Question

How can I make an API request from a custom app installed in my account to the API of another account and not receive the below error?

error is not a proxyable URI

Answer

The default behavior of client.request is to send the request through Zendesk's proxy layer, resulting in the 403 is not a proxyable URI response.

To make a client.request to the API of another Zendesk account from a custom app in your account, pass cors: truein the request options object. Doing this will allow the request to bypass Zendesk's proxy layer, which prevents making HTTP requests from one Zendesk to another.

// make a request from a custom app in one Zendesk to the API of another Zendesk
 
 function newRequest(){
  var options = {
        url: 'https://subdomain.zendesk.com/api/v2/....',
        headers: { "Authorization": "Bearer OAUTH_TOKEN"},
        type: 'POST',
        data: JSON.stringify({my:"json", values:"go here"}), 
        contentType: "application/json",
        cors: true 
      } 
      client.request(options).then(
        function(response) {
          console.log(response);
        });
  }

A note on client-side versus server-side requests

Each of our API endpoints implements CORS. Therefore, if the request from the app originates client-side, it will fail with CORS responses unless OAuth is used. If only reading data (GET) is required, scope the OAuth token to read-only access to specific resources and implement this client-side.

If the app's request to the other Zendesk API will be writing data (PUT, POST), this is not a secure option as the token is exposed in network traffic. In most other workflows, secure settings can be used to prevent exposing the token.

However, secure settings don't work for this workflow because they require the request to go through Zendesk's proxy layer. If writing data is required, consider server-side solutions, where the request to the other Zendesk's API is handled server-side and the response is sent back to the app.