Re-emphasizing the importance of Domain Whitelisting in ASAP's JWT Authentication Mechanism
The problem
We discovered a security vulnerability related to using OAuth tokens in non-whitelisted domains and have reinforced our security measures. If you experience any request failures in the authorized domains, please verify that they are whitelisted in the ASAP JWT configuration.
Our solution
Please enter the trusted domains in the setup to ensure that the help widget is pre-approved for their designed domains.
A maximum of five domains can be listed.
What is a domain?
A domain is a web address that allows visitors to access your website. It's the identifier through which your site is known online. When you launch your website for the first time, you can purchase a new domain or use an existing one.
Mapping your domains
Domain mapping associates a domain name (example.com) with a target destination, whether a website, application, or server. This association enables users to reach that destination using an easy-to-remember domain name instead of recalling complicated IP addresses or URLs.
For authentication purposes, domain mapping is essential for several reasons:
- User trust
- Prevention of phishing
- Access controls
- Consistency in user experience
- Secure connections (protocols)
What is the domain whitelisting mechanism?
A domain whitelist is a security strategy that limits access to exclusively specified and approved domains, effectively preventing connections to websites or services not explicitly mentioned. Permitting links only to trusted domains helps block unauthorized access and reduce potential security threats such as malware or phishing attempts. It serves as a filter to guarantee that only safe and relevant websites can be accessed.
How does domain whitelisting make security simpler?
A domain whitelist is a security approach that restricts access to only designated and authorized domains, effectively blocking connections to websites or services not explicitly listed.
How to enable the JWT authentication for Web and Mobile Platforms
Domain whitelisting for help widgets ensures that only designated, pre-approved websites or domains can embed and display the help widget on their pages. This approach prevents unauthorized users from integrating the widget on untrusted sites, which is essential for maintaining security and controlling access to the help feature.
Watch this space for the latest ASAP updates.
Cheers,
Kavya Rao,
The Zoho Desk Team
Help docs for reference:Topic Participants
Kavya Rao Addepalli
Kelly Maria Da Silva
Sean Betts
Web Team
JWalton85
Sticky Posts
Zoho Desk Partners with Microsoft's M365 Copilot for seamless customer service experiences
Hello Zoho Desk users, We are happy to announce that Zoho Desk has partnered with Microsoft's M365 to empower customer service teams with enhanced capabilities and seamless experiences for agents. Microsoft announced their partnership during their keynoteWhatsApp pricing changes: Pay per message starting July 1, 2025
Starting July 1, 2025, WhatsApp is shifting from conversation-based pricing to per-message billing. That means every business-initiated message you send will count. Not just the first one in a 24-hour window. Pricing updates on the WhatsApp Business PlatformLive Webinar - Work smarter with Zoho Desk and Zoho Workplace integration
Hello customers! Zoho Desk and Zoho Workplace are coming together for a webinar on 14th May, 2024. Zoho Workplace is a suite of productivity apps for email, chat, docs, calls, and more at one single place. Zoho Desk is closely integrated with a few toolsApple iOS 17 and iPadOS 17 updates for Zoho Desk users
Hello Zoho Desk users! Apple recently announced the release of iOS 17 and iPad OS 17. These latest OS updates will help you stay productive and efficient, through interactive and seamless user experiences. Zoho Desk has incorporated the updates to helpZoho Desk Cheat Sheet For The Year-End
Check out these Zoho Desk best practices to end this year on a high and have a great one ahead! #1 Set Business (Holiday) Hours - If you have limited working hours, please make sure you restrict your business hours or set them as holidays for the coming days. Let your customers know when you will, and won't, be available. #2 Update the Annual Holiday List - Check the holidays for the new year and update the holiday schedule. Usually, holidays from the current year will be carried over for the next
Recent Topics
New in Cadences: WhatsApp follow-ups, upgraded limits, and options for add-ons
Hello everyone, We're rolling out two key updates to help you engage better and scale smarter with Cadences in Zoho CRM. Reach customers on WhatsApp, directly from Cadences Previously, Cadences have enabled you to automate follow-ups through emails, calls,additional accounts
If I brought 5 emails to my account. Can I later buy additional emails.Issue in Zoho People Regularization – Incorrect Hour Calculation
I have noticed that when applying attendance regularization in Zoho People for previous dates, the total working hours are not calculated correctly. For example, even if the check-in is 10:00 AM and check-out is 6:00 PM, the system shows an incorrectWhy I am unable to configure Zoho Voice with my Zoho CRM account?
