[SOLVED] how to use a javascript function with secure setting in Zendesk app

how to use a javascript function with secure setting in Zendesk app

want to use a javascript function on a secure setting

"parameters": [
    {
      "name": "api_token",
      "type": "text",
      "required": true,
      "secure": true
    }
  ]

using above setting

var settings = {
  URL: "Some url",
  headers: {"Authorization": `Basic ${btoa{{apiKey}}}`},
  secure: true,
  type: 'GET',
  dataType: 'json'
};

Solution

As explained here, in order to perform requests with secure settings, you need to:

add a secure: true property to the parameter
replace the sensitive information in the code with a placeholder
define a domainWhitelist property in the manifest file, as only requests to the white-listed domains will work for secure requests

I see two issues with your code:

If your setting name is api_token, then the placeholder you need to use is {{setting.api_token}}
As the placeholder is replaced on the proxy layer, ${btoa("{{apiKey}}")} would not work the way you expect, i.e. you would be literally encoding the string {{apiKey}}, which would then no longer act as a placeholder. If you need a base-64 encoded string, you should save the base-64 encoded string as your api_token parameter