Zendesk Apps tutorial - Getting data from an external application

Have more questions? Submit a request

23 Comments

  • Krzy Hamer
    Comment actions Permalink

    Hi, is there any chance to get data from RESPONSE Headers while using ZAFClient.request?
    I'm getting only the body as one argument in a response.

    0
  • Jessie Schutz
    Comment actions Permalink

    Welcome to the Community Krzy! Let me see if I can find an answer for you on this. Stand by!

    0
  • Becca
    Comment actions Permalink

    Hey Krzy - 

    Sorry for the delay here! In test I wasn't able to find a way to get response headers when using client.request. 


    var fetchSelf = {
      url: '/api/v2/tickets/123.json',
      type: 'GET',
      dataType: 'json'
    };

    function doit() {
    client.request(fetchSelf).then(function(data) {
      console.dir(data);
      console.log(data.headers);
    })
    };

    I would always get an undefined response: 


    I reached out to our Product team and they confirmed client.request only returns the data object; it will not return response headers. Our Product team has however added this as a feature request for the Apps Framework roadmap. Sorry for the limitation here!

    For some background, here's how client.request operates on the backend:

    The options passed to request are sent to the framework via postMessage and then given to jQuery.ajax, so all options jQuery supports that can be converted to JSON will, in theory work. For example, headers can be passed since it's a plain object, whereas beforeSend will not since functions cannot be converted to JSON. 

    0
  • Krzy Hamer
    Comment actions Permalink

    [SOLVED]

    For people interested - You can make a request to Zendesk Core Api by ZAFClient.request method inside your custom app.


    [Original question:]

    HI, I don't know if it is a proper secction, but can my private app make request to zendesk core api? 

    I need my app to check which Zendesk user is currently using Zendesk.

    I can get this by api/v2/users/me/session.json - but i cannot make this call via my application (401 - unauthorized).
    Is there a way to check user id & parameters (api/v2/users/{id})?

    0
  • Jeroen van der Sandt
    Comment actions Permalink

    Hello,

    do the secure settings only work in headers? I'd like to use them as part of a request url.

    Thanks,

    Jeroen

    0
  • Bryan - Community Manager
    Comment actions Permalink

    Hi Jeroen. Yes, if you're writing a server-side app (where you host the assets and the app manifest location is a remote URL) you can also reference a secure setting in that manifest location URL.

    Since you're looking at secure settings, I'd also recommend looking through this article: Making API calls with Zendesk Apps framework (ZAF), ZAF proxy, and help with CORs.

    0
  • Tim Ogilvy
    Comment actions Permalink

    Hello,

    Trying to follow this tutorial but my JWT is 1075 characters long, and won't fit in the secret token field... any tips?

    0
  • Bryan - Community Manager
    Comment actions Permalink

    Hi Tim. I'm working on getting clarification on secure setting size limits. I'll post back here when I get something more definitive.

    0
  • Bryan - Community Manager
    Comment actions Permalink

    Hi Tim. The engineering team did indeed make recent scalability changes that limit secure setting sizes to 1KB. After raising this issue, there was agreement to change it to 2KB (2048). The change will be reflected here when completed (probably sometime Q1 2020):

    https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#limitations

    Until then, the size will be limited to 1KB (1024). Thanks for raising this.

    0
  • Bryce Tymrick
    Comment actions Permalink

    Hello,

    I've been working on an app - and I'm having trouble making client requests with oauth.

    My api is receiving '{{setting.token}}' as the Authorization token (ie: setting.token isn't being replaced).

    However, if I inspect client._metadata.settings, it does show up there. 

    Is there any trick needed to force the client.request to replace these settings that I might be missing?

    (The iframe is being hosted elsewhere, if that makes a difference...)

    0
  • Greg - Community Manager
    Comment actions Permalink

    Hi Bryce Tymrick! Just as a first guess, are you including the "secure: true" setting when you are making this request? You can take a look at our documentation on secure settings if that helps!

    0
  • Bryce Tymrick
    Comment actions Permalink

    Hey Greg! Thanks for the reply! 

