Blacklisted App

Hello,

I had an app that was working fine for a customer and then all of the sudden it was blacklisted. All this app does is make an API call to update a ticket with information entered in the iparams page at installation/ update.

Couple of questions on this:

• Could I have someone investigate the reasoning on why this app was backlisted?
• Could someone please explain the process and communication that is expected around black-listing an app?
• What guidence are you able to provide on un-blacklisting this app?

Hi @Kiska_Sanchez,

You can please refer to section 2.4, Removal of Apps of the Terms of Service of Freshworks Developer platform.

Also, all the Freshworks accounts are monitored by automation and humans for any abuse or any other malpractices, and part of the features or APIs can be disabled to safeguard the customer’s data, service, and Freshworks services.

But, I would like to understand the case further to investigate if it’s really blacklisted as such, and, if so, why is that before confirming it.

Can you please confirm how did you find that this app is blacklisted? Is it removed or disabled without your actions or unable to make some API or other features?

Hello @Raviraj,

Thank you for your response! We raised this concern with a member of the Freshworks team, who did their own investigation and requested information regarding it’s function. Afterwards, all they recommended was to make a post here to see if justification can be made for it’s removal.

We concluded that the app was blacklisted through a series of tests that were ran in between the customer’s tenant who is experiencing issues with the app by triggering the app on status change to the triggering status (set in iparams) and in another tenant that was only used for intermittent process configuration testing. The app worked as expected in the later tenant but not in the customer’s tenant. We only confirmed this after performing a through root cause analysis on the issue that the customer was experiencing and exhausting all other break/ error points.

This was removed/ disabled without any communication to the customer or developer that uploaded said app.

I will include the source code of the app below due to the simplicity in nature of the code. Please find the source code below:

server.js

async function updateTicket(id, body){
  try {
    var res = await $request.invokeTemplate("update_ticket", {
      context: {"ticket_id": id},
      body: JSON.stringify(body)
    }). then (
      function(data){
        console.log(`Ticket ${id} updated successfully.`)
        let res = JSON.parse(data.response)
        return res[Object.keys(res)[0]];
      } 
    ) } catch (err){
      console.log(`Error updating ticket ${id}.`)
      console.log(err)
    }
    return res;
}

exports = {
  
  onTicketUpateHandler: async function(args) {
    if(args["data"]["ticket"]["status"] == args['iparams']['trigger_status']){
      var body = {
        status : args['iparams']['end_status']
      }
      
      await updateTicket(args["data"]["ticket"]["id"], body)
    }

  }

};

Iparams.json

{
    "domain": {
        "display_name": "FreshService Domain",
        "description": "Please enter your FreshService Domain without .freshservice.com",
        "type": "domain",
        "type_attributes": {
            "product": "freshservice"
          },
        "required": true
      },
      "api_key": {
        "display_name": "API Key",
        "description": "Please enter your API Key",
        "type": "api_key",
        "required": true,
        "type_attributes": {
          "product": "freshservice"
        },
        "secure": true
      },
      "end_status": {
        "display_name": "ID of status that ticket needs to change to:",
        "type": "number",
        "required": true
      },
      "trigger_status": {
        "display_name": "ID of what triggers app:",
        "type": "number",
        "required": true
      }
}

requests.json

{
    "update_ticket":{
    "schema": {
        "method": "PUT",
        "host": "<%= iparam.domain %>.freshservice.com",
        "path": "/api/v2/tickets/<%= context.ticket_id %>?bypass_mandatory=true",
        "headers": {
            "Authorization": "Basic <%= encode(iparam.api_key) %>",
            "Content-Type": "application/json"
         }
      }
}
}

Thanks for your information, @Kiska_Sanchez.

Could you please share the link or ticket ID for the previous conversation? If it’s an email, please loop me in as well. (I will share my email address on Chat here on the forum)

Of course! Thank you.

The ticket number is 3039 in the partner support portal. I will also have the consultant who raise the ticket loop you in!

Hi Raviraj

The request is in the partner portal which i can share with you

Hello @Raviraj,

Any movement on this request/ issue?

Hi @Kiska_Sanchez,

I have now requested @Navin_Pragasam to redirect the ticket to the Marketplace team to troubleshoot the issue.

I still can’t understand the app’s current status. May I know what do you mean by blacklisted? Is it not working, disabled, or deleted? Or anything else?

Hello @Raviraj,

It is not working/ triggering at all and it is currently installed in the customer’s tenant. There should be a log of a success or fail and nothing is logging nor is the API call is being done. I am not getting a 400+ code nor a 200. It is essentially a shell of an app at this point of time. We have in 2 other tenants where it is operating as expected/ anticipated.

The customer in question has another app developed by me that is using the same API key and it is working as it should. There are also multiple other WFAs that have been configured and are using API calls. The only app/ api call that is not working as anticipated is this app.

Due to the direction we received it seemed as though this app had been blocked or prevented from executing. The reason I use the term blacklisted is due to the fact that when substantiating a new tenant we have to put in a request to get a tenant whitelisted for scripting if we need to insert any HTML, CSS, or JS. The converse of this would be blacklisting, which is the reason the terminology has been used.