Skip to main content
Sign in

Playlist Technical Information

  • Updated

Authorization and access to your data

All apps installed from the Zendesk Marketplace technically gain access to all of your Zendesk data ("your data") through the Zendesk App Framework. However, Playlist Ticket Assignment ("Playlist") also requires access to your data from our servers.

Authorizing with OAuth

Playlist uses Zendesk’s OAuth authorization flow, which requires you to explicitly grant API access to your Zendesk account. Here is a summary of the authorization flow:

  1. After installing the app, the admin will land on a page asking for authorization (we use signed URLs provided by Zendesk to ensure that the user authorizing API access is indeed a user of your account)
  2. The admin clicks on the button to "Authorize" API access
  3. A window pops up, describing the scope of access that will be granted to Playlist and prompting the admin for confirmation
  4. Once authorized, our server generates and signs a JSON Web Token (JWT) to identify your account
  5. This JWT serves as your session and is stored as a hidden, secure setting within the app.

Using JWTs to identify users

The app (Zendesk iframe) will then use the secure flag to include the JWT along with each subsequent request to our services. With the secure flag, communication between Zendesk and our services is server to server, so the JWT is never exposed to clients.

When our service receives a request, it will decode the JWT to validate the user’s identity. If we are unable to decode the JWT (i.e. due to it being tampered), the request is automatically rejected. If we are able to successfully decode the JWT, the user is authorized and the request is carried out.

Why does Playlist need server-side API access?

Playlist only reads and writes data where it needs to when using Zendesk’s APIs. Here are some of the reasons why the app needs server-side API access: 

Scheduled jobs

Some of our services, such as round-robin ticket assignment, need to be carried out even when agents are not logged into Zendesk. For such services, we will need server-side API access to run jobs on our servers.

Delegated administration

Some admins may want to delegate administration of Playlist business rules and settings to specific agents. Since Zendesk does not allow agents to update the user profiles of other agents, our service provides delegated admins with the ability to update specific user fields that are managed by Playlist (i.e. Playlist Rule Id, Playlist Manager, Playlist Autoplay). 

Data security

We will only collect and process data that is absolutely required for the app to function. Please visit our Privacy Policy to learn more about how we collect, use, and share personal information that you provide with third-party service providers.

Server location

We use Amazon Web Services (AWS) to host our services and our servers are located in the us-west-2 region (Oregon).

Data transfer

All data transferred between Zendesk and our servers is encrypted using TLS 1.2. This includes information transferred between the app (Zendesk iframe) and our services.

Data storage

We use proper encryption techniques where appropriate. Here’s a summary of data that we collect from your Zendesk account and store on our servers:

View IDs
Playlist rules utilize your views in Zendesk to query for unassigned tickets. We store the appropriate view IDs when you configure Playlist rules for your team.

Analytics
We track usage of Playlist so that we can monitor the app’s performance and make improvements to it over time. This data is non-identifiable and we only aggregate information such as the number of successfully assigned tickets.

Admin contact details
We automatically collect the name and email of the admin who authorizes API access. The admin is our initial point of contact. We may offer an onboarding session and send important updates to the admin as described in our Privacy Policy. We do not collect or store any information about your end-users (customers) on our servers.

OAuth token
We store an encrypted version of your OAuth token on our servers so that we can perform jobs even when users are not logged in. For example, our round-robin option periodically checks for unassigned tickets and routes them to available agents in a circular fashion.

Please contact us if you have any questions or would like to learn more about how Playlist is integrated with Zendesk.

 

Powered by Zendesk