Skip to main content
Sign in

Playlist Technical Information

  • Updated

Authorization and access to your data

All apps installed from the Zendesk Marketplace technically gain access to your Zendesk data ("your data") through the Zendesk App Framework. However, Playlist Ticket Assignment ("Playlist") also requires access to your data from our servers.

Authorizing with OAuth

Playlist uses Zendesk’s OAuth authorization flow, which requires you to explicitly grant API access to your Zendesk account. Here is a summary of the authorization flow:

  1. After installing the app, the admin lands on a page asking for authorization. We use signed URLs provided by Zendesk to ensure that the user authorizing API access is indeed a user of your account.
  2. The admin clicks on "Authorize" to initiate the flow.
  3. A window pops up, describing the scope of access that will be granted to Playlist, and the admin confirms authorization. 
  4. Once authorized, our server generates and signs a JSON Web Token (JWT) to identify your account.
  5. This JWT serves is stored as a hidden, secure setting within the app.

Server-to-server communication

The app (Playlist iframe in Zendesk) will then use the secure flag to include the JWT along with each request to our services. With the secure flag, communication between Zendesk and our services is always server to server, so the token is never exposed to users.

When our service receives a request, it will decode the JWT to validate the user’s identity. If we are able to successfully decode the JWT, the user is authorized and the request is carried out. Otherwise, the request is rejected. 

Why does Playlist need server-side API access?

Playlist only reads and writes data where it needs to when using Zendesk’s APIs. Here are some of the reasons why the app needs server-side API access.

Scheduled jobs

Some of our features, such as round-robin ticket assignment, need to be carried out even when agents are not logged into Zendesk. For such services, server-side API access is required. 

Delegated administration

Some admins may want to delegate administration of the app's business rules and settings to specific agents. Since Zendesk does not allow agents to update the user profiles of other agents, our service provides "delegated administrators" with the ability to update specific user fields managed by Playlist (i.e. Playlist Rule Id, Playlist Manager, Playlist Autoplay). 

Data security

We will only collect and process data that is absolutely required to provide services as advertised. Please visit our Privacy Policy to learn more about how we collect, use, and share personal information that you provide with third-party service providers.

Server location

We use Amazon Web Services as our cloud provider. Our servers are located in the us-west-2 region (Oregon, USA).

Data encryption

All data is encrypted in transit using TLS 1.2 and at rest with Amazon RDS encryption. 

Data storage

Here’s a summary of data that we collect from your Zendesk account and store on our servers:

View IDs
Playlist rules and Round Robin queues use views to query your Zendesk for unassigned tickets. Associated view IDs are stored on our servers.

Agent metadata

Limited information about agents are cached on our servers for role management purposes. This includes the agent's user ID, default group ID, role, and role type.

Group memberships

Group memberships are cached on our servers. The cache enables our round robin service to efficiently rotate between group members without hitting Zendesk's API limits.

Admin contact details
We automatically collect the name and email of the admin who authorizes API access. The admin is our initial point of contact. We may offer an onboarding session and send important updates to the admin as described in our Privacy Policy. We do not collect or store any information about your end-users (customers) on our servers.

OAuth token
We store an encrypted version of your OAuth token on our servers so that we can perform jobs even when users are not logged in. For example, our round robin service periodically checks for unassigned tickets and routes them to the appropriate agents.

Analytics
We track usage of Playlist so that we can monitor the app’s performance and make improvements to it over time. This data is non-identifiable and we only aggregate information such as the number of successfully assigned tickets.

Please contact us if you have any questions or would like to learn more about how Playlist interacts with Zendesk.

Powered by Zendesk