Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF).
Validate the provided Zendesk subdomain to be a valid subdomain in:
github.com/zendesk/zendesk_api_client_php/commit/b451b743d9d6d81a9abf7cb86e70ec9c5332123e
github.com/zendesk/zendesk_api_client_php/pull/466
github.com/zendesk/zendesk_api_client_php/security/advisories/GHSA-q348-f93x-9gx4