Re-emphasizing the importance of Domain Whitelisting in ASAP's JWT Authentication Mechanism
The problem
We discovered a security vulnerability related to using OAuth tokens in non-whitelisted domains and have reinforced our security measures. If you experience any request failures in the authorized domains, please verify that they are whitelisted in the ASAP JWT configuration.
Our solution
Please enter the trusted domains in the setup to ensure that the help widget is pre-approved for their designed domains.
A maximum of five domains can be listed.
What is a domain?
A domain is a web address that allows visitors to access your website. It's the identifier through which your site is known online. When you launch your website for the first time, you can purchase a new domain or use an existing one.
Mapping your domains
Domain mapping associates a domain name (example.com) with a target destination, whether a website, application, or server. This association enables users to reach that destination using an easy-to-remember domain name instead of recalling complicated IP addresses or URLs.
For authentication purposes, domain mapping is essential for several reasons:
- User trust
- Prevention of phishing
- Access controls
- Consistency in user experience
- Secure connections (protocols)
What is the domain whitelisting mechanism?
A domain whitelist is a security strategy that limits access to exclusively specified and approved domains, effectively preventing connections to websites or services not explicitly mentioned. Permitting links only to trusted domains helps block unauthorized access and reduce potential security threats such as malware or phishing attempts. It serves as a filter to guarantee that only safe and relevant websites can be accessed.
How does domain whitelisting make security simpler?
A domain whitelist is a security approach that restricts access to only designated and authorized domains, effectively blocking connections to websites or services not explicitly listed.
How to enable the JWT authentication for Web and Mobile Platforms
Domain whitelisting for help widgets ensures that only designated, pre-approved websites or domains can embed and display the help widget on their pages. This approach prevents unauthorized users from integrating the widget on untrusted sites, which is essential for maintaining security and controlling access to the help feature.
Watch this space for the latest ASAP updates.
Cheers,
Kavya Rao,
The Zoho Desk Team
Help docs for reference:Access your files securely from anywhere
New to Zoho Recruit?
Zoho Developer Community
New to Zoho LandingPage?
Zoho LandingPage Resources
New to Zoho Survey?
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Bigin?
Topic Participants
Kavya Rao Addepalli
Kelly Maria Da Silva
Sean Betts
Web Team
JWalton85
Sticky Posts
Zoho Desk Partners with Microsoft's M365 Copilot for seamless customer service experiences
Hello Zoho Desk users, We are happy to announce that Zoho Desk has partnered with Microsoft's M365 to empower customer service teams with enhanced capabilities and seamless experiences for agents. Microsoft announced their partnership during their keynoteWhatsApp pricing changes: Pay per message starting July 1, 2025
Starting July 1, 2025, WhatsApp is shifting from conversation-based pricing to per-message billing. That means every business-initiated message you send will count. Not just the first one in a 24-hour window. Pricing updates on the WhatsApp Business PlatformLive Webinar - Work smarter with Zoho Desk and Zoho Workplace integration
Hello customers! Zoho Desk and Zoho Workplace are coming together for a webinar on 14th May, 2024. Zoho Workplace is a suite of productivity apps for email, chat, docs, calls, and more at one single place. Zoho Desk is closely integrated with a few toolsApple iOS 17 and iPadOS 17 updates for Zoho Desk users
Hello Zoho Desk users! Apple recently announced the release of iOS 17 and iPad OS 17. These latest OS updates will help you stay productive and efficient, through interactive and seamless user experiences. Zoho Desk has incorporated the updates to helpZoho Desk Cheat Sheet For The Year-End
Check out these Zoho Desk best practices to end this year on a high and have a great one ahead! #1 Set Business (Holiday) Hours - If you have limited working hours, please make sure you restrict your business hours or set them as holidays for the coming days. Let your customers know when you will, and won't, be available. #2 Update the Annual Holiday List - Check the holidays for the new year and update the holiday schedule. Usually, holidays from the current year will be carried over for the next
New to Zoho TeamInbox?
Zoho TeamInbox Resources
Zoho CRM Plus Resources
Zoho Books Resources
Zoho Subscriptions Resources
Zoho Projects Resources
Zoho Sprints Resources
Qntrl Resources
Zoho Creator Resources
Zoho CRM Resources
Design. Discuss. Deliver.
Zoho Show Resources
Get Started. Write Away!
Writer is a powerful online word processor, designed for collaborative work.
