Recent searches

No recent searches

Hide Secret Token by 3rd Party API Call on Zendesk

Answered
image avatar

Rajan

Posted Oct 30, 2023

Hello Team,

I want to trigger an API using the POST method which includes a secret token as a password under authorization on the script.js file in the template. Now it is not best practice to show the token on the script.js file it should be hidden in something like a .env file. Please guide me on where I can hide this token on Zendesk and access it on the script.js file.

1

1

1 comment

Date
    image avatar

    Darenne

    Zendesk Customer Care

    Hi there, In terms of Zendesk, there currently isn't native support for environment variable-like entities similar to a .env file. This means there's no standard way to hide sensitive information, like an API token, in a secure file within Zendesk itself.
     
    As you mentioned, storing sensitive information directly in code or configuration files is not a best practice. In this case, the recommended approach will depend on the specifics of your use case and the capabilities provided by your system architecture.
     
    That being said, it's usually best to handle API calls involving sensitive data server-side rather than client-side, where the code is available publicly. For Zendesk, you could use Zendesk Apps Framework (ZAF) and OAuth to securely pass tokens between Zendesk and your integrations, but this may not work for some APIs.

    I also see that you've reached out to our Advocacy team and informed you to submit this community forum. Rest assured that your post will be routed to our Dev team and see if they can consider this in the future. Thank you and have a lovely day! 

    0

    Please sign in to leave a comment.

    Didn't find what you're looking for?

    New post