feat(hackathon): Zenhog #22318
feat(hackathon): Zenhog #22318
Conversation
| "https://posthoghelp.zendesk.com/api/v2/organizations/search", | ||
| data="", | ||
| headers=headers, | ||
| params={"external_id": organization_id}, |
There was a problem hiding this comment.
I don't think this will this work for any random team trying to use their zendesk as an integration, will it? For example for your personal site, with your own zendesk setup, you maybe wouldn't have external_id = org_id (posthog-internal detail). Shouldn't we instead be using the user param from the request?
There was a problem hiding this comment.
Would this work:
- key is in posthog settings (like zendesk key) - we'd have "external_id"
- we pass the value (organization_id for us) and secure that with the secret_token we have <- we can secure that the same way we would have secured user email? i.e. hogflix api will pass value and value_hash to posthog-js, which then passes both of these to posthog-api
There was a problem hiding this comment.
I'm super unclear about the zendesk API, but i'm assuming that it's not sufficient to just target by user, and we need this extra param?
If yes, then what you say is reasonable, we even don't need to secure it with the token, because securing one thing (user email) is sufficient for security, and also hashing this just creates annoyances for the user, they can just pass it in plain text ✅
There was a problem hiding this comment.
We essentially need to get the Zendesk org ID, in your case, we link it with the PostHog org ID (external ID).
The API key is something different again. But let's worry about productizing this after we get the demo working.
We'll probably need the users to give us a giveZendeskOrgID() function
There was a problem hiding this comment.
yes nothing for the demo agreed, so feel free to not read my comment.
There are a few things here:
- It would be great if Hogflix developer could choose if they want the search to be by email or by org_id or by something else in Zendesk <- i.e. they control which tickets are visible to who
- what they choose in (1) might be guessable, so we can't just verify the user - as I as a@b.c are the owner of that email, but I should not have access to org "Panda", but I can in js console send
getTickets(a@b.c, validation_token_for_a@b.c, "Panda") - there's no way for us to verify that a@b.c belongs to whatever "Panda" is in Zendesk, so instead we can dogetTickets("Panda", validation_token_for_panda)`
* initial commit, most things working but still needs chat UX and other things * Update UI snapshots for `chromium` (1) * Update UI snapshots for `chromium` (2) * here 'tis --------- Co-authored-by: Dylan Martin <dylan@postbox.hotspot.internet-for-guests.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
* initial commit, most things working but still needs chat UX and other things * Update UI snapshots for `chromium` (1) * Update UI snapshots for `chromium` (2) * here 'tis * save work * fucked * interleave data --------- Co-authored-by: Dylan Martin <dylan@postbox.hotspot.internet-for-guests.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
|
This PR hasn't seen activity in a week! Should it be merged, closed, or further worked on? If you want to keep it open, post a comment or remove the |
|
This PR hasn't seen activity in a week! Should it be merged, closed, or further worked on? If you want to keep it open, post a comment or remove the |
Problem
Changes
👉 Stay up-to-date with PostHog coding conventions for a smoother review.
Does this work well for both Cloud and self-hosted?
How did you test this code?