X-Freshchat-Signature header value in Freshdesk

I am sending requests to my customer’s server from an custom Freshdesk App. Customer want’s to ensure that requests are coming from my app. For that purpose, they asked me to send them a specific value in the X-Freshchat-Signature header. But when they receive my request, they see a different value in that header. I’m making an assumption that Freshdesk overwrites the value of this header while sending the request, and I have no possibility to assign some other value to this header.

So, I have several questions:

  1. Is that correct that I can’t assign my own value to the X-Freshchat-Signature header
  2. If so, how can my customer check if the request comes from my app
  3. Why is header called X-Freshchat-Signature while the request comes from Freshdesk
  4. How will be called a similar header in Freshchat? X-Freshchat-Signature as well?

Thank you.

@Svetlana_Tolstyakova

When this request is made, can you share debug logs masking the API keys from fdk.log file?

I would like to see if the CLI alters any changes happening to the request before it is getting sent.

 (data-pipe.js) received call for route "smi" with action "invoke" and body {"action":"invoke","methodName":"serverMethod1","methodParams":{"email":"================","ticketId":7948}}
(data-util.js) Read {"fd_web_101_101_freshdesk":{"fd_web_101_101_custom_iparams":{"domain":"================","apiKey":"================"}},"fd_web_101_101_schedule_17583_freshdesk":{"name":"17583","data":{"date":1638790816627},"schedule_at":"2021-10-18T07:29:48.482Z"},"fd_web_101_101_schedule_117583_freshdesk":{"name":"117583","data":{"date":1638790816627},"schedule_at":"2021-10-18T07:38:32.448Z"},"fd_web_101_101_schedule_7583_freshdesk":{"name":"7583","data":{"date":1634650096921,"scheduleAt":"2021-10-19T13:28:16.921Z","ticketId":7583},"schedule_at":"2021-10-19T13:28:16.921Z"},"on_hol_101_101_freshdesk":{"on_hol_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"================","apiKey":"================","tag":"Таймер"}},"on-hold-ticket-reopener-aviasales:7583_freshdesk":{"dateMs":1638008606943,"date":"2021-11-27T10:23:26.943Z","createdAt":1635330207063,"updatedAt":1635330207063},"on-hold-ticket-reopener-aviasales:39_freshdesk":{"dateMs":1635339180000,"date":"2021-10-27T12:53:00.000Z","createdAt":1635338807940,"updatedAt":1635338807940},"on-hold-ticket-reopener-aviasales:7836_freshdesk":{"dateMs":1640865120000,"date":"2021-12-30T11:52:00.000Z","createdAt":1640864766948,"updatedAt":1640864766948},"on-hold-ticket-reopener-aviasales:7833_freshdesk":{"dateMs":1640695800000,"date":"2021-12-28T12:50:00.000Z","createdAt":1640695796882,"updatedAt":1640695796882},"06_101_101_freshdesk":{"06_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"================","apiKey":"================","serverDomain":"================","serverLogin":"================","serverPassword":"================"}},"07_101_101_freshdesk":{"07_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"================","apiKey":"================","mainURL":"================","serverLogin":"================","serverPassword":"================"}},"moneym_101_101_freshdesk":{"moneym_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"================","apiKey":"================","mainURL":"================","serverLogin":"================","serverPassword":"ppsU3zK4QkbvCk9zYFT5HkpBwAsxd9"}}}
(data-util.js) Read {"fd_web_101_101_freshdesk":{"fd_web_101_101_custom_iparams":{"domain":"================","apiKey":"================"}},"fd_web_101_101_schedule_17583_freshdesk":{"name":"17583","data":{"date":1638790816627},"schedule_at":"2021-10-18T07:29:48.482Z"},"fd_web_101_101_schedule_117583_freshdesk":{"name":"117583","data":{"date":1638790816627},"schedule_at":"2021-10-18T07:38:32.448Z"},"fd_web_101_101_schedule_7583_freshdesk":{"name":"7583","data":{"date":1634650096921,"scheduleAt":"2021-10-19T13:28:16.921Z","ticketId":7583},"schedule_at":"2021-10-19T13:28:16.921Z"},"on_hol_101_101_freshdesk":{"on_hol_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"================","apiKey":"================","tag":"Таймер"}},"on-hold-ticket-reopener-aviasales:7583_freshdesk":{"dateMs":1638008606943,"date":"2021-11-27T10:23:26.943Z","createdAt":1635330207063,"updatedAt":1635330207063},"on-hold-ticket-reopener-aviasales:39_freshdesk":{"dateMs":1635339180000,"date":"2021-10-27T12:53:00.000Z","createdAt":1635338807940,"updatedAt":1635338807940},"on-hold-ticket-reopener-aviasales:7836_freshdesk":{"dateMs":1640865120000,"date":"2021-12-30T11:52:00.000Z","createdAt":1640864766948,"updatedAt":1640864766948},"on-hold-ticket-reopener-aviasales:7833_freshdesk":{"dateMs":1640695800000,"date":"2021-12-28T12:50:00.000Z","createdAt":1640695796882,"updatedAt":1640695796882},"06_101_101_freshdesk":{"06_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"================","apiKey":"================","serverDomain":"================","serverLogin":"================","serverPassword":"================"}},"07_101_101_freshdesk":{"07_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"newaccount1637834871608","apiKey":"================","mainURL":"================","serverLogin":"================","serverPassword":"================"}},"moneym_101_101_freshdesk":{"moneym_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"================","apiKey":"================","mainURL":"================","serverLogin":"================","serverPassword":"ppsU3zK4QkbvCk9zYFT5HkpBwAsxd9"}}}
(data-util.js) Read {"fd_web_101_101_freshdesk":{"fd_web_101_101_custom_iparams":{"domain":"================","apiKey":"================"}},"fd_web_101_101_schedule_17583_freshdesk":{"name":"17583","data":{"date":1638790816627},"schedule_at":"2021-10-18T07:29:48.482Z"},"fd_web_101_101_schedule_117583_freshdesk":{"name":"117583","data":{"date":1638790816627},"schedule_at":"2021-10-18T07:38:32.448Z"},"fd_web_101_101_schedule_7583_freshdesk":{"name":"7583","data":{"date":1634650096921,"scheduleAt":"2021-10-19T13:28:16.921Z","ticketId":7583},"schedule_at":"2021-10-19T13:28:16.921Z"},"on_hol_101_101_freshdesk":{"on_hol_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"================","apiKey":"================","tag":"Таймер"}},"on-hold-ticket-reopener-aviasales:7583_freshdesk":{"dateMs":1638008606943,"date":"2021-11-27T10:23:26.943Z","createdAt":1635330207063,"updatedAt":1635330207063},"on-hold-ticket-reopener-aviasales:39_freshdesk":{"dateMs":1635339180000,"date":"2021-10-27T12:53:00.000Z","createdAt":1635338807940,"updatedAt":1635338807940},"on-hold-ticket-reopener-aviasales:7836_freshdesk":{"dateMs":1640865120000,"date":"2021-12-30T11:52:00.000Z","createdAt":1640864766948,"updatedAt":1640864766948},"on-hold-ticket-reopener-aviasales:7833_freshdesk":{"dateMs":1640695800000,"date":"2021-12-28T12:50:00.000Z","createdAt":1640695796882,"updatedAt":1640695796882},"06_101_101_freshdesk":{"06_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"================","apiKey":"================","serverDomain":"================","serverLogin":"================","serverPassword":"================"}},"07_101_101_freshdesk":{"07_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"newaccount1637834871608","apiKey":"================","mainURL":"================","serverLogin":"================","serverPassword":"================"}},"moneym_101_101_freshdesk":{"moneym_101_101_custom_iparams":{"__meta":{"secure":["apiKey"]},"domain":"================","apiKey":"================","mainURL":"================","serverLogin":"================","serverPassword":"ppsU3zK4QkbvCk9zYFT5HkpBwAsxd9"}}}

