I am currently working on a custom Freshdesk app and could use some guidance from the community. My goal is to build an app that integrates with an external API to fetch user specific data and display it within the Freshdesk ticket sidebar.
I have gone through the official documentation, but I am still a bit unclear on the best practices for managing asynchronous API calls and securely handling API keys within the app.
Where and how should I store and retrieve sensitive API credentials in a secure manner?
Any tips on optimizing performance or maintaining compatibility with future Freshdesk updates?
Hi Arokiya, thanks for the hint. But as I understand, the iparams.json content is a kind of template for presenting the user a form where the actual credentials are filled in. In my case, I have to store some general credentials that the user should not see. If I do so in config/my_params.json, the ‘fdk validate’ command complains about ‘invalid file’. Where to savely store this data? The app.js should read it, but not a user.
You can build a custom Configuration page where you define and manage your application settings. The actual credentials and general configuration values can be organized into multiple tabs and stored using the postConfigs method, then retrieved using getConfigs from iparams.html.
These values are securely stored in iparams and can be accessed whenever required throughout the app lifecycle. This approach is recommended over using Key-Value Storage (Data Store) for configuration data, as frequent reads/writes in high-volume event scenarios may lead to 429 rate-limit issues.
Please refer to the following documentation for more details: