• 21 March 2019
  • 8 replies

I am developing a custom, internal, app which communicates with our externally hosted admin portal. I need the URL of the Freshdesk app I've published to enable CORS in our admin portal. 

I can see the app is hosted on a CloudFront URL and need to know if this is a static URL or if it is possible for that URL to change.


This topic has been closed for comments

8 replies


Here is the URL that you can use to enable CORS in your admin portal.


Thank you for confirming!

Hi Saif,

I have added the app URL in our admin portal, but I'm still having trouble making requests to our server with the Freshdesk Request API. 

With our current ZenDesk app, we use the jQuery `get` method with the following options:


dataType: 'json',
cors: 'true',
xhrFields: {
          withCredentials: true

 And this works fine. I've tried including these in the options passed to the get method, but am unable to successfully make a request to our server. I am also unable to see the response and request headers in the browser console to understand more specifically what is happening behind the scenes.

Do you have a suggestion as to how I can make a similar authenticated request using FD's Request API get method? Is there a way by which I can observe the request and responses as well?


I should note that our admin portal requires that we are logged into our admin account. The request is going through successfully, however I'm getting back an error from our server saying the admin is not logged in, when I am in fact logged in.

Thanks again.

Hi Philip,

  • May be the domain that your custom app is trying to access is not white-listed in your manifest.json file. Can you please confirm it? - Refer Documentation
  • You should be able to see the request and response in the network tab in your browser.
  • In case your app needs to implement on frontend using app.js   - See here regarding Request API Usage   

client.request.get("URL", options)
    function(data) {
      //handle "data"
      //"data" is a json string with status, headers, and response.
    function(error) {
      //handle failure

  • The App when making an request, you may need to encode the auth header in base64 format.

var headers = {"Authorization": "Basic <%= encode(iparam.api_key) %>"};
  var options = { headers: headers };
  var url = "";
  client.request.get(url, options)
  .then (
  function(data) {
  function(error) {

Hi Saif,

- I do have the domains included in the manifest -- the app URL, the Freshdesk agent portal URL, and our admin URL.

- I cannot see requests from the Freshdesk Request API to our admin app in the network tab, which I assume is because the request is being routed through your server, which I don't have visibility into.

- I am indeed making requests via app.js, and have followed the linked documentation.

I believe the problem is that the request is coming from your server instead of the app.js file, so I have less control over that request. If I had the URL for where those requests were initiated, I could add that to our origins list as well.

An alternative we're considering is creating some sort of password in our admin portal which we can pass via headers using the Request API, should we not be able to handle making requests from your server as we were able to via our ZenDesk app from the client.



1. If you've enabled CORS in your admin portal with provided URL, you should be able to make a request through JQuery's Authentication mechanisim. You should be able to achieve what you wanted just like ZenDesk app.

2. Using Request API is  one another way,

By using Request API, CORS requests are routed through a proxy(Which you see requests coming in from our server). Please make sure, option in selection is `All` and no filter is applied. Since Request API is fundamentally a JS Promise, if you could please let me know the Promise on Reject Error, so that I can better help you. 

Also, please let me know if you are locally testing? 

Thanks, Saif. I have everything working now. I misinterpreted the Request API documentation and thought it was a requirement that requests to third-party domains go through the Request API, but I see that is only for public apps.

I appreciate all the help!