Re-emphasizing the importance of Domain Whitelisting in ASAP's JWT Authentication Mechanism

The problem

We discovered a security vulnerability related to using OAuth tokens in non-whitelisted domains and have reinforced our security measures. If you experience any request failures in the authorized domains, please verify that they are whitelisted in the ASAP JWT configuration.

Our solution

Please enter the trusted domains in the setup to ensure that the help widget is pre-approved for their designed domains.

A maximum of five domains can be listed.

What is a domain?

A domain is a web address that allows visitors to access your website. It's the identifier through which your site is known online. When you launch your website for the first time, you can purchase a new domain or use an existing one.

Mapping your domains

Domain mapping associates a domain name (example.com) with a target destination, whether a website, application, or server. This association enables users to reach that destination using an easy-to-remember domain name instead of recalling complicated IP addresses or URLs.

For authentication purposes, domain mapping is essential for several reasons:

• User trust
• Prevention of phishing
• Access controls
• Consistency in user experience
• Secure connections (protocols)

What is the domain whitelisting mechanism?

A domain whitelist is a security strategy that limits access to exclusively specified and approved domains, effectively preventing connections to websites or services not explicitly mentioned. Permitting links only to trusted domains helps block unauthorized access and reduce potential security threats such as malware or phishing attempts. It serves as a filter to guarantee that only safe and relevant websites can be accessed.

How does domain whitelisting make security simpler?

A domain whitelist is a security approach that restricts access to only designated and authorized domains, effectively blocking connections to websites or services not explicitly listed.

​How to enable the JWT authentication for Web and Mobile Platforms

Domain whitelisting for help widgets ensures that only designated, pre-approved websites or domains can embed and display the help widget on their pages. This approach prevents unauthorized users from integrating the widget on untrusted sites, which is essential for maintaining security and controlling access to the help feature.

Watch this space for the latest ASAP updates.

 

Cheers, 

 

Kavya Rao,

The Zoho Desk Team

Help docs for reference:

• Setting up the ASAP Help Widget on the Web
• How to install an ASAP Help Widget
  
• Understanding the enhanced JWT mechanism for Authenticating Users in the ASAP Help Widget
  

• Topic Participants

• Kavya Rao Addepalli

  

• Kelly Maria Da Silva

• Sean Betts

• Web Team

• JWalton85

  

• Sticky Posts

• Zoho Desk Partners with Microsoft's M365 Copilot for seamless customer service experiences

  Hello Zoho Desk users, We are happy to announce that Zoho Desk has partnered with Microsoft's M365 to empower customer service teams with enhanced capabilities and seamless experiences for agents. Microsoft announced their partnership during their keynote

• Live Webinar - Work smarter with Zoho Desk and Zoho Workplace integration

  Hello customers! Zoho Desk and Zoho Workplace are coming together for a webinar on 14th May, 2024. Zoho Workplace is a suite of productivity apps for email, chat, docs, calls, and more at one single place. Zoho Desk is closely integrated with a few tools

• Apple iOS 17 and iPadOS 17 updates for Zoho Desk users

  Hello Zoho Desk users! Apple recently announced the release of iOS 17 and iPad OS 17. These latest OS updates will help you stay productive and efficient, through interactive and seamless user experiences. Zoho Desk has incorporated the updates to help

• Zoho Desk Cheat Sheet For The Year-End

  Check out these Zoho Desk best practices to end this year on a high and have a great one ahead! #1 Set Business (Holiday) Hours - If you have limited working hours, please make sure you restrict your business hours or set them as holidays for the coming days. Let your customers know when you will, and won't, be available. #2 Update the Annual Holiday List - Check the holidays for the new year and update the holiday schedule. Usually, holidays from the current year will be carried over for the next

• Deprecation of older versions of ASAP Mobile SDK | Zoho Desk

  Hello, everyone.    Greetings from Zoho Desk ASAP!   In order to continue to deliver the best and most secure experience to our mobile SDK users. On account of the recent enhancements and updates to the mobile SDKs, we have planned to mark the older versions

• Recent Topics

• How do I change the order of fields in the new Task screen?

  I have gone into the Task module layout, and moving the fields around does not seem to move them in the Create Task screen. Screenshot below. I have a field (Description) that we want to use frequently, but it is inconveniently placed within the More

• CRM email sync with 365 - app passwords

  Hi We have synced users crm account with hosted 365 email accounts. 365 has MFA enforced across the tenant. Now encountering issues with 365 sync failing due to password errors after some time. Advised that will need to use app passwords from 365 in order

• Using lookup field in Formula field

  I created the following formula field to get string output based on Lookup field values Lead and Account: if(${Communications.Lead}!='','Lead',if(${Communications.Account}!='','Account','Other')) The syntax seems correct, but I'm still getting an error.