I have installed Zoho Voice in my Zoho CRM, but as per the message there is some config needed in Zoho Voice interface. But when I click on the link given in the above message, I get an access denied page.Issue with Hour Calculation in Zoho People Attendance Module
I have noticed an issue in the attendance regularization feature of Zoho People. When trying to regularize past dates, the total working hours are not calculated correctly. For example, if I enter a check-in and check-out time for a previous day, theCliq Meeting Calls No Audio and Screen Share
When in a Cliq channel meeting, the audio does not work at all on pc. When i use my phone as audio source, screen share on pc does not work. I have updated audio drivers but the strangest thing is that during a 1 on 1 call, it works well. Therefore theWork anniversary and birthdays on connect
Hello, I like the idea of having employee's work anniversary and birthdays on the dashbaord. Do you have to have the employee complete this information themselves in connect settings, or does it pull from their directory settings? (ie. we use Zoho oneAlias Email Id already exists
Hi I'm trying to create an alias : contact @ yoavarielevy.co.il but i get the message Alias Email Id already exists I had an account with the same name but I deleted it. Can you help? Thanx YoavFeature Request: Ability to Set a Custom List View as Default for All Users
Dear Zoho CRM Support Team, We would like to request a new feature in Zoho CRM regarding List Views. Currently, each user has to manually select or favorite a custom list view in order to make it their default. However, as administrators, we would likeAdding Multiple Products (Package) to a Quote
I've searched the forums and found several people asking this question, but never found an answer. Is ti possible to add multiple products to a quote at once, like a package deal? This seems like a very basic function of a CRM that does quotes but I can'twebinar registration confirmation are landing in SPMA folders
I am trialing zoho webinar and do not have access to custom domains. When I test user registrations, they are working but the resulting confirmation email is landing in a spam folder. How can I avoid this?Delegates should be able to delete expenses
I understand the data integrity of this request. It would be nice if there was a toggle switch in the Policy setting that would allow a delegate to delete expenses from their managers account. Some managers here never touch their expense reports, andAdd Save button to Expense form
A save button would be very helpful on the expense form. Currently there is a Save and Close button. When we want to itemize an expense, this option would be very helpful. For example, if we have a hotel expense that also has room service, which is aMultiple organizations under Zoho One
Hello. I have a long and complicated question. I have a Zoho One account and want to set it up to serve the needs of 6 organizations under the same company. Some of the Zoho One users need to be able to work in more than 1 organization’s CRM and otherError AS101 when adding new email alias
Hi, I am trying to add apple@(mydomain).com The error AS101 is shown while I try to add the alias.Unbundle feature for composite items
We receive composite items from our vendors and sell them either individually or create other composite items out of them. So, there is a lot of bundling and unbundling involved with our composite items. Previously, this feature was supported in formRegarding the integration of Apollo.io with Zoho crm.
I have been seeing for the last 3 months that your Apollo.io beta version is available in Zoho Flow, and this application has not gone live yet. We requested this 2 months ago, but you guys said that 'we are working on it,' and when we search on Googleworkflow not working in subform
I have the following code in a subform which works perfectly when i use the form alone but when i use the form as a subform within another main form it does not work. I have read something about using row but i just cant seem to figure out what to changeFetch data from another table into a form field
I have spent the day trying to work this out so i thought i would use the forum for the first time. I have two forms in the same application and when a user selects a customer name from a drop down field and would like the customer number field in theRecord comment filter
Hi - I have a calendar app that we use to track tasks. I have the calendar view set up so that the logged in user only sees the record if they are assigned to the task. BUT there are instances when someone is @ mentioned in the record when they are notHow to View Part Inventory and Warehouse Location When Creating a Work Order in Zoho FSM
Hi everyone, We’re currently setting up Zoho FSM and would like to improve how our team selects parts when creating a Work Order. Right now, when we add a part or item to a Work Order, we can select it from our Zoho Inventory list but we don’t see anyFSM too slow today !!
