Recent searches
No recent searches
Can't get public_key.pem of my app
Posted Nov 09, 2023
curl https://{subdomain}.zendesk.com/api/v2/apps/{app_id}/public_key.pem -u {email}:{pass}
I have app_id
I can't understand which subdomain I must use and correspondingly which email and pass?
I have dev account, I tried dev subdomain and email and pass and I get 403 Forbiden
I'v tried subdomain of my client and my email and pass - still nothing
I'v tried email and pass from apps.zendesk.com - nothing
I just can't figure out which combination of subdomain and email should be used
Please help!
0
8
8 comments
Vj Gunawardana
Hi Sergii Kliuchnyk,
I tried this and got the same issue via cURL.
It did, however, work for me on POSTman.
I used the subdomain that i uploaded the app to.
I used the email from the account from which uploaded the app but appended the /token at the end.
I also used an API token generated for myself as the password.
GET {{my-staging-domain}}.zendesk.com/api/v2/apps/{app_id}//public_key.pem
Basic auth
Email: myemail@domain.com/token
Password: API_TOKEN_GENERATED_IN_ADMIN_SETTINGS
EDIT: Other Zendesk APIs work for me via cURL
1
Sergii Kliuchnyk
Vj Gunawardana
Thanks a lot! It's worked.
0
Vj Gunawardana
great to hear Sergii Kliuchnyk - Hopefully the cURL gets fixed up for others.
0
Sergii Kliuchnyk
Vj Gunawardana try to add header "user-agent: chrome", I think Postman adds it by default
0
Vj Gunawardana
Awesome, thanks for that Sergii Kliuchnyk
0
Cam Stuart
I have managed to get this working using the method described above, but what I can't figure out is how I can get the public key dynamically for a subdomain that has purchased my app. In their case, I won't have email/token that can get the public key in their account.
Usually, public keys are not auth protected because they are, well, public.
What is the recommended solution here for app marketplace developers?
0
Tipene Hughes
Just checking in here to see if you found a solution to your issue?
0
Cam Stuart
Hi Tipene,
I wouldn't describe it as a solution, more of a workaround. And not especially secure.
In my case I have a server side top bar app defined in the manifest, and I also have a background app as well.
So because the background app has access to Zaf, I determine the app id dynamically, construct a request to get the public key, and send it to my backend via a POST request with the public key and subdomain in the body. This effectively “onboards the organisation ” with an upsert operation in my database.
Then when my server side app is opened, and a JWT sent as part of the initial post request, I am able to verify it, create a session and away we go.
But unfortunately this has some security concerns, and if I build future server side apps that don't require the background app, then I would have to add one anyway.
I'm hoping you can make another suggestion!
0