Zoho CRM コンテンツ
-
オンラインヘルプ
-
Webセミナー
-
機能活用動画
-
よくある質問
-
Ebook
-
-
Zoho Campaigns
- Zoho サービスのWebセミナー
その他のサービス コンテンツ
Nederlandse Hulpbronnen
ご検討中の方
Recent Topics
Is there a way to make an account inactive in ZoHo Desk
We have a few Clients "Accounts" that we no longer do business with. It would be beneficial for them to not show up in lists. However, we want to go back and view tickets, time, etc.How to set the value of the Phone field importing contacts in Zoho Desk
Hi everyone, i'm new in Zoho Desk, we're setting up the environment and i'm importing contacts from another CRM using a file CSV and i'm getting a problem with phone numbers (italian): the leading zero is cut away, also if the value is inside double quotes.Set Custom Icon for Custom Modules in new Zoho CRM UI
Deprecation Notice: OpenAI Assistants API will be shut down on August 26, 2026
I recieved this email from openAI what does it means for us that are using the integration and what should we do? Earlier this year, we shared our plan to deprecate the Assistants API once the Responses API reached feature parity. With the launch of Conversations,How to center a field inside a section?
I’ve been trying to center a field inside a section in Zoho Canvas. When I align it visually, it looks centered in the editor, but after clicking Save, the field appears misaligned on the actual canvas. I also tried setting the field to full width, butKaizen #192 - Implementing Custom Token Persistence in Python SDK
Welcome back to another week of Kaizen! Last week, we discussed how to implement Login with Zoho using OAuth 2.0 and saw how to bring it to life in a real-world application with the Zoho CRM Python SDK. We also discussed how Zylker Academy built a customShowing the map along with mileage expense
When you use the GPS to track mileage, it shows you the map of the actual path travelled. It would be very useful and practical to save that map with the mileage expense, so that when the report is created, it provides a map of each mileage expense associatedEnable Validation Rule for Multi-Select Picklist Field
Zoho, Please allow validation rules for multi-select fields.File Upload field not showing in workflow
Hi, I have added a field on Zoho CRM. I want to use it in a workflow where that particular field is updated based on another field, however it is not showing up in the field list to select it in the workflow. Why is this please?CRM Custom function updating a module record shows the Super Admin user as the record modifier
Dear Zoho CRM Team, Is there any way to update this so that when a custom function has updated a record the Super Admin user doesn't become the modifier? This happens on the record as a modifier and shows up in the audit logs. It would be more usefulBest practice importing items and matching assemblies
Hi, I was wondering what would be the best practice to import items and composite items (assemblies) From my backup, what should I import first? The items or the composite items? I am on Zoho one, using inventory and books. Kind regards, SabineBest way to fetch employee names from Zoho People into Zoho Creator Inventory Stock Form field Employee Name Lookup
Hi Team, I have a requirement in my Zoho Creator application (Inventory Stock Adjustment) where I need to fetch employee names from Zoho People and use them as a lookup in a form. Currently, I am considering using an integration field to fetch this dataget file api is returning Junk data
I am working on extension development where at one point I need to retrieve attachments on records I found out I can use only invokeconnection and not invokeurl in extension development The invoke connection returns the image in raw binary format. WhenNeed help with message box
End user updates many records at once. Each have unique serial number. They want a confirmation box that says starting number, ending number and qty. Is there any way to do this? I been searching and asking support but seems like no great solution.[Webinar] The Transformative Power of Gen BI
Traditional decision-making tools are no longer enough. The integration of generative AI into business intelligence (BI) is proving to be a true game changer—enabling businesses to make faster, smarter, and better informed decisions. Early adopters ofBackorder process review - Automating Removal of Sales Order from "On Hold" When PO is Received
Hello Zoho Inventory Team, Currently, sales orders in On Hold status are released only when the bill for the purchase order is created. In our workflow, it would be much more efficient if the sales order could automatically move out of On Hold as soonHow to access the saved Query using API?
I have created a query in setting. Is it possible to access it from a API? What's the endpoint? I tried /v8/queries/important_deals but didnt' work.création d'une base de données
base de donnee d'un lycéeUser Session variables to recall after form submit & redirect to menu
Hey, Forgive me if this is a simple answer I have overlooked. I have built a big onboarding process for my SAAS platform which is built and managed by an external Dev team. I am hoping to embed my new creator app on the SAAS platform. I have a menu pageZoho Writer Merge Template with data from Zoho Analytics Views
Hello, Is there any way to pull information from Zoho Analytics and put it into a Merge Template? I am trying to create a bulk export of one report that filters on a field to create a single document for each of the filter fields.Having to enter bill before stock shows as available.
