Recent searches

No recent searches

Does Channel framework support signedUrls

image avatar

SPARTAN

Posted Feb 12, 2024

Hi Team,

I have been developing a channel app.

According to the documentation, it's entirely different from the support apps.

We have a doubt about securing the manifest of the channel app, such as admin_ui, dashboard_ui, etc., within the channel app. Does this support signed URLs (https://developer.zendesk.com/documentation/apps/app-developer-guide/manifest/#signedurls) as in the support apps?

Alternatively, how can we secure the routes for the channel app?

Kindly assist with the same.

0

4

4 comments

Date
    image avatar

    Greg Katechis

    Zendesk Developer Advocacy

    Hi Anish! From what I can find internally, it looks like we do not support signed urls in the channel framework manifest, but I've reached out to the team that owns that area to confirm. When I hear back from them, I'll let you know what they have to say about that. Additionally, I'm also not sure how to recommend securing against downgrade attacks, since there are lots of moving parts in this scenario, but I asked the team that as well. Do you enforce HSTS on the server that you'll be using?

    0

    image avatar

    SPARTAN

    Hi Greg Katechis,

    Greetings,

    We have developed some of the Support apps using signedUrls, as this helps us authenticate the routes by providing the token. We will validate this token from our end to confirm that the endpoint is called from Zendesk. We hope to implement the same approach with the channel apps.

    Please assist us in moving this forward.

    Thank you.

    0

    image avatar

    SPARTAN

    Hi Greg Katechis,

    Greetings!

    Is there any update regarding this query?

    Kindly assist us in moving this forward, as it is one of the blockers for our development.

    We are eagerly awaiting your prompt response

    0

    image avatar

    Greg Katechis

    Zendesk Developer Advocacy

    Hi Anish! I got an update over the weekend and in the US, we had the day off yesterday, so apologies for the delay. I was told that we do not support signedUrls or accomplish the general security task in the channel framework. The team involved has heard the feedback, but I can't speak to whether or not this will be something they add to their roadmap. For the time being, I would treat this as a feature that we do not have.

    0

    Please sign in to leave a comment.

    Didn't find what you're looking for?

    New post