Help using secure setting placeholder {{setting.name}} | The place for Zendesk users to come together and share
Skip to main content
Question

Help using secure setting placeholder {{setting.name}}

  • August 8, 2022
  • 9 replies
  • 0 views
Mathew11

I am currently creating an app for support and I am having trouble using the secure placeholder {{setting.name}}. 

I am following this article: https://developer.zendesk.com/documentation/apps/app-developer-guide/using-the-apps-framework/?_ga=2.194966061.1010806308.1659961382-218685136.1659626457#using-secure-settings

I have installed the app as a private app since I know it does not work with the developer environment.

My request settings are setup as such:

var settings = {
        url: "insert URL",
        headers: {
            Authorization: 'Basic ' + btoa("{{setting.token}}:PAT")
        },
        secure: true,
        type: 'GET',
        dataType: 'json',
    };
 
Manifest is setup as such:
{
  "name": "Project Name",
  "author": {
    "name": "name",
    "email": "email@email.com",
  },
  "defaultLocale": "en",
  "private": true,
  "location": {
    "support": {
      "ticket_sidebar": {
        "url": "assets/iframe.html",
        "flexible": true
      }
    }
  },
  "domainWhitelist": ["whitelistedRequestSite.com"],
  "parameters": [
    {
      "name": "token",
      "type": "text",
      "secure": true,
      "required": true
    }
  ],
  "version": "1.0",
  "frameworkVersion": "2.0"
}
Thank you to whoever helps in anyway!

9 replies

Eric27
  • Eric27
  • August 9, 2022
Hey Mathew,

Quick review of your code and it looks good. Can you tell us more about the troubles that you're having? Is the auth header undefined or something else when received at the requests url?
 
Thanks!
Mathew11
  • Mathew11
  • Author
  • August 9, 2022

I received 401 and 403 errors from the request when the app was installed and using the placeholder. When the basic authentication is hard coded the app functions as normal. When checking the Authorization header in the console, it looks as if it is sending "{{setting.name:PAT}}" as the credentials without swapping out the placeholder resulting in the errors. I am just not sure what to change to fix it.

Eric27
  • Eric27
  • August 9, 2022
It looks like the base64 encoding is happening prior to the proxy replacing the placeholder with the secure value. An easy option to fix this would be to just save the string already base64 encoded into the secure setting field. That way the encoding isn't happening prior to the request hitting the proxy. 
Mathew11
  • Mathew11
  • Author
  • August 9, 2022

Unfortunately that didn't seem to work. The auth header came out as "Authorization"Basic {{setting.token}}". String was already encoded as well and updated within the apps settings.

Eric27
  • Eric27
  • August 19, 2022
Hey Matthew,

Sorry that I missed your response. Are you still having issues? 
Mathew11
  • Mathew11
  • Author
  • August 19, 2022

Yeah. The possible solutions haven't worked. Are there any small details I could be missing?

Eric27
  • Eric27
  • August 19, 2022
Hey Matthew,

Tough to say, I just spun up a small example repo which you can use as a point of reference / to test out the workflow. 
 
Hope this helps!
    Mathew11
    • Mathew11
    • Author
    • August 19, 2022

    That's amazing. I'll take a look and update if I have any questions. Thank you!

    Mathew11
    • Mathew11
    • Author
    • August 22, 2022

    Seems I found the issue. The domainWhiteList property was what was giving issues. Seems I may not have the correct domain in the setting.

    Terms & ConditionsCookie settingsAccessibility statement