Blacklisted App

Kiska_Sanchez · May 13, 2024, 8:54pm

Hello,

I had an app that was working fine for a customer and then all of the sudden it was blacklisted. All this app does is make an API call to update a ticket with information entered in the iparams page at installation/ update.

Couple of questions on this:

Could I have someone investigate the reasoning on why this app was backlisted?
Could someone please explain the process and communication that is expected around black-listing an app?
What guidence are you able to provide on un-blacklisting this app?

Raviraj · May 15, 2024, 6:54am

Hi @Kiska_Sanchez,

You can please refer to section 2.4, Removal of Apps of the Terms of Service of Freshworks Developer platform.

Also, all the Freshworks accounts are monitored by automation and humans for any abuse or any other malpractices, and part of the features or APIs can be disabled to safeguard the customer’s data, service, and Freshworks services.

But, I would like to understand the case further to investigate if it’s really blacklisted as such, and, if so, why is that before confirming it.

Can you please confirm how did you find that this app is blacklisted? Is it removed or disabled without your actions or unable to make some API or other features?

Kiska_Sanchez · May 15, 2024, 2:40pm

Hello @Raviraj,

Thank you for your response! We raised this concern with a member of the Freshworks team, who did their own investigation and requested information regarding it’s function. Afterwards, all they recommended was to make a post here to see if justification can be made for it’s removal.

We concluded that the app was blacklisted through a series of tests that were ran in between the customer’s tenant who is experiencing issues with the app by triggering the app on status change to the triggering status (set in iparams) and in another tenant that was only used for intermittent process configuration testing. The app worked as expected in the later tenant but not in the customer’s tenant. We only confirmed this after performing a through root cause analysis on the issue that the customer was experiencing and exhausting all other break/ error points.

This was removed/ disabled without any communication to the customer or developer that uploaded said app.

I will include the source code of the app below due to the simplicity in nature of the code. Please find the source code below:

server.js

async function updateTicket(id, body){
  try {
    var res = await $request.invokeTemplate("update_ticket", {
      context: {"ticket_id": id},
      body: JSON.stringify(body)
    }). then (
      function(data){
        console.log(`Ticket ${id} updated successfully.`)
        let res = JSON.parse(data.response)
        return res[Object.keys(res)[0]];
      } 
    ) } catch (err){
      console.log(`Error updating ticket ${id}.`)
      console.log(err)
    }
    return res;
}

exports = {
  
  onTicketUpateHandler: async function(args) {
    if(args["data"]["ticket"]["status"] == args['iparams']['trigger_status']){
      var body = {
        status : args['iparams']['end_status']
      }
      
      await updateTicket(args["data"]["ticket"]["id"], body)
    }

  }

};

Iparams.json

{
    "domain": {
        "display_name": "FreshService Domain",
        "description": "Please enter your FreshService Domain without .freshservice.com",
        "type": "domain",
        "type_attributes": {
            "product": "freshservice"
          },
        "required": true
      },
      "api_key": {
        "display_name": "API Key",
        "description": "Please enter your API Key",
        "type": "api_key",
        "required": true,
        "type_attributes": {
          "product": "freshservice"
        },
        "secure": true
      },
      "end_status": {
        "display_name": "ID of status that ticket needs to change to:",
        "type": "number",
        "required": true
      },
      "trigger_status": {
        "display_name": "ID of what triggers app:",
        "type": "number",
        "required": true
      }
}

requests.json

{
    "update_ticket":{
    "schema": {
        "method": "PUT",
        "host": "<%= iparam.domain %>.freshservice.com",
        "path": "/api/v2/tickets/<%= context.ticket_id %>?bypass_mandatory=true",
        "headers": {
            "Authorization": "Basic <%= encode(iparam.api_key) %>",
            "Content-Type": "application/json"
         }
      }
}
}

Raviraj · May 15, 2024, 4:21pm

Thanks for your information, @Kiska_Sanchez.

Could you please share the link or ticket ID for the previous conversation? If it’s an email, please loop me in as well. (I will share my email address on Chat here on the forum)

Kiska_Sanchez · May 15, 2024, 5:37pm

Of course! Thank you.

The ticket number is 3039 in the partner support portal. I will also have the consultant who raise the ticket loop you in!

Navin_Pragasam · May 15, 2024, 5:39pm

Hi Raviraj

The request is in the partner portal which i can share with you

Kiska_Sanchez · May 20, 2024, 7:46pm

Hello @Raviraj,

Any movement on this request/ issue?

Raviraj · May 21, 2024, 5:50am

Hi @Kiska_Sanchez,

I have now requested @Navin_Pragasam to redirect the ticket to the Marketplace team to troubleshoot the issue.

I still can’t understand the app’s current status. May I know what do you mean by blacklisted? Is it not working, disabled, or deleted? Or anything else?

Kiska_Sanchez · May 21, 2024, 2:07pm

Hello @Raviraj,

It is not working/ triggering at all and it is currently installed in the customer’s tenant. There should be a log of a success or fail and nothing is logging nor is the API call is being done. I am not getting a 400+ code nor a 200. It is essentially a shell of an app at this point of time. We have in 2 other tenants where it is operating as expected/ anticipated.

The customer in question has another app developed by me that is using the same API key and it is working as it should. There are also multiple other WFAs that have been configured and are using API calls. The only app/ api call that is not working as anticipated is this app.

Due to the direction we received it seemed as though this app had been blocked or prevented from executing. The reason I use the term blacklisted is due to the fact that when substantiating a new tenant we have to put in a request to get a tenant whitelisted for scripting if we need to insert any HTML, CSS, or JS. The converse of this would be blacklisting, which is the reason the terminology has been used.

system · November 17, 2024, 1:40pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.