Question

How can I make an API request from a custom app installed in my account to the API of another account and not receive the message, error is not a proxyable URI.

Answer

The default behavior of client.request is to send the request through Zendesk's proxy layer, a gateway that blocks HTTP requests from one account to another, which results in the 403 is not a proxyable URI response.

To make a client.request to the API of another Zendesk instance from a custom app in your account, pass cors: true in the request options object. This allows the request to bypass Zendesk's proxy layer.

// make a request from a custom app in one Zendesk to the API of another Zendesk
 
 function newRequest(){
  var options = {
        url: 'https://subdomain.zendesk.com/api/v2/....',
        headers: { "Authorization": "Bearer OAUTH_TOKEN"},
        type: 'POST',
        data: JSON.stringify({my:"json", values:"go here"}), 
        contentType: "application/json",
        cors: true 
      } 
      client.request(options).then(
        function(response) {
          console.log(response);
        });
  }

A note on client-side versus server-side requests

Each Zendesk API endpoint implements Cross-Origin Resource Sharing (CORS). If the request from the app originates from the client's side, the CORS responses fail unless it uses OAuth. If you require only the GET method, scope the OAuth token for read-only access to specific resources and implement this on the client-side.

If the app's request to the other Zendesk API is to write data with the PUT or POST method, either option isn't secure as it exposes the token in network traffic. In most workflows, you can use secure settings to prevent security issues with the token.

Secure settings don't work for this workflow because they require the request to go through Zendesk's proxy layer. If you need the app to write data, consider server-side solutions where the request to the other Zendesk's API is sent back to the app, handled on the server's side.