Re-emphasizing the importance of Domain Whitelisting in ASAP's JWT Authentication Mechanism

The problem

We discovered a security vulnerability related to using OAuth tokens in non-whitelisted domains and have reinforced our security measures. If you experience any request failures in the authorized domains, please verify that they are whitelisted in the ASAP JWT configuration.

Our solution

Please enter the trusted domains in the setup to ensure that the help widget is pre-approved for their designed domains.

A maximum of five domains can be listed.

What is a domain?

A domain is a web address that allows visitors to access your website. It's the identifier through which your site is known online. When you launch your website for the first time, you can purchase a new domain or use an existing one.

Mapping your domains

Domain mapping associates a domain name (example.com) with a target destination, whether a website, application, or server. This association enables users to reach that destination using an easy-to-remember domain name instead of recalling complicated IP addresses or URLs.

For authentication purposes, domain mapping is essential for several reasons:

• User trust
• Prevention of phishing
• Access controls
• Consistency in user experience
• Secure connections (protocols)

What is the domain whitelisting mechanism?

A domain whitelist is a security strategy that limits access to exclusively specified and approved domains, effectively preventing connections to websites or services not explicitly mentioned. Permitting links only to trusted domains helps block unauthorized access and reduce potential security threats such as malware or phishing attempts. It serves as a filter to guarantee that only safe and relevant websites can be accessed.

How does domain whitelisting make security simpler?

A domain whitelist is a security approach that restricts access to only designated and authorized domains, effectively blocking connections to websites or services not explicitly listed.

​How to enable the JWT authentication for Web and Mobile Platforms

Domain whitelisting for help widgets ensures that only designated, pre-approved websites or domains can embed and display the help widget on their pages. This approach prevents unauthorized users from integrating the widget on untrusted sites, which is essential for maintaining security and controlling access to the help feature.

Watch this space for the latest ASAP updates.

 

Cheers, 

 

Kavya Rao,

The Zoho Desk Team

Help docs for reference:

• Setting up the ASAP Help Widget on the Web
• How to install an ASAP Help Widget
  
• Understanding the enhanced JWT mechanism for Authenticating Users in the ASAP Help Widget
  

• Topic Participants

• Kavya Rao Addepalli

  

• Kelly Maria Da Silva

• Sean Betts

• Web Team

• JWalton85

  

• Sticky Posts

• Zoho Desk Partners with Microsoft's M365 Copilot for seamless customer service experiences

  Hello Zoho Desk users, We are happy to announce that Zoho Desk has partnered with Microsoft's M365 to empower customer service teams with enhanced capabilities and seamless experiences for agents. Microsoft announced their partnership during their keynote

• Live Webinar - Work smarter with Zoho Desk and Zoho Workplace integration

  Hello customers! Zoho Desk and Zoho Workplace are coming together for a webinar on 14th May, 2024. Zoho Workplace is a suite of productivity apps for email, chat, docs, calls, and more at one single place. Zoho Desk is closely integrated with a few tools

• Apple iOS 17 and iPadOS 17 updates for Zoho Desk users

  Hello Zoho Desk users! Apple recently announced the release of iOS 17 and iPad OS 17. These latest OS updates will help you stay productive and efficient, through interactive and seamless user experiences. Zoho Desk has incorporated the updates to help

• Zoho Desk Cheat Sheet For The Year-End

  Check out these Zoho Desk best practices to end this year on a high and have a great one ahead! #1 Set Business (Holiday) Hours - If you have limited working hours, please make sure you restrict your business hours or set them as holidays for the coming days. Let your customers know when you will, and won't, be available. #2 Update the Annual Holiday List - Check the holidays for the new year and update the holiday schedule. Usually, holidays from the current year will be carried over for the next

• Deprecation of older versions of ASAP Mobile SDK | Zoho Desk

  Hello, everyone.    Greetings from Zoho Desk ASAP!   In order to continue to deliver the best and most secure experience to our mobile SDK users. On account of the recent enhancements and updates to the mobile SDKs, we have planned to mark the older versions

• Recent Topics

• Connector working as expected but not when called from an extension

  I am playing around with building a Zoho CRM extension and seeing if anyone has some insight on the below issue I am facing. When I execute the Connector API it works as expected returning me the download URL for a merged document that has merged successfully.

• Is it possible to set a default field value in a Layout Rule?

  I would like to be able to set a default field value based on a layout rule, rather than a default value in the main layout screen. Example: if Field X is set to 'Banana' then set the default value of Field Y to 'yellow' if Field X is set to 'Strawberry' then set the default value of Field Y to 'red' Is this possible? I don't want to use a workflow rule because a) we've hit our limit and b) it needs to happen straightaway whilst the user is on that screen.