Anybody else with problem today to loading FSM (WO, AP etc.)?Not able to Sign In in Zoho OneAuth in Windows 10
I recently reset my Windows 10 system, after the reset when I downloaded the OAuth app and tried to Sign In It threw an error at me. Error: Token Fetch Error. Message: Object Reference not set to an instance of an object I have attached the screenshotMapping a custom preferred date field in the estimate with the native field in the workorder
Hi Zoho, I created a field in the estimate : "Preferred Date 1", to give the ability to my support agent to add a preferred date while viewing the client's estimate. However, in the conversion mapping (Estimate to Workorder), I'm unable to map my customDelegates - Access to approved reports
We realized that delegates do not have access to reports after they are approved. Many users ask questions of their delegates about past expense reports and the delegates can't see this information. Please allow delegates see all expense report activity,Split functionality - Admins need ability to do this
Admins should be able to split an expense at any point of the process prior to approval. The split is very helpful for our account coding, but to have to go back to a user and ask them to split an invoice that they simply want paid is a bit of an inIs there a way to request a password?
We add customers info into the vaults and I wanted to see if we could do some sort of "file request" like how dropbox offers with files. It would be awesome if a customer could go to a link and input a "title, username, password, url" all securely and it then shows up in our team vault or something. Not sure if that is safe, but it's the best I can think of to be semi scalable and obviously better than sending emails. I am open to another idea, just thought this would be a great feature. Thanks,Single Task Report
I'd like a report or a way to print to PDF the task detail page. I'd like at least the Task Information section but I'd also like to see the Activity Stream, Status Timeline and Comments. I'd like to export the record and save it as a PDF. I'd like theAuto-response for closed tickets
Hi, We sometimes have users that (presumably) search their email inbox for the last correspondence with us and just hit reply - even if it's a 6 month old ticket... - this then re-opens the 6 month old ticket because of the ticket number in the email's subject. Yes, it's easy to 'Split as new Ticket', but I'd like something automated to respond to the user saying "this ticket has already been resolved and closed, please submit a new ticket". What's the best way to achieve this? Thanks, EdHow to Push Zoho Desk time logged to Zoho Projects?
I am on the last leg of my journey of finally automating time tracking, payments, and invoicing for my minutes based contact center company - I just have one final step to solve - I need time logged in zoho desk to add time a project which is associatedCannot access KB within Help Center
Im working with my boss to customize our knowledge base, but for some reason I can see the KB tab, and see the KB categories, but I cannot access the articles within the KB. We have been troubleshooting for weeks, and we have all permissions set up, customersExport to excel stored amounts as text instead of numbers or accounting
Good Afternoon, We have a quarterly billing report that we generate from our Requests. It exports to excel. However if we need to add a formula (something as simple as a sum of the column), it doesn't read the dollar amounts because the export storeswhy my account is private?
when i post on zohodesk see only agent onlyGetting ZOHO Invoice certified in Portugal?
Hello, We are ZOHO partners in Portugal and here, all the invoice software has to be certified by the government and ZOHO Invoice still isn´t certified. Any plans? Btw, we can help on this process, since we have a client that knows how to get the software certified. Thank you.500 Internal Server Error
I have been trying to create my first app in Creator, but have been getting the 500: Internal Server Error. When I used the Create New Application link, it gave me the error after naming the application. After logging out, and back in, the application that I created was in the list, but when I try to open it to start creating my app, it gives me the 500: Internal Server Error. Please help! Also, I tried making my named app public, but I even get the error when trying to do that.Client Script | Update - Client Script Support For Portals
Dear All! We are excited to announce the highly anticipated feature: Client Script support for Portals. We understand that many of you have been eagerly awaiting this enhancement, and we are pleased to inform you that this support is now live for allProfessional Plan not activated after payment
I purchased the Professional Plan for 11 users (Subscription ID: RPEU2000980748325) on 12 September 2025, and the payment has been successfully processed. However, even after more than 24 hours, my CRM account still shows “Upgrade” and behaves like aAuto Update Event Field Value on Create/Edit
Hi there, I know this question has been posted multiple times and I've been trying many of the proposed similar scripts for a while now but nothing seems to work... what might I do wrong? The error I receive is this: Value given for the variable 'meetingId'Pre-orders at Zoho Commerce
We plan to have regular producs that are avaliable for purchase now and we plan to have products that will be avaliable in 2-4 weeks. How we can take the pre-orders for these products? We need to take the money for the product now, but the delivery willConstant color of a legend value
It would be nice if we can set a constant color/pattern to a value when creating a chart. We would often use the same value in different graph options and I always have to copy the color that we've set to a certain value from a previous graph to makeNext Page