No Auth Custom Object Type
Hey team,
Wanted to see about the feasibility of having an anonymous read-only permission on some of our object types? We had the following use case that we are trying to support.
Use Case: User scans QR code that has URL which contains the Object ID in the params. On the HC site we fill values from the object to hidden fields on the ticket. User then submits information about the location (think bathroom, needs cleaning). The object look-up should be allowed anonymously as the user isn't required to be signed in to submit a ticket via QR scan.
Currently we have tested 90% of this, but it appears we'd have to store some generic end-user credentials to make the call. Ideally I'd like to have an option for anonymous read-only for this, or possibly for catalog items in the future. Objects are currently updated via integration to another service, so we want to preserve the URL as opposed to having to update the URL & QR with params when values/names change.
-
Hey Matt,
Sorry this one got missed until now! I think this is a great idea, I'm going to pass it along for review with the corresponding product manager. Is there anything else you want to include on this before I send it out?
Have a wonderful day!
Eric Nelson | Manager - Developer Advocacy
-
I think that's pretty much it, happy to clarify anything if there are questions.
Best,
Matt
-
I think, we can do a lot of good things if we have ability to allow anonymous users read (or probably do more CRUD stuff). I have to use firebase for some use-cases; if you can update permissions UI/API for custom objects to support anonymous use-cases, we can do a lot.
-
This is very good use-case where anonymous read would have helped. I implemented whole feed thing using custom objects but it works for signed_in users and require me hardcoding (a dummy end-user) credentials.
Why doesn't Custom Objects API respect agent/admin session on help-center pages? Why am I required to pass authorization header if I am already logged in help-center, and javascript is trying to read/write/update?
-
Hey Abdul,
I've passed this along as feedback to the team that owns custom objects. I know that they're doing a lot of work on it so this may already be in the works. I'll let you know if I hear back from them confirming that.
Thanks!
-
Hey Eric,
Currently we implemented the above use case, and are indeed blocked because there is no way to have anonymously read objects. The authenticated experience is great, but the experience would be next level with anonymous endpoints.
I've also shared feedback that this will need to be in place if there is any hope to have Look-Up fields be end-user editable for un-authenticated support contacts leveraging objects.
-
Hey team,
Wanted to see if this was something in the works? I know the Custom Object Look-up fields are on the horizon, so wasn't sure if this would be part of that work?
Best,
Matt
-
Hi Matt! I looked at the available info that I have around this and there is nothing being discussed regarding a no auth option at this point.
Vous devez vous connecter pour laisser un commentaire.
8 Commentaires