Access denied when trying to save file in custom-app

Good evening.
I’m trying to send attachments to freshservice, but freshservice accepts uploads only from local files as stated in the API Documentation.
To do that I have to download the file and then send it.
I’m using fs-extra instead if the regular fs, else I have the same error discussed in this topic.


The app works without problems locally using fdk run, but things change after deployment: looks like the app won’t let me access to the path that I was ussing to store the file

I tryed using different paths, but it’s not working either. Is there a folder where I can have access or a way to give me permissions to access it? Or even another way to attach files to a freshservice ticket or reply?

Hi @Michele ,

I see a slight confusion here due to the documentation.

We recommend using a public URI for uploading the attachments. Please refer to the create a ticket with attachment section for the same.

The built application gets deployed as an Iframe within the Freshworks Platform context window based on placeholders specified and does not necessarily have access to the file system. Hence you might run into this issue. When using an attachment

  1. As part of the application code itself such as assets, logos, etc you can use a relative path.
  2. As part of the JSON body, then use a public link (like S3 CDN or some other)


Hello @Thakur_Ganeshsingh ,

The documentation for the “create a ticket with attachment” tells you to attach the file via a path on your machine.

curl -v -u -F ‘attachments=@/Users/user/Desktop/api_attach.png’ -F ‘subject=Support Needed…’ -F ‘description=Details about the issue…’ -F ‘’ -F ‘priority=1’ -F ‘status=2’ -F ‘workspace_id=3’ -X POST ‘

In the meantime I found another way to send files to freshservice, in my case I’m using axios library.

function getFileAndSend(){
    axios.get(``, { responseType: 'arraybuffer' })
    .then(response => {
        let form = new FormData();
        form.append("attachments[]",, {filename: 'file.jpg'});
        form.append("body", "aaaaaaaaaaaaaaaa");"{id}/reply", 
                    'Authorization': FRESHAUTH,
                    'Content-Type': form.getHeaders()['content-type']
        .then(res => console.log(res))
        .catch(e => console.error(;
    .catch(e => console.log(e));

I suggest that someone fixes the documentation so no one gets deceived by it anymore.

Have a good day.


Hi @Michele ,

Point noted, thanks for highlighting the same. Much appreciated. We lean on community members like you to highlight such issues to improve user experience. Your inputs are valued and necessary actions are underway.

We further recommend using Request Method as much as possible to that of Axios usage for secure implementation of the same.


I just finished testing my custom-app after deployment, I can confirm that this method works.

1 Like