We are looking to develop an app where the API requests to be triggered from Freshsales need to be triggered using the logged in user’s API key and not a generic API key which is stored during app installation in Freshsales.
For example, if we need to trigger GET API for endpoint domain.myfreshworks.com/crm/sales/api/contacts/12345 but the token in the headers should be dynamic based on logged in user who is using that app. If user A has apikey - abc123 and user B has apikey - mn213 then the Freshsales API should be fetched and triggered dynamically based on whoever is the user using that app.
I did not find any option to perform this but can someone confirm if this is possible or not at the moment?
Freshsales API only has basic authentication support. With basic auth, only the API key generated by the user will be accepted for the APIs.
The app supports API key or OAuth-based authentication. The use case that you have mentioned required OAuth-based authentication to authorize using the logged-in user’s authorization to make API.
But, Freshsales doesn’t support OAuth yet. We can share this as feedback to the respective team to add OAuth support for Freshsales.
There are not secure and seamless workaround available. Only during the app installation configuration, the app can get the API key and store it to use in the app. Only one of the admin users will install the app. They will not have access to all the users and other users cannot access this page unless they are also an admin on their Freshsales instance.
So, it’s not possible to achieve. Can you add why would you want this way?
Hi @Raviraj
Thanks for sharing the details. The reason we wanted user specific authorization is because we are developing an app to export data from Freshsales. A restricted user or someone with restricted access should not be able to export records which they are not supposed to access (which will be accessible if we use admin API).