• Changing Data on Cancelled /Paused Subscriptions

  What's a good way to edit a cancelled subscription without reactivating it? There are some custom fields and data that we'd like to add to these but when we edit it, it reactivates it and creates an invoice. Also need to be able to do this for paused

• Portal users send notifications to licensed usera

  Is there a way for portal users to leave messages or notifications to licensed users?

• Help me to retreive my Document

  Please help me to retrieve my documents from any date between 1st February, 2025 to 20th,March 2025 .it got mistakenly deleted on the 21 of March 2025 due to phone screen malfunction I earnestly await your positive response .thank you

• Zoho Subscriptions -- Zoho Commerce integration

  Is there integration between Zoho Subscriptions and Zoho Commerce? I would like to create subscription plans in Zoho Subscritpions and list them for on my Zoho Commerce store.

• Inserted Records not showing in Kanban view

  When insert a new record into a report from a workflow, it doesnt show in KANBAN view. When i view the report in a regular list view, the records are there. If i edit the record (while in list view) and then update it at all (even if i dont change anything,

• Zoho creator dropdown option update using deluge

  Hi how can i add options in dropdown rather than updating manually

• Add an Iterator Module to Zoho Flow

  Hi Zoho Team, I hope you're doing well. We would like to request a new feature in Zoho Flow: an Iterator module. An iterator is a special type of module that converts an array into a series of bundles, outputting each array item as a separate bundle.

• Restrict form submissions based on records of another form

  Hi, is there a way to restrict submission of one form based on records of another form in creator? For example, there are two forms: one to collect user registration details, and one for a registered user to submit information. If there is not a record

• Client Script | Update - Introducing Subform Events and Actions

  Are you making the most of your subforms in Zoho CRM? Do you wish you could automate subform interactions and enhance user experience effortlessly? What if you had Client APIs and events specifically designed for subforms? We are thrilled to introduce

• Canvas Email iMap

  Hi, I want to be able to have this option (seen below) in our custom Canvas design I'm building. But I don't see that option. Being able to see all related emails is important for us. But in our Canvas, it doesn't seem to have any option....

• Search Mail with URL parameters

  Is it possible to search Zoho Mail by passing URL params like we can in Gmail? eg. mail.google.com/mail/u/0/#search/from:(jane@doe.com)

• Renaming organization does not reflect on all places like billing and others

  I have renamed the organization name to Novizna from Evnesoft but in billing and email it still displays Evnesoft

• Forwarding email into Desk - DMARC errors

  Hi, Our email domain is hosted through Exchange Online (Office 365). Customers email support@ourdomain.xyz which is delivered to Exchange. Exchange rewrites the TO email header to the email address associated with our Zoho Desk (support@ourdomain.zoho.xyz).

• ASAP Chrome Extension not loading

  We have ASAP enabled in Zoho Desk. I installed the ASAP Chrome Extension (Windows 10), but when I click the extension button while on our site, it never fully loads. I just get what's shown below.

• Why is the Zoho portal not mobile friendly?

  I just got started with the portal and im sort of shocked how it looks. I already filled a hint/complaint about this. On the website you see a wonderful site with a modern design. Yet in real life its a mid 2000 look and feel. One major issue i see thats

• Unable to access Zoho Help Community on my main browser

  Hi, I have been unable to access https://help.zoho.com on my chrome browser for a while now. Initially I thought it was a glitch from Zoho, but when I accessed from incognito mode, I was able to access it. I have cleared cache - cookies, but still access

• Controlling Lookup Paths

  When building pivot tables, Zoho automatically selects 'lookup paths' for you based on which columns are configured. Sometimes, I want zoho to not use a look-up at all between two tables.... but that doesn't seem to be an option, as long as any relationships

• Can you sell Subscriptions using Zoho Commerce?

  In addition to physical products and the apparently coming soon 'Digital Products', it is possible to sell Subscriptions using Zoho Commerce?

• Does Thrive work with Zoho Billing (Subscriptions)?

  I would like to use Thrive with Zoho Billing Subscriptions but don't see a way to do so. Can someone point me in the right direction? Thank you

• Free Webinar Alert! Building Your Brand: Solopreneur Tips to Use Zoho Mail

  Hello Zoho Mail Community! We’re excited to invite you to an exclusive session: "Building Your Brand: Solopreneur Tips to Use Zoho Mail." In this webinar, we’ll explore how Zoho Mail helps solopreneurs create a professional brand with custom email domains,

• Tip 24: How to generate a file preview in a report without downloading it.

