Freshdesk App Iparam Issue

Hello everyone,
I’m new to this app development community and new to freshdesk app. I’m facing some weird problem. When I call another api with is inside my app using the app_id and so on inside the code it works currently. When I fetch them through iparams.json customs parameters it occurs the problem. For example if I use

<%= iparam.client_id %>

then the output in my app is shown as null. It seems like this:
Screenshot%20from%202020-02-28%2011-34-49
When I try to fetch them all using the

client.iparam.get().then(function(data){…});

that gives me error which is :

“Uncaught (in promise) TypeError: Cannot read property ‘get’ of undefined”

. However, it works with specific custom iparam names than it works. For example:

client.iparam.get(“client_id”).then(function(data){console.log(data.client_id);});

However, that’s really annoying. I hope you guys can help me on this matter thanks. :slight_smile:

Got something interesting the <%= iparam.app_id%> isn’t translating properly.
Screenshot%20from%202020-02-28%2013-00-24

In the code I wrote like this:

var podioHeaderAuth = 'Bearer ’ + accessToken;
console.log(podioHeaderAuth);

var options = {
        headers: {
            "Content-Type" : "application/json",
            "Authorization": podioHeaderAuth
        },
        body: JSON.stringify({"filters": {"<%= iparam.field_id_order_nr%>": tempOrderNr}})
};    
console.log(`https://api.podio.com/item/app/<%= iparam.app_id %>/filter/`);
console.log(options);

client.request.post(`https://api.podio.com/item/app/<%= iparam.app_id %>/filter/`,options).then(
    function(data){
        console.log('podio request');
1 Like

To my knowledge the replacing of the <%= iparam %> part is only done INSIDE the request.
So it won’t work in your console.log().
This way you will never be able to log secure iparams like passwords, which is a good thing.

1 Like

@Niek_Knijnenburg Thanks for your reply. Well I sent <%= iparam %> via the request but the request isn’t working. if it worked it would have shown me correct data or name instead of the null. And the Url would have turned into the correct Url. I used the console.log() only for the debugging purpose. That’s all. :slight_smile:

1 Like

Hi @Shamsuzzaman_Sadi ,
Welcome to the forum :wave:! I would like to know a bit more about the challenge that you face:

  • Are you making use of the standard iparams.json or custom iparams.html?
  • Can you confirm that there is no typo in the code? It should be client.iparams.get() not client.iparam.get()
  • if possible, please share the relevant code for us to help in a much better way

Regardless, I will try to address a few things that are specific to iparams usage.

  1. client.iparams.get() will get all the normal iparams. Secure iparams will not be fetched using client.iparams.get() or by client.iparams.get('<IPARAM_KEY>')

  2. In order to fetch secure iparams, we need to make use of iparam templating. At this stage, templating works only with Request method. It won’t be possible to use templating in places other than the Request method. Also what @Niek_Knijnenburg (Hey there, welcome to the forum as well ! :wave:) mentioned is also right . Secure iparams are substituted at the platform side. Attempting to log them will only show the template. It is one of the primary use-case & advantage of secure iparams

I can demonstrate that with a sample code which covers these scenarios

Here is my app.js

$(document).ready(function () {
	app.initialized()
		.then(function (_client) {
			var client = _client;
			client.events.on('app.activated',
				function () {
					//Getting all iparams
					client.iparams.get()
						.then(logData)
						.catch(logError);
					//Getting a normal iparam by its iparams.json property name
					client.iparams.get("name")
						.then(logData)
						.catch(logError);
					//Getting a *secure* iparam by its iparams.json property name
					client.iparams.get("key")
						.then(logData)
						.catch(logError);	
					//Making an API call using iparam
					client.request.get("https://engo9nxjcoml9.x.pipedream.net/<%= iparam.key %>",{},logData,logError);	

				});
		});
});

function logData(i){
	console.log(i);
}

function logError(e){
	console.error("Whoops something went wrong!");
	console.error(e);
}

Here is my iparams.json

{
  "email": {
    "display_name": "Email Address",
    "description": "Please enter your email",
    "type": "email",
    "required": true
  },
  "name": {
    "display_name": "Name",
    "description": "Please enter your name",
    "type": "text",
    "required": true
  },
  "key": {
    "display_name": "Key",
    "description": "Please enter your API Key",
    "type": "text",
    "required": true,
    "secure": true
  }
}

This is my filled iparams page

When i run the app, here is the console output from the browser:

While making a Request method call using secure iparam,if I inspect my network tab, I still won’t be able to find out the values of secure iparams. If I was able to intercept, it would make sensitive information vulnerable!

But on the server-side, it will be able to receive the actual value of the iparams (as it gets substituted accordingly from the platform side)

Also, in case, if you are making use of OAuth, we have a feature for that as well in the platform side https://developers.freshdesk.com/v2/docs/oauth/

References:

  1. https://developers.freshdesk.com/v2/docs/installation-parameters/
  2. https://developers.freshdesk.com/v2/docs/installation-parameters/#retrieve
  3. https://developers.freshdesk.com/v2/docs/oauth/
  4. https://medium.com/freshworks-developer-blog/securing-sensitive-installation-parameters-3879908ade17
10 Likes

@Hem This is an awesome response. Extremely detailed and helpful. Thank you!

3 Likes

Thanks @Hem for your such helpful reply. :slight_smile: Now my app is working correctly. :smiley: Thanks again.

1 Like

@Hem About the Oauth I already saw that it exist in the Freshdesk. However, It’s more towards server side flow which I don’t need. I need app authentication flow of the Oauth. So, I have used the basic request API of the Freshdesk API to get the authentication and then I’ve fetched the data from Podio API which uses the Oauth authentication in the Freshdesk app. I want to make my app user friendly rather than more complicated. And Podio doesn’t maintain it’s JS client anymore so I had to do that using normal requests (GET, POST, PUT and DELETE) and that’s how I’m working with. But thanks for asking about the fact. :sweat_smile:

1 Like