Difference in serverless application behaviour between using CLI development tool and when installed on Freshservice

App Platform
, ,
1

I am developing a serverless application that makes use of a repeating scheduled event to trigger a series of API calls.

If I use the CLI tool to run the application locally, pointing it at a Freshservice subdomain and using my API key as its credentials, everything works as intended.

However if I install the application (as “In Development”) on the same Freshservice subdomain, using my API key for its credentials, it fails at the very first API call (“/api/v2/workspaces”) with a “403 Forbidden” response.

Questions:

1. Why am I experiencing different behaviour between the installed application and when I run it using the CLI tool?
2. What permissions, config changes, etc. should I make in order for the application to run properly when installed on Freshservice?

Cheers,
A

2

Hey @a21932ealwg,
Welcome to the Freshworks Developer Community!! :tada:

Can you share iparams and requests.json so that we can look at what configurations concerning the Freshserivce domain and API key are missed either as an iparam or while defining the request template?

3

Sure.

The requests.json template for the workspaces request looks like this:

-------8<-----------------------

"workspaces": {
    "schema": {
        "method": "GET",
        "host": "<%= iparam.freshservice_subdomain %>.freshservice.com",
        "path": "/api/v2/workspaces",
        "protocol": "https",
        "headers": {
            "Authorization": "Basic <%= encode(iparam.freshservice_api_key)+':X' %>",
            "Content-Type": "application/json"
        }
    },
    "options": {
        "retryDelay": 1000
    }
},

------------->8----------------------

There are maybe another 10 or so requests defined which all follow the same pattern with respect to the “host” and “headers” section (differing in “path” and <%= context.foo => settings…).

iparams.json:

-------8<-----------------------
{
“freshservice_subdomain” : {
“display_name”: “Freshservice subdomain”,
“description”: “Please enter your Freshservice subdomain (your-freshservice-subdomain.freshservice.com)”,
“type”: “domain”,
“type_attributes”: {
“product”: “freshservice”
},
“required”: true
},
“freshservice_api_key”:{
“display_name”: “Freshservice API key”,
“description”: “Please enter your Freshservice API key”,
“type”: “text”,
“secure”: true,
“required”: true,
“type_attributes”: {
“product”: “freshservice”
}
},
“workspace_name”: {
“display_name”: “Workspace name”,
“description”: “Please enter the required workspace name”,
“type”: “text”,
“required”: true
},
“group_name”: {
“display_name”: “Group name”,
“description”: “Please enter the required group name”,
“type”: “text”,
“required”: true
},
“capabilitymatrixcustomobject_name” :{
“display_name”: “Capability matrix custom object name”,
“description”: “Please enter the name of the custom object that holds the skills capability matrix”,
“type”: “text”,
“required”: true
}
}
------------->8----------------------

4

@zach_jones_noel

Example output from logs generated by the application running on Freshservice:

----8<----

	{
		"timestamp": "23 May 2024, 13:28:50",
		"id": "008fc",
		"type": "error",
		"message": {
			"text": "An error occurred whilst trying to ascertain the workspace ID"
		}
	},
	{
		"timestamp": "23 May 2024, 13:28:50",
		"id": "008fc",
		"type": "error",
		"message": {
			"text": "{\"status\":403,\"headers\":{\"date\":\"Thu, 23 May 2024 12:28:50 GMT\",\"content-type\":\"application/json; charset=utf-8\",\"transfer-encoding\":\"chunked\",\"connection\":\"close\",\"status\":\"403 Forbidden\",\"x-freshservice-api-version\":\"latest=v2; requested=v2\",\"x-request-id\":\"484b1b32-8d8e-9a54-8c11-524e7cf151ea\",\"x-envoy-upstream-service-time\":\"50\",\"x-fw-ratelimiting-managed\":\"true\",\"x-ratelimit-total\":\"500\",\"x-ratelimit-remaining\":\"499\",\"x-ratelimit-used-currentrequest\":\"1\",\"x-trace-id\":\"00-527c855b7df2e2972d722c2ff3d67b7e-96d3e0094ea71e68-01\",\"nel\":\"{ \\\"report_to\\\": \\\"nel-endpoint-freshservice\\\", \\\"max_age\\\": 2592000, \\\"include_subdomains\\\": true}\",\"report-to\":\"{ \\\"group\\\": \\\"nel-endpoint-freshservice\\\", \\\"max_age\\\": 2592000, \\\"include_subdomains\\\": true, \\\"endpoints\\\": [{\\\"url\\\": \\\"https://edge-admin.eu-central-1.freshedge.net/nelreports/freshservice\\\"}]}\",\"server\":\"fwe\"},\"response\":\"{\\\"code\\\":\\\"access_denied\\\",\\\"message\\\":\\\"You are not authorized to perform this action.\\\"}\",\"errorSource\":\"APP\",\"attempts\":1}"
		}
	},

---->8----

5

Hey @a21932ealwg,
I see the below error message -

Can you double-check the domain and API key combination?

6

Hi,
I’m getting the same issue,

i have double checked API key and Domain, and they are identical on both environments

{ status: 403, headers: { date: 'Tue, 28 May 2024 11:39:12 GMT', 'content-type': 'application/json; charset=utf-8', 'transfer-encoding': 'chunked', connection: 'close', status: '403 Forbidden', 'x-freshservice-api-version': 'latest=v2; requested=v2', 'x-request-id': '27838f3d-f807-9c59-9dfe-11cf314f7381', 'x-envoy-upstream-service-time': '31', 'x-fw-ratelimiting-managed': 'true', 'x-ratelimit-total': '500', 'x-ratelimit-remaining': '498', 'x-ratelimit-used-currentrequest': '1', 'x-trace-id': '00-5ce46e0897743710ebd4b5f2a9458ea9-f4c7f6a767ebdba9-01', nel: '{ "report_to": "nel-endpoint-freshservice", "max_age": 2592000, "include_subdomains": true}', 'report-to': '{ "group": "nel-endpoint-freshservice", "max_age": 2592000, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.eu-central-1.freshedge.net/nelreports/freshservice"}]}', server: 'fwe' }, response: '{"code":"access_denied","message":"You are not authorized to perform this action."}', errorSource: 'APP', attempts: 1 }
7

@zach_jones_noel

I have double-checked that the domain and api key combination are identical.

8

I have attempted using a different “headers” configuration for the requests.json:

-----8<----

        "headers": {
            "Authorization": "Bearer <%= iparam.freshservice_api_key %>",
            "Content-Type": "application/json"
        }

----->8----

Mirroring the examples in the API documentation:

https://developers.freshworks.com/docs/app-sdk/v2.3/freshservice/advanced-interfaces/request-method/#configure-request-templates

image
image1685×640 93.6 KB

However this approach does not work for either running the application locally with the CLI tooling, nor installed as an ‘In development’ application on the service desk, producing similar “You are not authorized to perform this action” errors.

9

Hey @a21932ealwg,
The api key would need to be encoded.

Please refer to this sample app.

I see you previously had an issue when you were testing the app by installing it on “In development” mode, did it also work as expected as a live custom app?

10

@zach_jones_noel

Changing the requests.json configurations from

“Authorization”: “Basic <%= encode(iparam.freshservice_api_key)+‘:X’ %>”

to

“Authorization”: “Basic <%= encode(iparam.freshservice_api_key) %>”

as per the quoted example code has done the trick!

image

Works: locally, installed as “in development” and “custom app”

A.

1 Like
11

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.