Recent searches
No recent searches
Secure User Based Storage
Posted Mar 04, 2024
As the title suggested, I am looking for user-based storage for support apps in Zendesk.
I have already looked into adding it to the manifest or custom user fields. The Major problem I am facing is the exposure of sensitive data.
Manifest/User Fields can be accessed by any user for any user. So storing something secure like an auth token for the admin in the admin's user field becomes a security risk as it can be retrieved by an agent using the correct API.
Is there any storage for support apps that can be suitable for my use case?
1
2
2 comments
Tipene Hughes
We would strongly advise against storing sensitive data of any type within a client facing ZAF app. Can you expand more on your use case and workflow so that we can look at some potential alternatives?
Thanks,
Tipene
1
Sid2
Hey Tipene,
My use case would be to securely store a user's access and refresh token in Zendesk. This app will be an extension of our software that allows it to integrate with Zendesk and the access and refresh token will be needed in Zendesk to access our software.
I'm aware that there is an OAuth option in Zendesk Support Apps but that does put more effort on the user to generate the token. We are trying to create a token from Zendesk with just a single click. We also have our user-based handling, so different users of Zendesk can be other users in our software which ultimately requires us to store multiple access and refresh tokens based on the users. This eliminates app metadata settings as an option as it only has a single copy for all users. Currently, our only storage is to create a custom user field but that exposes a single user's token to other users of the same Zendesk instance.
Do we have any other options here to securely store this sensitive data? Or is there any way to hide the custom user fields just like we hide the fields in the ticket?
Thanks,
Sid
1