Learn about best practices to secure your Zabbix API using token-based authentication and create seamless and protected integrations with any software.
Previously, the only way to access Zabbix API was to pass Zabbix login credentials through user.login method. So, the common practice was to create a special API-only user with disabled access to frontend and use this user’s login and password for API authorization of a 3rd party service. Since regular users cannot do this themselves, they had to ask a Super admin first to create a user for API, then to delete this user when access is no longer needed.
Zabbix API tokens, introduced in 5.4 release, make authentication simpler and, at the same time, much more secure: