Issue

After switching a Zendesk log source authentication from OAuth2 to email/API key authentication in Panther, the Zendesk logs stopped coming in even though the configuration appears to save successfully without errors.

Resolution

To resolve this issue, delete the existing Zendesk log source and recreate a new Zendesk log source using the email/API key authentication method. Please also ensure that:

• The API key was created by a Zendesk Support administrator account

• The administrator account that created the API token has not been removed from Zendesk and continues to have admin permissions

Cause

This issue occurs because changing the authentication method on an existing log source does not properly update the internal configuration. The authentication credentials are not applied correctly to the existing connection, requiring a complete recreation of the log source to establish a fresh connection with the new authentication method.