Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • API and SDK Questions /
avatar image
Question by larissa · Jul 05, 2017 at 10:17 PM · AuthenticationPush Notificationswebhooks

Receive incoming webhooks from zendesk

Hey there :)

We've been trying to set up push notifications in PlayFab that are triggered by updates on tickets in our zendesk account. Unfortunately Zendesk seems to only support basic authentication in their webhook feature and won't let us set a custom header with the secret key (X-SecretKey) or session ticket (X-Authentication). Is there any other option in PlayFab that would let us receive incoming webhooks with either basic or no authentication? Or is there any chance this will become possible in the process of the development of the planned zendesk add-on?

Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Brendan · Jul 06, 2017 at 07:16 AM

Sorry, but allowing a completely insecure call to modify player data would be a pretty severe security problem, so it's not something we allow. Our planned Zendesk integration will provide for both player entered issues to generate tickets in your Zendesk account, as well as for query of active tickets for the player from your account.

Comment

People who like this

0 Show 4 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image larissa · Jul 06, 2017 at 09:34 AM 0
Share

Maybe I'm misunderstanding you, but I don't see a security issue with what we want to do:

This is not about modifying player data, it's about receiving a notification (as in just a little ping with no actual sensitive data) on ticket changes so that we can subsequently query this tickets data from zendesk in a properly secured way (via a server cloudscript that sends a request to zendesks rest api) . We will then send a push notification to the user that the ticket belongs to. So the only thing that can be insecurely triggered is us checking a tickets status. It would be guaranteed that we only send a notification to the player whose ticket it is, not anyone else. A change of player data would not be required at all and ideally we'd still like to use the basic authentication that zendesk allows for.

So you are saying there is currently no way of receiving webhooks in any of the ways zendesk will let us (basic auth or no auth)?

And the zendesk integration will also work only via making frequent queries to zendesk rather than receiving a callback?

avatar image Brendan ♦♦ larissa · Jul 07, 2017 at 04:52 AM 0
Share

The problem is that right now, what you're describing doesn't exist. So you would need to call a Cloud Script on behalf of the client or else write something to player data which is then checked by a periodic Scheduled Task - and allowing a non-secure call to do either of those is the risk I'm referring to.

When we have a complete Zendesk integration, it will include a callback path for Zendesk, exactly as we do for many of the other integrations in the service.

avatar image larissa Brendan ♦♦ · Jul 07, 2017 at 06:26 PM 0
Share

Sorry, I think we've got a misunderstanding. Let me try to explain again.

Once we answer a ticket in Zendesk, we wanted to use the PlayFab Server API with our secret key to issue an HTTP request that would use the ExecuteCloudScript-function to write the support ticker answer to player data.

In order to able to do that we need to authenticate us. Unfortunately, Zendesk only allows us to use "Basic auth", and we're not able to change the header of the HTTP request. Hence, we can not write the secret key in the header as it is needed for PlayFab Server API Calls.

Now we wanted to ask if there's any hope that PlayFab might also accept basic auth. WIth basic auth, we would still send our secret key as the "password" field, and it would be just as secure - it's just a different HTTP request layout.

We thought that since a Zendesk add-on is planned, it might also be planned to support writing data from Zendesk to PlayFab when a ticker is answered.

Show more comments

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    2 People are following this question.

    avatar image avatar image

    Related Questions

    Import user data from CSV 1 Answer

    User not found error when trying to create a game. 1 Answer

    PlayFab Authentication to Photon Error 2 Answers

    Email registration across different titles 1 Answer

    Unreal Engine 4 "Unable to contact server" 2 Answers

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges