Accessing Zimbra via REST API (how do I get the zauthtoken?)

Question

I am using the REST API provided by Zimbra, to periodically (programatically) poll for messages on my Zimbra email server.

According to the documentation, I need to pass a zauthtoken via the query string, in order to successfully retrieve the data.

The only problem is that the document fails to mention how one can obtain or create the zauth_token, meaning that the I am unable to do anything.

I have extensively searched the Zimbra documentation, and also online, but I can't seem to locate anything that shows how to create or obtain the authentication token.

Does anyone know how I can obtain/create an authentication token, so I can programatically access emails in my inbox?

Answer 1

I'm going to assume that you're an end user rather than the admin of the mailserver. The token you're looking for is a cookie called ZM_AUTH_TOKEN which will generally be set whenever a user logs in. That said, you don't need to use token authentication to access your Inbox via the API; you can just as easily authenticate by supplying your username/password as part of your request (for example, using curl's --user option). If you really need the token in particular, here's an example of how you can generate it with curl:

curl --user 'your-username-here:your-password here' 'https://your-zimbra-server-here.com/home/your.account.name@your-zimbra-server-here.com/Inbox/?fmt=sync&auth=sc' -c 'where-you-want-to-save-your-cookie-file'

This is a pretty straightforward curl command, but there are a few Zimbra-specific bits I want to underline: The query at the end of the URL (?fmt=sync&auth=sc) is vital to retrieving the token you're looking for. The auth=sc part forces Zimbra to return an auth cookie. The fmt=sync could technically be any valid format, but you have to specify something; I chose sync since it doesn't actually look for any email data and thus should complete faster than commands that do return email data.

Once that curl command completes, you'll have the ZM_AUTH_TOKEN cookie saved to whatever file you specified after the -c option. You can then pass the value of this cookie as the value of zauthtoken in your REST query URLs and they'll authenticate properly without you supplying credentials in any other format:

curl 'https://your-zimbra-server-here.com/home/your.account.name@your-zimbra-server-here.com/Inbox/?auth=qp&zauthtoken=0_your-zauth-token-always-starts-with-zero-and-an-underscore-dont-append-an-additional-one-this-is-just-an-example'

Again this is somewhat pointless if you're already using curl since you could just use the --user option, but it could help if you need to access the URL in other ways that don't have similar capabilities. If you must use the token, be aware that you'll have to generate a new cookie/token every time the current one expires.