  Hi folks, This month we will teach you how to preview a report file before sending it to someone or sending it for approval. While viewing reports in Zoho Creator, users cannot access or preview files uploaded through the File Upload field without downloading them.    In this tip, we'll show you a way to do this. Key concept: The best way to achieve this function is to preview the uploaded file's content using the Add Note field in a stateless form (pop-up window) based on the record ID.   Use case:

• Zoho Books CREDIT LIMIT is completely USELESS due to a BUG!!! Please fix it ASAP!!

  Credit Limit should not be taken into account if payment terms on the Invoice are without credit. If selected Credit 0 days (Prepayment) why in this world would a notification pop up saying credit limit is exceeded and not allowing to create an invoice?

• Add additional field to quick search results

  IN the advanced search, we can add any field to the columns. In the regular search results (before you press enter, there is no option to modify the results. It would be super useful to include a custom field where it currently displays the pipleine

• Zoho CRM API, Python SDK v7 Quoted_Items

  Hello. How do I use this SDK to retrieve the Quoted_Items from a Quote and downstream the items in a Sales Order I can see references to a constant INVENTORY_MODULES_ITEMS = ["invoiced_items", "quoted_items", "purchase_items", "ordered_items"] But I cannot

• Continue after error for each loop on invoke url

  Hello. I'm trying to upload files to workdrive using invokeurl. It goes through a list of urls using for each. Sometimes the file is larger than 5mb. The whole workflow stops in that event. I'd love a work around to upload larger files, but I don't think

• Modify the default layout of how task fields are ordered in Project View

  Hi all, I am trying to change the order the columns on project List view when a project is created initially. See image below. Currently, when a project is created, a predefined collumns are created and also its orders. I am aware that I can "hide", and

• Enhanced Column Customization in Zoho CRM Email Templates

  Dear Zoho CRM Team, I'm trying to create a footer in the Zoho CRM email template based on a specific design, but I’ve encountered limitations with the current WYSIWYG editor. Currently, the editor only allows adding preselected column structures with

• Zoho Flow Doesn't Detect Desk Custom Field Change

  I have a Flow that is configured to be triggered when a custom field on a ticket changes. I also have a Schedule in Desk that runs a script that changes the custom field. When I change the custom field manually in the Desk interface, the Flow runs as

• CRM

  I have a portal set up where a contact can see other contacts within an account automatically. When a contact in the portal enters a deal, how do I make sure that deal is assigned to the account so other contacts in the account can see the deal was generated?

• Page - Gauge - Target Values

  Is there a way to make the Target and Maximum values say a formula or query?  For example, total sales for the month = 109 and I want to make my gauge today's percentage.

• Instantly refine your CRM dashboard using Filters and download underlying data – all in a few clicks!

  Hello everyone, Imagine you’re a sales manager overseeing multiple product lines across different regions. You're viewing your sales dashboard in Zoho CRM, which gives a powerful overview, but you often need to drill down to see how a specific product

• Understanding "Deposit from Other Accounts" vs. "Sales Without Invoices"

  Hello, Zoho team! I am a new Zoho Books user trying to correctly input some historical financial data. I'm hoping you can help me understand best practices for when to use "Deposit from Other Accounts" vs. "Sales Without Invoices." I'm an author who receives

• Unified WhatsApp Number Management in Zoho Desk and SalesIQ

  Dear Zoho Desk Support Team, We are currently utilizing both Zoho Desk and Zoho SalesIQ for our customer support operations. While both platforms offer WhatsApp integration, we are facing challenges due to the requirement of separate WhatsApp numbers

• Pin multiple columns and adjust column widths in CRM subforms

  Hello all, Subforms act as secondary forms or tables in which you can associate multiple line items to a primary record and thereby ensure more structured and comprehensive data organization. We've made some recent enhancements to subforms. Here's what's

• Can't create Workflow for Module 'Service Appointments'

  Hey everyone. I am trying to create a workflow from FSM to Desk. When I start the creation process I select the Module (Service Appointments) and then title it and hit next and it just sits there. Now If I select a different module it works fine. Have

• Add multiple users to a task

  When I´m assigning a task it is almost always related to more than one person. Practical situation: When a client request some improvement the related department opens the task with the situation and people related to it as the client itself, the salesman

• I can not receive emails.

  MY MAIL BOX DOSE NOT REISIVE ANY MAILS

• How to Export Filtered List of Contacts?

  This seems like it should be simple, but I'm stymied. I'm trying to export a filtered list of my Contacts for analysis in a spreadsheet. The use case is that I'm an ecom business based in the US. The bulk of our customers are individuals stored as Contacts.

• Next Page