead of building custom integrations that hammer the API and risk rate limits, you invite eesel AI to your team. It learns from your past tickets, help center articles, and macros, then handles frontline support autonomously. This means fewer API calls, fewer 429 errors, and less time spent debugging authentication issues.
When eesel AI does need to interact with Zendesk, it includes built-in error handling and retry logic. Rate limits, temporary failures, and conflict errors are managed automatically. You define escalation rules in plain English ("Always escalate billing disputes to a human"), and eesel AI follows them.
For teams building on Zendesk, this approach eliminates an entire category of API errors. You don't need to implement exponential backoff, manage OAuth scopes, or debug 401 responses. eesel AI handles the integration complexity while you focus on delivering better customer experiences.
If you are tired of troubleshooting API errors and want to see how an AI teammate can simplify your Zendesk operations, you can try eesel AI free or book a demo to see it in action.
Frequently Asked Questions
Share this post
Article by
Stevia Putri
Stevia Putri is a marketing generalist at eesel AI, where she helps turn powerful AI tools into stories that resonate. She’s driven by curiosity, clarity, and the human side of technology.
