Authenticate Zendesk Application requests to outside API
I'm building an application that will need to make requests to an external API (think AWS lambda). I was wondering if there's any way I can authenticate my requests without forcing the users to set-up any properties during the installation, be it a password or a secret_key for the JWT requests, and just provide a simple click to install app.
Any other thougths or ideas on how to secure my API requests in a seamless way for the user? Is there a way for me to generate a random password and forever associate it to the Zendesk Account and be able to reuse it across installations?
Your best bet to keep this secure would be to create a middleware that actually handles the external API communication for your app. The request could be sent from your app, validated by the middleware that it actually came from Zendesk (utilizing the headers that we provide and validating the host). Then have the middleware which has the appropriate authentication with your api stored pass the request on and then send the response back to Zendesk.
Iniciar sesión para dejar un comentario.