Can iparams.json host a third party Webhook ID

I have added a configuration in the iparams.json file to ask for a third party webhook ID on installation. I want to be able to utilize that ID to authenticate during a post request. However, when I add the parameter in to the end of my url string I get a failed request. Remove the parameter and add the actual ID to the url, the request is successful.

“fuze_api_key”: {

        "display_name": "Fuze Integration API key",

        "description": "Enter the Fuze Integration API key. It can be found when creating the Fuze Integration webhook.",

        "type": "text",

        "required": true,

        "secure": true


url for post request
url: '<%=iparam.fuze_api_key%>'

Thank you for your help


hey @Zach

If my understanding is right, you wanted to make a post request to this<%=iparam.fuze_api_key%> URL and get the webhook and store it as an iparams for later use inside the app?

If the above mentioned is the use case, you can use Iparmas callback functionality, Iparams callback lets you trigger a function on an event from iparams.json, inside the function you can make the API Call to the URL , get webhook and save the hook as iparams, below are the reference links for iparams callback


Hi @velmurugan

What I am actually trying to do is hide the last portion of the url but requesting that character string be entered at app installation just like freshservice domain and freshservice API Key. Then I can add it to the end of the url just as I would if I was having the domain added dynamically.

Hope that helps clarify things.

Hey @Zach.

As I understand it, you are trying to use a secure iparam to get an API key for a 3rd party service and then make a POST request to the service by trying to reference this iparam within the URL constructed for the request.

Do you mind sharing the code snippet that makes the request? Also can you share the precise error you are noting when this request fails?

Does your app need to make this request in server.js ?

@satwik Thank you for your response, and yes your assessment is correct. Here is a snippet of the code for the onTicketCreate event

onTicketCreateHandler: function(args) {

        console.log('Ticket Created');


        if ( == 'ZZ - Freshservice Administration') {


                method: 'post',

                url: '<%= iparam.fuze_api_key %>', // hope to use iparams for this key

                headers: {

                    'Content-Type': 'text/plain'


                transformRequest: [

                    (data) => {

                        let ticketSubject = JSON.stringify(;

                        let ticketID = JSON.stringify(;

                        data =

                            `Ticket ${ticketSubject} has been identified as an Arclight Ticket. Please follow the link below to view the ticket.` +

                            '\n' +

                            '' + //change for sandbox


                        return data;






@Saif, Yes this would need to be in my server.js file

Thank you both for your help looking into this.

The server.js code doesn’t execute on a browser. The ideal way to access the installation parameters is within the payload that your onTicketCreateHandler receives.

Try to look out for an "iparams" attribute which will contain Installation Parameters.
cc: @Zach

Hello @Saif,

So when a user enters “freshservice subdomain” and “API_Key” that information is retrievable by the Request API in the server.js file due to the way the SDK was built? But it doesn’t allow us to add additional parameters and access them in the same fashion?

I apologize but I just am not clear on the functionality. Appreciate your help and guidance in this matter.


I highly appreciate you seeking clarity towards how things work together.

Let me decouple this for you.

  1. The fields in the installation page can be built using iparams.json or iparams.html; Both of them offer their own benefits.
  2. There are some special features(like validating api key in iparams.json) within these as these are part of the product in which app is running on. Ideally, we wouldn’t want developer to look elsewhere (REST API or the User input) for atleast to have access to the information within the product.
  3. Having platform features helps us give developer the ability to access information stored via the iparams page or installation page.
    3.a. Using Request API in frontend helps the developer to hide sensitive information such as API keys from being exposed via Developer tools in browsers. This is when using <%= iparam.field_name %> will substitute appropriate field value when making a request. Retrieval can happen this way if non-sensitive information.
    3.b. Serverless Event Handlers will receive iparams information in payload which “iparams” property in it. If you need to access secure iparams, you will need to use Request API.

Now, according 3.b. I assume fuze_api_key is marked as secure. Try using this request using,

$request.get("<%= iparam.fuze_api_key %>", options)
    function(data) {
      //handle "data"
      //"data" is a json string with status, headers, and response.
    function(error) {
      //handle failure

Hopefully, that should help.

Please don’t hesitate to share the constructive feedback. In this case, it help us understand that may be we should provide more sources or sample codes around secure iparams being used in backend to make 3rd party api calls. :smiley:

Hi @Saif,

I think I understand the functionality in most cases. In this case however, why would I need to fetch the iparam information from the payload?

I have the complete webhook url, what I don’t want is for someone to have access to that url and start spamming our third party chat application with messages. So my thought was to remove the unique webhook id that is at the end of the webhook url, and pass those characters into the field called fuze_api_key on app installation. It seems feasible since when I install the application I can enter the subdomain and freshservice api_key and reference those later in get and post requests. Is that not possible with another parameter?

Or is the issue because I am using axios to make the request? And what I should be doing is using the Request API to make my post request to that third party url. Therefore, using the developer built product allowing me to utilize the functionality of adding iparams in the third party url.

I hope I am not just making you repeat yourself lol.

Haha, Not at all. :laughing:

It is not necessary to do it this way. But maybe knowing this can be helpful to better design your app? How ever in you case seems like using $request can solve the problem.

How about trying this?

Hi @Saif

Appreciate your help, in the code snippet you provided that is a GET request and I need to make a POST request to that url. It is the endpoint that allows a message to be sent to our chat application. Would it work as a POST request as well?

@Saif I was able to get it to work by making my requests using the Request API instead of axios. Appreciate all your help.

Thank you

1 Like

You are welcome @Zach. Thanks for being active contributor in the community.

1 Like