Here are debug logs. I can’t see the the header I’m looking for…

Oh, I guess you are not using the Request Method to send the requests. The CLI logs only the API calls through the Request Method when making API calls.

We will need help from Product API experts to chime in on this.

Let me find if there’s some help I can get from @Freshdesk or @Freshchat team.

Meanwhile, do you mind expanding a little on what you mean by customer’s server here, @Svetlana_Tolstyakova ? Is this their Freshdesk account or some other server/service managed by the customer?

If your app is making requests to Freshdesk APIs, do you mind sharing which API endpoints you were attempting to make requests to? Also, did the customer have some solution article or reference article they were referring to when they suggested this solution to you?

I believe you are making this request via SMI. Is it possible for you to share the code snippet making this request with the headers set (masking any sensitive information in the code as needed)?

Hello @satwik ,

Is this their Freshdesk account or some other server/service managed by the customer?

It is a server managed by the customer, and I am making requests from their Freshdesk account.

did the customer have some solution article or reference article they were referring to when they suggested this solution to you?

No, they just asked me to set a specific header value. However, if you can sudgest a common method that is officially used to validate requests coming from the app, I’ll be happy to show them this potential way.

Is it possible for you to share the code snippet making this request with the headers set

This is what I’m calling from the serverless component of my app:

class Server {
    constructor(iparams) {
        const API = axios.create({
            baseURL: `https://${iparams.mainURL}`,
            responseType: 'json',
            withCredentials: true,
            headers: {
                'content-type': 'application/json',
                'Authorization': `Basic ${btoa(iparams.serverLogin + ":" + iparams.serverPassword)}`,
                'X-Freshchat-Signature': "the value I want to send"
            },
        });
          
        this.getRecord = (id, email) => {
            const body = {
                id,
                email
            };
            return API.post(`collect-data`, JSON.stringify(body));
        };
    }
}

So in my SMI function I’m calling

const server = new Server(iparams);
server.getRecord(id, requesterEmail);