• Zoho Creator Upcoming Updates - March 2025

  Hello everyone, We hope you’ve had the chance to explore Release Projection 1 for 2025! This month, we’re keeping up the momentum by bringing even more powerful features and enhancements to Zoho Creator. Here's what you can expect in March: App menu builder

• CRM x WorkDrive: File storage for new CRM signups is now powered by WorkDrive

  Availability Editions: All DCs: All Release plan: Released for new signups in all DCs. It will be enabled for existing users in a phased manner in the upcoming months. Help documentation: Documents in Zoho CRM Manage folders in Documents tab Manage files

• tasks management

  Hi there, Attached file is a task flow char. Can you please guide me through in detail to manage this task flow in ZOHO CRM? Thank you.

• Updating a contact record's multiple select field

  Hi folks, I have a multiple select field (called Mailing Lists) in Zoho CRM which I wish to set to the text "Weekly Email" I have created a step in Zoho Flow using a Create or Update Contact. In the Mailing Lists field, I put the text "Weekly Email"  (including the quotes) but the flow returns an error requesting a jsondatatype.  I have tried {'Weekly Email'} but I still get the same error. Also tried Weekly Email (without the quotes) How do I format an update of a multiple select field  with Zoho

• Custom Related List Inside Zoho Books

  Hello, We can create the Related list inside the zoho books by the deluge code, I am sharing the reference code Please have a look may be it will help you. //..........Get Org Details organizationID = organization.get("organization_id"); Recordid = cm_g_a_data.get("module_record_id");

• Stop adding Default ID column to xls exports

  When anything is exported to xls, Zoho adds a column with an ID.  WE DO NOT WANT THIS COLUMN.  We use an automated report to a team.  We have our own tracking number.  1. This makes the report messy, it just pushes OUR data off to the right.  2. We have

• Are downloadable product available in Zoho Commerce

  Hi all. We're considering switching to Zoho Commerce for our shop, but we sell software and remote services. Is there a features for downloadable products? I can't find any information about this. Thank you very much Alice

• Portal users send notifications to licensed usera

  Is there a way for portal users to leave messages or notifications to licensed users?

• Add multiple users to a task

  When I´m assigning a task it is almost always related to more than one person. Practical situation: When a client request some improvement the related department opens the task with the situation and people related to it as the client itself, the salesman

• Can you sell Subscriptions using Zoho Commerce?

  In addition to physical products and the apparently coming soon 'Digital Products', it is possible to sell Subscriptions using Zoho Commerce?

• Tip #1: Grouping (Filtering) records in the CRM mobile app

  Option 1:Grouping and sorting the records. When you are into sales, there is never enough time for you to check each and every record's status manually and then contact them. If you are en-route to customer's place, you can make use of the travel time

• Everything you want to share — in ONE link

  Hey everyone, Say hello to our very own link in bio tool – Linkthread is designed to create a single customizable link that contains everything you want to share with your audience on social media. Welcome to the Linkthread Community! What's Linkthread?

• Announcing Early Access to "Zoho CRM for Everyone" — A new and exciting update to Zoho CRM

  We are delighted to announce an Early Access to Zoho CRM for Everyone— a truly democratic approach to managing a CRM, gift-wrapped in an exciting and intuitive user interface. Here, multiple teams across an organization can coordinate among each other

• Building extensions #4: Integrating Zoho Books with applications using connections

  In our last post, we looked at an overview of the key features available for creating a Zoho Books extension, including connections. In this post, we'll go over connections in depth, including their types and applications. What are connections? "Connections"

• Issue Loading Dynamic Table Fields in Zoho Writer

  I am experiencing an issue while configuring a repeat table in Zoho Writer. When attempting to insert a dynamic table, I receive the following error: "There was a problem loading your dynamic table fields. Please try again in a while." I have already

• Announcing the all-new Offers Module and Offer Approvals in Zoho Recruit

  We're happy to introduce - Offers as a module. As we all know, Zoho Recruit is a powerful Applicant Tracking System that can help us. One of its key features is the ability to generate and approve offer letters. When a candidate is the right fit for a

• Add Label or Name parameter to URL Zoho CRM fields

  I have come across this multiple times now where a URL in the URL field is very long and it increases the length of the page. This might be ok if you have just 1 or 2 URL fields but some of my clients have many. It makes the CRM more difficult to read

• Continue after error for each loop on invoke url

  Hello. I'm trying to upload files to workdrive using invokeurl. It goes through a list of urls using for each. Sometimes the file is larger than 5mb. The whole workflow stops in that event. I'd love a work around to upload larger files, but I don't think

• Google Ads Data is Publicly available in Zoho CRM

  We recently discovered that ALL of the following Google Ads fields are visible to all users in our CRM that have access to either Leads or Contacts modules. Not only is this troubling and inconvenient, it should be unacceptable. It also creates a mess

• Tip 31: How to make a field in a Zoho Creator form mandatory based on criteria

  Hi folks,   I'm sure most of you are familiar with the Mandatory property available in our form builder. It enables you to ensure that your users enter an input in a required field. If they don't enter an input in that field, they'll be unable to submit

• Tracking UTM Campaign information in CRM

  Hi All, We have had this questions asked a few times lately so thought it would be a great idea to post it here for others benefit.  Many have asked this: How can I track campaign information in CRM from my online campaigns and report on UTM tracking details?  Below is what we have set up for other businesses who are using UTM Codes for all their campaigns. Follow the 4 steps below to set this up for your CRM: 1. Create Fields in CRM Leads Module Add a field  in the Leads module called 'Referrer

• Canvas Email iMap

  Hi, I want to be able to have this option (seen below) in our custom Canvas design I'm building. But I don't see that option. Being able to see all related emails is important for us. But in our Canvas, it doesn't seem to have any option....

