English (US)

client.request() using secure parameter in manifest.json

Blog Beginner

Hello Experts,

I am developing a Zendesk sidebar app to interact with my Paypal account. Following are the steps I am following

1) Created a Zendesk sidebar app

2) Call the Paypal API to fetch the access token using client_id and client_secret

3) Use Paypal rest APIs to do further business logic implementation

The requirement here is that I want my client_secret to be secure and not accessible to anyone. So what I did is created a "client_id:client_secret" string. Encoded it using btoa manually and stored the resulting string as a secure parameter in the manifest.json

Now when I try to access the secure parameter, I am getting an error. Following is my code snippet

const oAuthResponse = await client.request({
        url: "https://api-m.paypal.com/v1/oauth2/token",
        headers: { "Authorization": "Basic {{setting.client_secret}}" },
        secure: true,
        type: 'POST',
        contentType: 'application/json',
        data: JSON.stringify({ 'grant_type': 'client_credentials'})
      }
    ).then(function(data) {
        console.log(data);
        return data;
    });

It gives me the following error.

responseText"Proxy error: Invalid request"
status400

 Is there something I am doing incorrectly ?

4 Comments

  • Blog Beginner

    This worked with the following code. 

    const oAuthResponse = await client.request({
            type: 'POST',
            url: "https://api-m.paypal.com/v1/oauth2/token",
            contentType: 'application/json',
            headers: { "Authorization": "Basic {{setting.client_secret}}", "Accept": "application/json"},
            data: 'grant_type=client_credentials',
            cors: false,
            secure: true,
            httpCompleteResponse: true
          }
        ).then(function(data) {
            console.log('...oAuthResponse', data);
            return data;
        });

    So the data field should have been text instead of JSON. 

    1
  • Tipene Hughes
    • Edited
    Zendesk Developer Advocacy

    Hi Blog Beginner,

    Glad to see you got it figured out, and thanks for updating us!

    Have a great day :) 

    Tipene

    0
  • Ravi

    Hi Tipene Hughes,

    I am also tring to access secure settings but facing same issue with bearer token. Attached screenshot of error and code.
    Any help would be appriciated.


    0
  • Tipene Hughes
    Zendesk Developer Advocacy

    Hey, Ravi!

    Can you confirm that you have a domain whitelist correctly configured in your manifest.json file? You can read more about domainWhitelist here:

    https://developer.zendesk.com/documentation/apps/app-developer-guide/manifest/#domainwhitelist

    Thanks!

    Tipene

    1

Please sign in to leave a comment.

Didn't find what you were looking for?

New post
Powered by Zendesk