    Here's what my request looks like:

    const result = await zafClient.request({
      url: myPostUrl,
      secure: true,
      headers: { Authorization: 'Bearer {{setting.token}}' },
      method: 'POST',
      cors: true,
      data: JSON.stringify(myPost)
    })

    And, I also have in my manifest.json:

    "parameters": [{
      "name": "token",
      "type": "oauth"
    }]
     
    Anything else that might be worth trying? Thanks!
    0
  • Greg - Community Manager
    Comment actions Permalink

    Hi Bryce! Since you're using OAuth, are you also including the rest of the requirements in your manifest?

    0
  • Bryce Tymrick
    Comment actions Permalink

    Hey Greg,

    Yes indeed! I have the oauth object with client_id, client_secret, authorize_uri, access_token_uri in my manifest.json file.

    And it appears as though it's correctly authenticated (there's a little green checkmark in the app settings, and my oauth authenticator seems to be logging that ZenDesk Apps has had a successful exchange...)

     

     

    0
  • Greg - Community Manager
    Comment actions Permalink

    Thanks for the follow-up! My manager was chatting with me this morning about this issue and one thing that he recommended was to set "cors: false" instead of "true". Let me know if that works and if not, we'll keep digging into this!

    0
  • Bryce Tymrick
    Comment actions Permalink

    Hey Greg,

    Thanks for the continued help!

    I tried with cors:false, but no dice unfortunately. That gives the "usual" CORS error (in Chrome devtools console - not sure if that message will be helpful :)):

    ```Access to XMLHttpRequest at 'https://<my zendesk domain>.proxy.futuresimple.com/proxy/apps/secure/<encoded request to my api>' from origin 'https://app.futuresimple.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.```

    When I make that attempt - as far as I can tell, I'm _pretty_ sure that there isn't actually a request made to my api... So it sort of seems like it's not making it through the proxy.

     

     

    0
  • Bryce Tymrick
    Comment actions Permalink

    Oh, I should also add - That CORs error seemed like it might be related to the "domainWhitelist" property... But that seems to be correct in manifest.json as well (as far as I can tell...)

    0
  • Greg - Community Manager
    Comment actions Permalink

    Hi Bryce! This seems like something may be off in the app somewhere, so I'll create a ticket and I'll have you share your app with me there so that I can look into this!

    0
  • Dinesh
    Comment actions Permalink

    Hi,

    the above method works only if the token is static. what happens if the token is dynamic and needs to be refreshed every time it is expired. 

    https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings - this article says Storing and refreshing access tokens is managed by the Zendesk token service. not sure how this works.

    Thanks,

    Dinesh

    0
  • Bryan - Community Manager
    Comment actions Permalink

    The issue that Dinesh raised above was addressed in a private ticket -- I just wanted to point out a few things that came out of it:

    1. There *is* functionality in the ZAF "oauth" feature to handle refresh tokens

    2. However, it requires that two attributes exist on the original access token. Both token_expiry and refresh_token must exist on the original access token for the refresh functionality to work. If your original access token does not have these attributes, an access token refresh will not be triggered (note that there is no report or dashboard that displays this action or inaction)

    3. The refresh functionality is triggered when a request is made for the token

    Know Dinesh that there is a documentation change coming that will point out the above. Thank you very much for the time that you spent on working through this and uncovering these points.

    0
  • Dinesh
    Comment actions Permalink

     Hello Bryan,

    Thanks for the update. Looking forward for the documentation. as i got an app to publish stuck as the token is not refreshing. 

    0
  • Bryan - Community Manager
    Comment actions Permalink

    Hi Dinesh, just to be clear...

    You mention "i got an app to publish stuck as the token is not refreshing" — the functionality to manage refresh tokens should be working if the original access token has "token_expiry" and "refresh_token" attributes.

    My understanding of your issue of refresh not working was because Salesforce does not provide these attributes in their access token. The change I mention above is purely a documentation clarification, not any functionality changes. Does that line up with your expectations and understanding? I just want to be clear on expected results.

    If you're running into a different issue, please post it here. Thanks!

    0
  • Dinesh
    Comment actions Permalink

    Hello Bryan,

    the issue remains i am not able to get a refreshed token from salesforce. which supposed to be managed by Zendesk automatically.  I did interact with support team to get help but the answer i got was zendesk not able to refresh the token. APP code was also reviewed by team but no luck.

    i would advice you to recheck the refresh token functionality documentation. as i tried all the possible scopes to get refresh token.

     

    thanks,

    Dinesh 

     

    0

Please sign in to leave a comment.

Powered by Zendesk