Re-emphasizing the importance of Domain Whitelisting in ASAP's JWT Authentication Mechanism

Re-emphasizing the importance of Domain Whitelisting in ASAP's JWT Authentication Mechanism

The problem

We discovered a security vulnerability related to using OAuth tokens in non-whitelisted domains and have reinforced our security measures. If you experience any request failures in the authorized domains, please verify that they are whitelisted in the ASAP JWT configuration.


Our solution

Please enter the trusted domains in the setup to ensure that the help widget is pre-approved for their designed domains.
Info
A maximum of five domains can be listed.

What is a domain?

A domain is a web address that allows visitors to access your website. It's the identifier through which your site is known online. When you launch your website for the first time, you can purchase a new domain or use an existing one.

Mapping your domains

Domain mapping associates a domain name (example.com) with a target destination, whether a website, application, or server. This association enables users to reach that destination using an easy-to-remember domain name instead of recalling complicated IP addresses or URLs.


For authentication purposes, domain mapping is essential for several reasons:


  • User trust
  • Prevention of phishing
  • Access controls
  • Consistency in user experience
  • Secure connections (protocols)

What is the domain whitelisting mechanism?

A domain whitelist is a security strategy that limits access to exclusively specified and approved domains, effectively preventing connections to websites or services not explicitly mentioned. Permitting links only to trusted domains helps block unauthorized access and reduce potential security threats such as malware or phishing attempts. It serves as a filter to guarantee that only safe and relevant websites can be accessed.

How does domain whitelisting make security simpler?

A domain whitelist is a security approach that restricts access to only designated and authorized domains, effectively blocking connections to websites or services not explicitly listed.

​How to enable the JWT authentication for Web and Mobile Platforms


Domain whitelisting for help widgets ensures that only designated, pre-approved websites or domains can embed and display the help widget on their pages. This approach prevents unauthorized users from integrating the widget on untrusted sites, which is essential for maintaining security and controlling access to the help feature.


Watch this space for the latest ASAP updates.

 

Cheers, 

 

Kavya Rao,

The Zoho Desk Team