Deprecation of basic authentication (username/password-based) for Freshservice API v2

Deprecation of password-based authentication for API v2

The demand for following safe code practices and standardised API usage is increasing. We understand it and are putting constant effort towards achieving the same. In this regard, we are deprecating the username and password-based authentication for Freshservice APIs with API-key-based authentication. The change will result in enhanced platform security, improved API governance, and data security. The planned deprecation is due on May 31st, 2023.

How and to whom will it impact?

After the commencement of deprecation on May 31st, 2023, if your app makes API requests using password-based authentication, such requests will fail. The following are the features of Freshservice APIs which will get impacted:

  • Workflow Automator ( Web request nodes and “Trigger Webhook” action nodes)
  • Custom apps
  • Portal customisation
  • Any custom services or middleware developed using Freshservice APIs

So, If you have used APIs with password-based authentication in any of the following locations, the API calls shall fail:

  • To configure your workflows (Web Requests and Trigger webhook actions)
  • To customize your portal
  • To interact with your Freshservice account from any of your custom applications

How can I avoid the API failure?

It is simple! Just change the authentication method for API invocation. Instead of using username/password-based authentication, use API-key-based authentication to make API calls.

For more information, refer to our detailed solution article.



I can’t find how change my WR node

This is just a test


Am trying to do a Api request with api key as auth instead of Basic Auth with username and pwd.

Getting this as response?
“code”: “access_denied”,
“message”: “You are not authorized to perform this action.”

Is the auth change even in production now or will it be in production closer to the cut of date? (31st May 2023)

@Thakur_Ganeshsingh can you help identify the correct auth strategy and how to use Postman to send a request using the new auth mechanism?

I have tried setting it up in Postman and get the same error, I have checked that the encoded API key is correct using

Hi guys,

This is my settings, which works fine!

1 Like

welcome to the community

I have checked and I have the same settings as Alexander, still get getting the error.

This topic was automatically closed after 60 days. New replies are no longer allowed.