• Tip 26: How to hide the "Submit" button from a form

  Hi everyone, Hope you're staying safe and working from home. We are, too. By now, we at Zoho are all very much accustomed to the new normal—working remotely. Today, we're back with yet another simple but interesting tip--how to hide the Submit button from your forms. In certain scenarios, you may want to hide the submit button from a form until all the fields are filled in.  Use case In this tip, we'll show you how to hide the Submit button while the user is entering data into the form, and then

• Grouping payments to match deposits

  Is there a way to group multiple invoice payments together so they match credit card batches and grouped deposits in the bank account? Basically, we are creating invoices for each of our transactions, and applying a payment to each of the invoices. Our payments are either credit cards or checks. We want to be able to group payments together so when our bank account reflects a credit card batch made up of many transactions, or the deposit we took to the bank that has multiple checks from different

• Zoho Books | Product updates | March 2025

  Hello users, We have rolled out new updates in Zoho Books to enhance your accounting experience. These include the ability to create workflow rules for manual journals and Multi-Factor Authentication (MFA) for customer and vendor portals. Explore these

• Tip 12: How can you customize the display name while sending emails from Zoho Creator.

  Hi folks, Usually when you send emails to your users, the display name defaults as your From email address. Most often, you would like to set a custom display name to represent your organization or the context of the email. You can mask or customize the display name (From Address) using Deluge script as long as the From email address has been verified. This would be very useful to you if you want to send bulk emails to a large audience.    Let's say you have a Student Registration form for your dance

• Backup all report zoho creator

  I want to backup an unused form record. But some fields are not displayed in the list report, if I export in the list report it will not retrieve all fields in the form. Is there a quick way to backup all the fields in the form without having to display

• Tip 9: How to word wrap content in notes to fit your window size.

  Hi folks, I hope our previous tips have been useful to you. Today, we are back again with an easy hack that will help you to auto-adjust form notes to fit your browser window size. Add Notes Field is one of the most commonly used fields while creating forms. We use the Add Notes Field to either provide some instructions to the users filling the form or to display a disclaimer. Whatever may be the case, it is essential that we should be able to auto-adjust the content in the Add Notes field. To do

• Backup all report zoho creator

  I want to backup an unused form record. But some fields are not displayed in the list report, if I export in the list report it will not retrieve all fields in the form. Is there a quick way to backup all the fields in the form without having to display

• Zoho books not accepting valid state code via api

  Hello, I am using make.com to create a contact and then invoice for a Shopify orders. However, while creating contact I'm getting "please provide a valid state code" error even though I'm providing correct state code. For example I'm providing MH as state

• Unified View Desk Tasks

  In the unified view of the tasks, It is not possible to have the tasks of all the services in Zoho Desk. We have to choose a service to display but It's not really the purpose of the unified view

• update warehouse id for closed credit notes

  the code run successfully but its not updating the warehouse, i send payload of warehouse id and name ,then tried to clone exisitng with updated fields .. lost one week in this.. <?php namespace App\Http\Controllers; use Illuminate\Http\Request; use App\Libraries\ZohoConnector;

• Create/Edit fields in Applications module

  Hi, Do you have any timeline on when we get the ability to create/edit the fields directly of Applications module. We need to update various data points about the candidate after the phone call & want to update those in the application module fields (not

• Offline for Maintenance Option

  Making changes to a live application can cause problems. I'm suggesting a new application settings option to temporary disable all access to an app so the admin or developer can make changes without any user interference. Additionally, while the app is offline, there should be some ability to present the users with a customized notification page (perhaps a view within the app itself). For example, "This application is undergoing maintenance and will be back online Sunday at 5 PM. Please email smith@net.com

• How do I categorize my Sales Tax payments on bank statements

  I have uploaded my bank statement and I am trying to manually categorize my sales tax payments and I am not able to use a liability account - using the standard account for Sales Tax / Tax Payable. What am I doing wrong?

• Can't create Workflow for Module 'Service Appointments'

  Hey everyone. I am trying to create a workflow from FSM to Desk. When I start the creation process I select the Module (Service Appointments) and then title it and hit next and it just sits there. Now If I select a different module it works fine. Have

• Possible to bold or indent text in the description field?

  As part of one item, I often have a detailed description that would be much easier to read if there was the ability to have a bulleted list or bold text and the like. Is this possible? My last invoicing software allowed markup in the field so, for example, an asterisk meant a bullet. I haven't been able to find any documentation related to this.  Any information would be appreciated. Thank you.

• Next Page