client.request() using secure parameter in manifest.json

image avatar

Blog Beginner

投稿日時:2022年3月25日

Hello Experts,

I am developing a Zendesk sidebar app to interact with my Paypal account. Following are the steps I am following

1) Created a Zendesk sidebar app

2) Call the Paypal API to fetch the access token using client_id and client_secret

3) Use Paypal rest APIs to do further business logic implementation

The requirement here is that I want my client_secret to be secure and not accessible to anyone. So what I did is created a "client_id:client_secret" string. Encoded it using btoa manually and stored the resulting string as a secure parameter in the manifest.json

Now when I try to access the secure parameter, I am getting an error. Following is my code snippet

const oAuthResponse = await client.request({
        url: "https://api-m.paypal.com/v1/oauth2/token",
        headers: { "Authorization": "Basic {{setting.client_secret}}" },
        secure: true,
        type: 'POST',
        contentType: 'application/json',
        data: JSON.stringify({ 'grant_type': 'client_credentials'})
      }
    ).then(function(data) {
        console.log(data);
        return data;
    });

It gives me the following error.

responseText"Proxy error: Invalid request"
status400

 Is there something I am doing incorrectly ?

0

4

4件のコメント

      image avatar

      Tipene Hughes

      Hey, Ravi!

      Can you confirm that you have a domain whitelist correctly configured in your manifest.json file? You can read more about domainWhitelist here:

      https://developer.zendesk.com/documentation/apps/app-developer-guide/manifest/#domainwhitelist

      Thanks!

      Tipene

      1

      image avatar

      Ravi

      Hi Tipene Hughes,

      I am also tring to access secure settings but facing same issue with bearer token. Attached screenshot of error and code.
      Any help would be appriciated.


      0

      image avatar

      Tipene Hughes

      Hi Blog Beginner,

      Glad to see you got it figured out, and thanks for updating us!

      Have a great day :) 

      Tipene

      0

      image avatar

      Blog Beginner

      This worked with the following code. 

      const oAuthResponse = await client.request({
              type: 'POST',
              url: "https://api-m.paypal.com/v1/oauth2/token",
              contentType: 'application/json',
              headers: { "Authorization": "Basic {{setting.client_secret}}", "Accept": "application/json"},
              data: 'grant_type=client_credentials',
              cors: false,
              secure: true,
              httpCompleteResponse: true
            }
          ).then(function(data) {
              console.log('...oAuthResponse', data);
              return data;
          });

      So the data field should have been text instead of JSON. 

      1

      サインインしてコメントを残します。

      お探しのものが見つかりませんか?

      新規投稿