App extensions, secure app panels

App actions are good to interact with your app from Pipedrive but they are kind of hidden. Therefore app panels are great because they stand out in your detail views. So I created a panel for my application and it works.

The only problem is a security one: the app panel performs a get request to my API and sends credentials as the Basic Authentication header of a HTTP request. According to I should be able to use authenticated HTTPS requests but I don’t understand how I can change the panel behaviour to do so.

Any advice?

Hi there,

what we mean here is that you have to use HTTPS for your server and check that incoming request has the correct Basic Authentication header.

Ok, thank you @Elina
Is there any additional way to make sure the request is coming from my app? Like a specific Pipedrive signature or anything else?

Hi, sorry for getting back to you so late. Currently we only have the possibility to use Basic-Auth which is the securest way.

Hope that helps :slight_smile:

1 Like