Can you break Marketplace guidelines (a little bit)?

What are the exact guidelines on making HTTP requests for Marketplace apps? Are we forbidden from using anything except Request API completely, or is there some leeway?
My case is an integration app between Freshdesk and a messenger app (Telegram). We want to have a support for pictures/files, adding them as attachments to tickets/notes. We can get an image URL from Telegram, but then we need to actually upload the file using multipart/form-data, which Request API doesn’t support. We can easily solve this by using Node’s request library and piping an image GET request to the ticket/reply POST request, however, that’s already a guideline break, since we’re making a request to a third-party without using Request API.

My question is, have you guys had similar cases before? Can we be allowed to use an external library if there’s no other way around? Or maybe you have some advise on handling file uploading while staying within guidelines?


Hey @VladislavNechepaev,

Request API will not fit for file uploads use-case due to some request body restrictions for security concerns. If there’s no requirement for secure iparams in the app, any external HTTP client libraries like axios, needle and fetch can be used.

Since the request library is deprecated, it’s better to avoid using it. We may check the library’s popularity, quality, and maintenance during the app review when submitted.

If there’s a need for a secure iparam for authentication and for other sensitive data, SMI can be used to make the HTTP call from the serverless component of the app.

Remember that SMI has a 100kb size restriction for the data sent. The image data might exceed this size. So, the operation has to be done in the serverless component. If the use-case only involves the serverless component, there’s no problem with it as well.

These are all the ways allowed in the app since Request API cannot be used in this use-case.

We will also take it as a feature request to support file uploads in Request API or within the platform.