Manuel Federl

Ahmed Zaid

Yes, we are also unsure on how to do the authentication across brands right. We got it working for now on our end, but the comments are still being shown as "User was not logged in when the comment was submitted". Even though we use authentication.

To get it working, we did the following way (which at least works for now). Maybe you have another breakthrough:

1. Visitor is on Help Center of Brand B
2. If the visitor goes to the the custom contact forms a check is performed if the user is logged in (via the window object HelpCenter.user; If the user is not logged in, his role will be anonymous)
3. If the visitor is logged in, display the custom contact forms, which the visitor can select and fill in
4. On submit, the following http requests happen:
5. GET Brand A.zendesk.com/api/v2/users/me (using the visitors email address from HelpCenter.user.email and API token)
6. POST Brand A.zendesk.com/api/v2/requests (using the auhtenticity_token)

When we tried the subdomain Brand B on step 5, we got a 403 error.

In addition, we got the 403 when we did step 5 and 6 with the Brand B subdomain as well (we thought this was the way you're supposed to do it).

 

 

Ahmed Zaid

I had this same issue and I had a very lenghty discussion regarding this with the Support team. I solved this issue by making all API requests to the main brand instead of the sub-brand (in my opinion API documentation says otherwise so this behavior is not as expected). Then it will work as it should. I have set up a trigger that fires on ticket creation to set the respective brand for the ticket so that it will be visible for the end user inside of Guide. You can use e.g. the title of the ticket to filter for the right brand if you are setting it programmatically.

Pan Vivian Your issue seems to be related to the organizations api end point. According to the documentation you need to be an admin to create organizations. If an end user tries this, then they shoudn't have the required permissions to do so.

 

Tipene Hughes Your approach looks nice. I didn't know about the x-csrf-token header. I think the authenticity_token property should be included in the JSON format of the user documentation.

I tried it but it sadly didn't work for me. I checked in the developer console > network what the request looks like. The basic authentication and x-csrf-token match with the data I'm plugging in but I still get a 403 error.

I'm sending the request through a ReactJS app and Axios in our Help Center.