A Claude bridge to Zendesk
zendesk-mcp puts Support tickets and the Help Centre in front of Claude as 48 read tools over 253 operations. Reads can't touch your data. Writes are tiered: notes, status and tags are always on; customer-facing replies stay behind a switch and a confirmation.
The problem
Before an agent can help anyone, they're deep in Zendesk - the thread, the audits, the customer, the org, the macros - just to reconstruct what happened. zendesk-mcp puts all of it one question away, and lets Claude take the safe actions from the same conversation.
How it works
Everything up to a customer-facing message is friction-free. The one thing that reaches a customer is the one thing that always asks first.
One browser sign-in with PKCE - no client secret, no tokens to manage. Claude refreshes it for you when it expires.
→48 tools over 253 operations across Support and the Help Centre. Every one is GET-only; none can change your data.
→Internal notes, status changes, tags and assignment are always available - reversible, agent-only, safe.
→Customer-facing replies are gated behind a switch and confirmed on every send. Nothing reaches a customer without your word.
Three tiers of write
The worry with letting an assistant near your helpdesk is that it says the wrong thing to a customer. zendesk-mcp makes that structurally hard - the write surface is split into three tiers, and the customer-facing one is the most guarded.
Flip /zendesk-writes on and every send still prompts - even in auto-accept mode. Flip it off and the tool disappears from Claude's reach entirely.
read · 253 opsGET-only. Can never modify data.internal notePrivate, agent-only. Always on.status · assignOpen, pending, solved… reversible. Always on.tagsAppended, never overwritten. Always on.public replyGated by /zendesk-writes, confirmed every send.bulk replyMany tickets, one approval, macro-personalised.Why it's worth it
Every read tool is a hardcoded GET - no non-GET request can even be expressed through it. Point it at production without a second thought.
Internal notes, status, tags and assignment are reversible and agent-only. The everyday moves, no switch required.
Public replies are off by default, behind /zendesk-writes, and confirmed on every send - even in auto-accept mode.
Send one macro to 10+ tickets on a single approval; Zendesk fills each customer's name server-side, so no name is ever guessed.
Browser OAuth with PKCE, no client secret. The token is stored 0600 and refreshed automatically - no env vars, no key management.
40 Support tools and 8 Help Centre tools: tickets, users, orgs, macros, SLAs, triggers, articles, sections and search.
Reads that can't write, replies that can't slip out unapproved. Built to sit safely on a live helpdesk.
The read bundle contains only GET operations, and the HTTP client hardcodes the method - no read action can express a write. It's read-only by construction, not by convention.
The public-reply tools carry a required-interaction flag and prompt on every call - no "don't ask again", even in bypass mode. A human sees every customer-facing message.
If your Zendesk role can't post publicly, the tool detects the reply landed as a private note and tells you - no silent misfires disguised as sends.
What it can reach
Grouped the way you'd actually work a ticket - from the thread in front of you out to the SLA and the knowledge base behind it.
* gated behind /zendesk-writes and confirmed on every send.
Where it is today
Straight with you on status - the reads, the login and the tiered writes are all real and running. What grows is the write surface, added only as each path proves safe.
Support tickets and the Help Centre, exposed across the full Zendesk OpenAPI surface - all GET-only.
Public OAuth client with PKCE, no secret. Token stored 0600 and self-refreshing - nothing to configure or rotate by hand.
Internal notes, status, tags and assignment always on; public and bulk replies gated behind /zendesk-writes and confirmed on every send.
One macro to 10+ tickets on a single approval, each customer's name filled server-side by Zendesk - never guessed, per-ticket at save time.
New write actions are added one at a time, each behind the same confirm-and-gate model - the safe surface grows without loosening the guarantees.
One of a family of internal Claude plugins. Scout, the human-in-the-loop support agent, runs on this plugin and on seatfrog-mcp.