Back
Mastering OAuth in Freshworks: A Developer’s Guide to Secure Authentication
Benny
- February 13, 2025
5 min read
In the digital age, security and seamless authentication are at the heart of every successful integration. Freshworks has taken a significant step forward by introducing Multi-OAuth functionality, allowing developers to authenticate multiple accounts within a single application. This means that instead of managing multiple OAuth configurations separately, developers can now configure, authenticate, and manage multiple OAuth handshakes within a single app installation.
So, whether you're building an integration with Freshsales, Freshservice, or Freshchat, OAuth is your gateway to secure, scalable, and efficient app authentication. This blog will guide you through setting up OAuth in Freshworks apps, implementing secure authentication, and testing the OAuth flow—all without relying on API keys!
What’s the Buzz About Multi-OAuth in Freshworks?
Freshworks has introduced a game-changing update that simplifies authentication for app developers. Previously, setting up OAuth meant handling one authorization per app installation, which was limiting. Now, with Multi-OAuth, developers can:
✔ Authenticate multiple accounts within a single app
✔ Improve security by reducing dependency on long-lived API keys
✔ Give admins and agents control over OAuth handshakes
🚀 Why is this important? Because OAuth is the most secure way to authenticate apps, preventing unauthorized access and reducing the risk of exposing sensitive credentials.
How to Authenticate with OAuth (Without API Keys!)
Step 1: Create OAuth Credentials
Before your app can interact with Freshworks APIs, you need to set up OAuth credentials. Follow these steps:
1️⃣ Go to your Freshworks Developer Account
2️⃣ Navigate to Developer Settings → OAuth Credentials
3️⃣ Click Create OAuth Credentials
4️⃣ Fill in details such as:
App Name
Description
Redirect URLs (where the user will be redirected after authentication)
Scopes (API permissions your app will need)
5️⃣ Click Create Credentials to generate the Client ID and Client Secret
📌 Pro Tip: Store these credentials securely— never hardcode them in your app!
🔗 Detailed Guide: Creating OAuth Credentials
Step 2: Configure the OAuth Flow
Now that you have your Client ID and Secret, it's time to set up your app’s authentication flow.
1️⃣ Set up the OAuth configuration file in your Freshworks app
2️⃣ Define the following parameters:
- Authorization URL (to request user consent)
- Token URL (to exchange the authorization code for an access token)
- Scopes (what data the app can access)
3️⃣ Ensure that the redirect URL matches the one configured in your OAuth settings
📌 Pro Tip: Always request only the permissions you need—don’t go overboard with scopes!
🔗 Step-by-step guide to OAuth configuration
Step 3: Secure API Calls Using OAuth
Once authentication is complete, your app will receive an access token. This token allows your app to make secure API calls without using API keys.
To make an API request:
- Include the access token in the request headers:
try {
let workspace = await client.request.invokeTemplate(
"FreshserviceSolutionAccess",{}
);
//handle success
} catch (err) {
//handle error
}
{
"FreshserviceSolutionAccess": {
"schema": {
"method": "GET",
"host": "sample-sub-domain.freshservice.com",
"path": "/api/v2/solutions/categories",
"headers": {
"Authorization": "bearer <%= access_token %>",
"Content-Type": "application/json"
}
},
"options": {
"oauth": "freshworks"
}
}
}
🔗 More details on placing OAuth requests
Step 4: Testing and Debugging OAuth
Before launching your app, always test the OAuth flow to ensure authentication is working correctly.
1️⃣ Verify that users are redirected correctly after authorization
2️⃣ Check if the app retrieves the access token successfully
3️⃣ Ensure that API requests work with the access token
🚀 Why does this matter? Because authentication failures can lead to frustrating customer experiences and security vulnerabilities.
Why OAuth is the Future (And API Keys Are Not!)
For years, developers have relied on API keys for authentication, but let’s face it—API keys are risky. If an API key gets leaked, it could grant full access to a company’s data. That’s a hacker’s dream!
💡 OAuth eliminates this risk by using short-lived tokens that expire after a set period. No more worrying about leaked credentials!
With Freshworks’ Multi-OAuth, developers and admins can authenticate multiple accounts securely, ensuring better control over permissions and fewer security risks.
Real-World Use Case: Multi-OAuth in Action
At Saasly, we’ve already used Freshworks’ Multi-OAuth for integrations like:
✔ HubSpot integration – Authenticating multiple sales pipelines
✔ AutoTimer integration – Managing multiple employee accounts
✔ Apple integrations – Handling multi-brand customer queries
The result? Faster authentication, better security, and zero API key headaches!
Conclusion: The Future of Authentication is Here
Freshworks has taken a bold step in making authentication simpler, safer, and more scalable. With Multi-OAuth, developers can:
✔ Authenticate multiple accounts in one app
✔ Secure API access without relying on API keys
✔ Provide admins with better access control
If you’re still relying on API keys, it’s time to upgrade your authentication game. Ready to integrate OAuth into your Freshworks app?
🚀 Check out the official documentation:
Know more?
Saasly offers a straightforward and accessible iPaaS Solution; simply get in touch with us. We are a trusted technology and solution partner for Zendesk, Microsoft, Shopify, Zoho, and Freshworks, focusing on platform integration services and app development. Our expertise shines in delivering iPaaS integration and implementation solutions on a global scale, particularly for seamlessly integrating Custom and Commercial Marketplace applications with SaaS products. Our objective is to optimize and automate your organization's business operations by harnessing the capabilities of iPaaS Solutions, providing more than just a service – a highly productive solution.