App extensions, secure app panels

GFabien · July 9, 2019, 8:07am

App actions are good to interact with your app from Pipedrive but they are kind of hidden. Therefore app panels are great because they stand out in your detail views. So I created a panel for my application and it works.

The only problem is a security one: the app panel performs a get request to my API and sends credentials as the Basic Authentication header of a HTTP request. According to https://pipedrive.readme.io/docs/app-extensions-panels#section-how-can-i-add-an-app-panel-to-pipedrive I should be able to use authenticated HTTPS requests but I don’t understand how I can change the panel behaviour to do so.

Any advice?

Elina · July 9, 2019, 10:15am

Hi there,

what we mean here is that you have to use HTTPS for your server and check that incoming request has the correct Basic Authentication header.

GFabien · July 9, 2019, 10:18am

Ok, thank you @Elina
Is there any additional way to make sure the request is coming from my app? Like a specific Pipedrive signature or anything else?

Elina · July 18, 2019, 12:21pm

Hi, sorry for getting back to you so late. Currently we only have the possibility to use Basic-Auth which is the securest way.

Hope that helps