tokenless-zendesk-mcp
This server integrates with the Zendesk REST API using browser-based session cookies (no API token required), supporting read and write operations with your agent's permissions.
Authentication
zendesk_login— Opens a Chromium browser for one-time sign-in (supports SSO and 2FA); saves session cookies for all other toolszendesk_session_status— Checks whether a saved session exists and is still valid
Ticket Retrieval
zendesk_get_ticket— Fetches full ticket details: subject, status, priority, tags, custom fields, comment thread, and attachmentszendesk_fetch_view_tickets— Fetches tickets from a specific view (with pagination)zendesk_search— Searches across tickets, users, organizations, and groups using any query stringzendesk_requester_tickets— Lists all tickets submitted by a specific userzendesk_organization_tickets— Lists all tickets belonging to an organizationzendesk_ticket_metrics— Gets SLA and timing metrics (reply time, resolution time, reopens, etc.)zendesk_ticket_audits— Fetches the full audit trail for a ticket
Ticket Modification
zendesk_add_comment— Adds a public reply or internal note to a ticketzendesk_update_ticket— Updates ticket fields: status, priority, type, assignee, group, tags, and custom fieldszendesk_apply_macro— Applies a macro to a ticket and persists its changes
Views & Macros
zendesk_list_views— Lists active ticket views with IDs, titles, and ticket countszendesk_list_macros— Lists active macros with IDs and titles
Users & Organizations
zendesk_search_users— Finds users by name, email, or other textzendesk_get_user— Fetches a single user's details by ID
Fields & Attachments
zendesk_ticket_fields— Lists ticket field definitions including valid dropdown/tagger option valueszendesk_download_attachment— Downloads a ticket attachment to the local filesystem using the authenticated session
General API Access
zendesk_request— Makes a read-only GET request to any Zendesk REST API v2 endpoint not covered by the dedicated tools
Provides tools for interacting with Zendesk, including reading tickets, views, users, macros, and performing writes like adding comments, updating tickets, and applying macros, using session-based authentication.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@tokenless-zendesk-mcplist my active views in Zendesk"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Tokenless Zendesk MCP Server
An MCP server for Zendesk. You sign in once in a real browser (Playwright) — any method works, including SSO and 2FA — and the resulting session cookies are then used to call the Zendesk REST API directly. No API token, OAuth client, or admin setup required: it acts with exactly your agent account's permissions.
This is the same way Zendesk's own agent web UI talks to its API — a valid session
cookie is all a GET request needs (no CSRF token is required for reads).
What it can do
Reads
Tool | Description |
| Open a visible browser to sign in (password / SSO / 2FA). Saves the session cookies + CSRF token. |
| Check whether a saved session exists and is still valid (calls the API as the current user). |
| List the agent's active views with numeric IDs, titles, and cached ticket counts. |
| Fetch tickets in a view, following pagination ( |
| Search via |
| Subject, status, parties, tags, custom fields (incl. product), full comment thread, and attachments. |
| Download an attachment (by its |
| List the tickets a user has requested (their history) — "have they reported this before?". |
| List tickets belonging to an organization. |
| Field definitions with valid dropdown/tagger option values — look up the |
| SLA / timing metrics for a ticket (reply time, resolution time, reopens, replies). |
| List active macros with ids and titles (for |
| Find users by free-text (name, email, …). |
| Fetch one user by id. |
| Full audit trail (every change/event) for a ticket. |
| Read-only passthrough to any |
Writes (require the CSRF token — see Writes below)
Tool | Description |
| Add a public reply or internal note to a ticket. |
| Set status, priority, type, assignee, group, tags, and custom fields (optionally with a comment). |
| Apply a macro and persist its changes (status/fields/comment) to a ticket. |
Attachments. zendesk_get_ticket returns an attachments array; each item has
an id, file_name, content_url, content_type, and size. Pass an attachment's
content_url to zendesk_download_attachment along with a destination (a file
path, or a directory to save under the original filename). Downloads use the
authenticated session, so private attachments work.
zendesk_request unlocks the rest of the Zendesk REST
API for reads — e.g.
tickets/123/audits, ticket_metrics, organizations, users/123,
satisfaction_ratings. It is GET-only by design (write operations would require a
CSRF token, which is out of scope).
Related MCP server: Zendesk API MCP Server
How auth works
You sign in once in a real browser window. Playwright saves the resulting
cookies to ~/.zendesk-mcp/storageState.json. Every other tool reads the cookies
scoped to your instance and replays them as a Cookie header against
https://{subdomain}.zendesk.com/api/v2/…. When the session expires the API
returns 401/403 and the tool returns a clear "run zendesk_login" message.
The session file holds live auth cookies — it's git-ignored. Treat it like a password.
Writes (CSRF)
GET requests authenticate with the session cookie alone. Write requests
(POST/PUT/DELETE) additionally require Zendesk's CSRF token — the same
one the agent UI uses. It's captured at login (from the agent page's
<meta name="csrf-token">) and saved to ~/.zendesk-mcp/csrf.txt. The token is
stable for the life of the session; if it ever goes stale, the server fetches a
fresh one automatically and retries the write once. The write tools
(zendesk_add_comment, zendesk_update_ticket, zendesk_apply_macro) modify
real tickets — confirm changes with the user before sending.
Add to Claude Code
No clone, no build — just point your MCP config at npx. Add to your .mcp.json
(or Claude Desktop config), replacing youracme with your Zendesk subdomain:
{
"mcpServers": {
"zendesk": {
"command": "npx",
"args": ["-y", "tokenless-zendesk-mcp"],
"env": {
"ZENDESK_SUBDOMAIN": "youracme"
}
}
}
}Or with the CLI: claude mcp add zendesk -e ZENDESK_SUBDOMAIN=youracme -- npx -y tokenless-zendesk-mcp
First login
You sign in once in a real browser window. Run the bundled login subcommand
(it downloads Chromium on first use, then opens the window):
ZENDESK_SUBDOMAIN=youracme npx -y tokenless-zendesk-mcp loginmacOS / Windows / Linux desktop: a Chromium window opens — sign in, done.
WSL2: you need WSLg (Windows 11) or an X server so the window can show. If the window can't open, run the login on the Windows host, or set
DISPLAY.
You can also trigger login from inside Claude with the zendesk_login tool, but
the standalone command is more reliable since not every MCP host surfaces the window.
From source (contributors)
npm install
npm run build
ZENDESK_SUBDOMAIN=youracme npm run login # one-time browser sign-inThen point your MCP config at the build instead of npx:
{
"mcpServers": {
"zendesk": {
"command": "node",
"args": ["/path/to/tokenless-zendesk-mcp/dist/index.js"],
"env": { "ZENDESK_SUBDOMAIN": "youracme" }
}
}
}See CONTRIBUTING.md for the release process and how publishing is configured.
Configuration (env vars)
Var | Default | Purpose |
| — (required) | The |
|
| Where the saved session lives. |
|
| Per-request timeout in ms. |
|
| How long the login window waits for you to finish signing in, in ms. |
Verify
After building and logging in:
ZENDESK_SUBDOMAIN=youracme node scripts/verify.mjsIt calls me, listViews, search, and getTicket against your live instance.
Notes & limitations
Auth is session-cookie based. Cookies expire (and SSO sessions time out), so you'll re-run
zendesk_loginperiodically.It respects whatever permissions your agent account has — nothing more.
The API is paginated; list tools cap results (
limit) and page 100 at a time. Rate-limited (429) responses are retried honoringRetry-After.Writes are supported via the session CSRF token (see Writes). They act with your agent permissions — review changes before sending.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/yutamago/tokenless-zendesk-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server