Hi, Am I right in thinking you must create a bill from the purchase order receipt before the goods are available for shipping?Agent Availability Report
From data to decisions: A deep dive into ticketing system reports Businesses need to track when their support agents check in and check out from work. This report, titled Agent Availability, is one of the static reports that helps managers track the numberWriting by Hand in "Write" Notes
Hi there! I just downloaded this app a few moments ago, and I was wondering if there was a way to write things by hand in "Write" mode instead of just typing in the keyboard. It would make things a bit more efficient for me in this moment. Thanks!AI-driven construction analytics using Zoho Projects Plus
Construction projects thrive on timelines; if a project is completed on or before the expected time, it makes headlines, but if it gets delayed, the company’s credibility will be at risk. Such projects require precise planning and constant monitoring,Canadian payroll
Hello ZOHO, is any updates on when payroll for Canada will be available?Unified customer view: Bringing product intelligence into your CRM data
For businesses today, applications and digital interfaces are the main touch points in the customer journey. While Zoho CRM data already tells who your customers are and what they buy, Zoho Apptics tells you how they interact and engage with your product.Zoho Creator SaaS app with multiple client AND multiple users
I am close to finalizing a Zoho Creator app that will be used by different companies to manage sale info, and each company can have multiple users using the app. Things were going perfectly until I tried a search on a report. I use a database field in each table to separate the data for each company, which works great. BUT when I do a search, I get to see ALL the data. This means that Company A could easily see the data from Companies B and C via the built-in search. Is there a way to set up theProject Change Orders and Additions
We are in the process of migrating from QuickBooks Online to Zoho Books. We have Zoho One and like the ability to sync all of our data across everything. And I like that projects work in a way that's less dumb than QuickBooks. I'm trying to figure outTrack online, in-office, and client location meetings separately with the new meeting venue option
Hello everyone! We’re excited to announce meeting enhancements in Zoho CRM that bring more clarity and structure to how meetings are categorized. You can now specify the meeting venue to clearly indicate whether a meeting is being held online, at thePossible to send Zoom AI Companion transcripts and summaries to contacts in CRM?
Title says it all. Is it possible to send Zoom AI Companion transcripts and summaries to contacts in Zoho CRM?How do I edit the Calendar Invite notifications for Interviews in Recruit?
I'm setting up the Zoho Recruit Interview Calendar system but there's some notifications I don't have any control over. I've turned off all Workflows and Automations related to the Calendar Scheduling and it seems that it's the notification that is sentPosibility to add Emoticons on the Email Subject of Templates
Hi I´ve tried to add Emoticons on the Subject line of Email templates, the emoticon image does show up before saving the template or if I add the Emoticon while sending an Individual email and placing it manually on the subject line. Emoticons also showClarity on extended contract status
Clarity on “extended” status- How does Zoho “extend” a contract? E.g. if client extends by 1 month, can the “end date” be adjusted accordingly in Zoho and tagged as “Extended” with a clear audit trail that also captures the client’s email? Note- EmailCustomizing contract status
Can we customize/add/remove status on Zoho contracts ourselves or does Zoho needs to do this? Context- There is a long list of status on Zoho but not all of them are relevant for us . There are few status which are missing and needs to be added. E.g-Set Custom Business Calendars and Holidays for Global Teams
Managing a project across diverse teams means accounting for more than just tasks and deadlines; it means acknowledging how and when each team actually works. Users might follow different working days or observe region-specific holidays that cannot be[Integration edition] Deluge learning series - Integrations between Zoho apps and Third-party services with Deluge | 28 August 2025
We’re excited to welcome you to the Deluge learning series: Integration edition! The Integration edition will run for three months: Session 1 – Integrating Zoho Apps with Deluge using inbuilt integration tasks Session 2 – Integrating Zoho Apps with DelugeCritical Vulnerability in all major password manager plugins - is Zoho Vault affected?
Hi Zoho, a security researcher found a critical clickjacking vulnerability in all major browser password managers: DOM-based Extension Clickjacking: Your Password Manager Data at Risk | Marek Tóth Is Zoho Vault affected as well? Apparently the Vault extensionIntroducing SecureForms in Zoho Vault
Hey everyone, Let’s face it—asking someone to send over a password or other sensitive data is rarely straightforward. You wait. You nudge. You follow up once, twice—maybe more. And when the information finally arrives, it shows up in the worst possibleChange eMail Template for Event-Invitations
Hello ZOHO-CRM Team How I can change the eMail Template for Event-Invitations? I work with the German Version of the Free Version. I know how I can modify eMail alerts or Signature Templates, but where I can other eMails modify you send out? Thank you for your answer. Regards, JuergNeed Your Insights
Hi Zoho, I'm confused why the flow only sends to one output. setVariable15 is from a list. It doesn't consider the 2nd entry. Any thoughts?Next Page