Back
Achieve Flexibility and Security with Freshdesk App Settings
Benny
- December 26, 2024
6 min read
Introduction
In the digital world, secrets are harder to keep than that one time you told your friend you “wouldn’t tell anyone” but ended up spilling it to your pet cat (because cats don’t judge, right?). For app developers, though, secrets come in a less furry form: API keys, tokens, and credentials. Enter Freshdesk’s Developer App Settings, the superhero cape your custom apps didn’t know they needed.
What Are Developer App Settings?
Think of developer app settings as the secret vault in your app’s lair. Instead of embedding sensitive credentials like API keys or tokens directly into your app’s code (a.k.a. writing your PIN on your credit card), Freshdesk provides a smarter and safer way to manage these secrets. Here’s the deal:
- You define these sensitive bits of info as environment variables in a file called app_settings.json.
- When you submit the app for deployment, you assign values to these variables in the Freshdesk interface.
- Voilà! No hardcoding. No exposure. Just a safe little vault for your credentials.
Now, when your app runs, it fetches the credentials securely, making your app both safer and easier to maintain.
Why Should You Care?
If you’ve ever:
- Hardcoded an API key into your app.
- Regretted hardcoding said key when it got leaked.
- Ended up Googling “how to fix API key security breach ASAP”—
Then developer app settings are your new best friend.
With these settings, you can:
- Avoid hardcoding credentials. No one wants their API key to appear in a Stack Overflow post.
- Easily update sensitive info. Need to replace an expired token? Just update the settings—no redeployment required!
- Prevent accidental leaks. Your app’s secrets are kept... well, secret.
Fun Fact: Did you know that embedding secrets in code is like putting a spare key under the doormat? Sure, it’s “hidden,” but anyone with access to your app can find it. And guess what? Hackers are just digital burglars with a lot more patience and a lot less shame.
How It Works: The Nuts and Bolts
Here’s a simple breakdown of how to implement developer app settings:
- Create an app_settings.json file. Think of this as your app’s grocery list, where you jot down the variables you’ll need. For example:
{
"api_key": {}
}
-
Assign values during app submission. When deploying the app via Freshdesk, you’ll enter the actual API key in the provided fields.
-
Access the settings in your app. Use the iparams object in your app’s code to retrieve the values:
"securedAPI": {
"schema": {
"protocol": "https",
"method": "POST",
"host": "Somedomain.com",
"path": "/v1/go-left/then-right",
"query": {
},
"headers": {
"Authorization": "Bearer <%= app_settings.api_key %>",
"Content-Type": "application/json"
}
}
},
- Test like a pro. Freshdesk’s handy testing environments let you simulate settings locally before pushing to production. No surprises, no “Oops, I forgot to configure that” moments.
Real-World Use Case: The Token Tango
Let’s say you’re building an app that syncs Freshdesk tickets with an external CRM. You need an API token to authenticate the requests. With developer app settings:
- You define the token as an environment variable in app_settings.json.
- You securely input the token value during app submission.
- If the token changes in the future, you update it directly in Freshdesk without touching your code.
Without developer app settings? You hardcode the token, accidentally push it to GitHub, and spend the next 48 hours revoking keys, apologizing to your boss, and Googling “stress relief methods for developers.
Security Best Practices
Freshdesk has done its part to make this feature secure, but here’s what you can do to ensure everything stays safe:
- Use strong, unique keys. “12345” isn’t a password; it’s an invitation.
- Regularly update your credentials. Tokens, like milk, have an expiry date. Don’t wait until they “smell funny.”
- Audit access. Make sure only authorized users can manage app settings.
The Bigger Picture
Developer app settings don’t just make your app secure—they make it future-proof. Want to switch from one third-party API to another? No problem. Need to scale up and manage credentials for multiple environments? Easy.
And here’s the cherry on top: Freshdesk provides sample apps that showcase how to implement app settings, so you don’t have to start from scratch. (Because let’s face it, building things from scratch is fun for pancakes, not so much for code.)
Closing Thoughts
In the wild west of app development, security is your sheriff, and Freshdesk developer app settings are the trusty six-shooter that keeps your app safe from the bad guys (or, you know, accidental leaks).
So next time someone asks, “Where do you store your API keys?” you can confidently say, “In the vault, where they belong.” And if they ask how you manage to sleep so well at night, you can reply, “It’s because I don’t hardcode secrets anymore. Also, melatonin helps.”
With great app settings comes great responsibility—and a lot fewer sleepless nights.
P.S.: If you’re still hardcoding credentials, here’s your sign to stop. Think of the app settings feature as Freshdesk’s love letter to developers. It’s secure, flexible, and makes your life infinitely easier. What more could you ask for? (Except maybe a pizza or a cup of coffee while you code. But hey, that’s on you.)
Know more?
Saasly offers a straightforward and accessible iPaaS Solution; simply get in touch with us. We are a trusted technology and solution partner for Zendesk, Microsoft, Shopify, Zoho, and Freshworks, focusing on platform integration services and app development. Our expertise shines in delivering iPaaS integration and implementation solutions on a global scale, particularly for seamlessly integrating Custom and Commercial Marketplace applications with SaaS products. Our objective is to optimize and automate your organization's business operations by harnessing the capabilities of iPaaS Solutions, providing more than just a service – a highly productive solution.