API key in iparams works in dev but not production

My app uses iparams to store an api key. When I’m in developer mode, the app authenticates correctly and I can make API calls. But after I publish the app, the API calls return a 403 Forbidden error. I have verified that the API key is correct in dev and production. What could be the problem?

Here’s my iparams.json:
“api_key”: {
“display_name”: “API Key”,
“description”: “Please enter the API key to be used to authorize this application”,
“type”: “api_key”,
“secure”: true,
“data-bind”: “product.api_key”,
“required”: true,
“type_attributes”: {
“product”: “freshservice”


var headers = {“Content-type”: “application/json”,
“Authorization”: “Basic <%= encode(iparam.api_key) %>”};

var options = { headers: headers };

function loadJson(api_url) {

return response = new Promise(function(resolve) {
  var url = api_url;
  clientAPP.request.get(url, options)    

  .then (
    function(result) {                      
      if (result.status >= 200 && result.status < 300) {
      } else {

 .catch (function(error) {
    error_modal(error.message = "Could not retrieve data from " + url + ": " + error);


1 Like

Good day!
Can you please clarify the following things for a better understanding of your problem?

  1. Are you getting the 403 error on the app installation (iparams) or in the app rendering?
  2. if it is in-app rendering then what is the URL that you are passing to the request API (assuming both dev and prod environment URL is the same)?
  3. please share us the HRA logs to debug further


My apologies. I had forgotten to update the app from the previous version after I had uploaded it. It works now. Thanks!