Does Channel framework support signedUrls | Community
Skip to main content

Does Channel framework support signedUrls

  • February 12, 2024
  • 4 replies
  • 0 views
SPARTAN

Hi Team,

I have been developing a channel app.

According to the documentation, it's entirely different from the support apps.

We have a doubt about securing the manifest of the channel app, such as admin_ui, dashboard_ui, etc., within the channel app. Does this support signed URLs (https://developer.zendesk.com/documentation/apps/app-developer-guide/manifest/#signedurls) as in the support apps?

Alternatively, how can we secure the routes for the channel app?

Kindly assist with the same.

    4 replies

    Greg29
    • Greg29
    • February 12, 2024
    Hi Anish! From what I can find internally, it looks like we do not support signed urls in the channel framework manifest, but I've reached out to the team that owns that area to confirm. When I hear back from them, I'll let you know what they have to say about that. Additionally, I'm also not sure how to recommend securing against downgrade attacks, since there are lots of moving parts in this scenario, but I asked the team that as well. Do you enforce HSTS on the server that you'll be using?
    SPARTAN
    • SPARTAN
    • Author
    • February 14, 2024

    Hi @greg29,

    Greetings,

    We have developed some of the Support apps using signedUrls, as this helps us authenticate the routes by providing the token. We will validate this token from our end to confirm that the endpoint is called from Zendesk. We hope to implement the same approach with the channel apps.

    Please assist us in moving this forward.

    Thank you.

    SPARTAN
    • SPARTAN
    • Author
    • February 20, 2024

    Hi @greg29,

    Greetings!

    Is there any update regarding this query?

    Kindly assist us in moving this forward, as it is one of the blockers for our development.

    We are eagerly awaiting your prompt response

    Greg29
    • Greg29
    • February 20, 2024
    Hi Anish! I got an update over the weekend and in the US, we had the day off yesterday, so apologies for the delay. I was told that we do not support signedUrls or accomplish the general security task in the channel framework. The team involved has heard the feedback, but I can't speak to whether or not this will be something they add to their roadmap. For the time being, I would treat this as a feature that we do not have.
    Terms & ConditionsCookie settingsAccessibility statement