Partial update of the App config - postConfigs

App Platform
, , , ,
1

Hello guys

Is it possible to partial update the app config from iparams.js? Our config page has several fields, on of them is API KEY, this API key needs to be stored in the secured params.

Everytime when the user goes into the app settings and would like to change something, they need to enter again the API key, because we can’t retrieve it and update it again.

config.push({
  aaa: aaa,
  bbb: bbb
});

// Add to secure tenants object (with API key)
securedConfig[xxxx] = {
  aaa: aaa,
  bbb: bbb,
  api_key: api_key
};
});

return {
  __meta: {
    secure: ["securedConfig"],
  },
  config: tenants,
  securedConfig: securedConfig,
};

We have also tried something like this:

return {
  __meta: {
    secure: ["api_key"],
  },
  config: config,
  api_key: api_key
} 

// When when we don’t want to update api_key , we would return this 
return {
  __meta: {
    secure: ["api_key"],
  },
  config: config,
}

But the API key always get’s wiped.

Thank you very much

2

Hi Petr,

Freshworks does not support a partial merge for installation parameters. Whatever you return from postConfigs() is treated as the full config to store. If you leave out api_key (or drop it inside securedConfig) it will remain missing

In getConfigs(configs), keep a copy of the loaded object (including nested securedConfig). In postConfigs(), always return the complete structure your app needs, and only overwrite the API key when the user enters a new one. Otherwise reuse the value from that cached copy (for example api_key: trimmedInput || cached.api_key, and the same idea per tenant if you use a map).

About sending the API key: Marking it under __meta.secure does not mean it never goes over the network from the Settings page. On save, the admin’s browser still sends it to Freshworks over HTTPS, which is normal for storing credentials. Secure mainly means it is not exposed to the main app frontend the way non-secure iparams are (use it from server-side code, request templates, SMI, and avoid reading or logging it in the end-user UI).

Also double check that __meta.secure entries match the real keys/paths in the object you return.

Hope that helps.

3

Thanks for the reply. I need to double check the getConfigs() because I thought that it’s not returning the secured config.

1 Like