Authorization and access to your data
All apps installed from the Zendesk Marketplace technically gain access to your Zendesk data ("your data") through the Zendesk App Framework. However, Playlist Ticket Assignment ("Playlist") also requires access to your data from our servers.
Authorizing with OAuth
Playlist uses Zendesk’s OAuth authorization flow, which requires you to explicitly grant API access to your Zendesk account. Here is a summary of the authorization flow:
- After installing the app, Zendesk admin lands on a page asking for authorization.
- Zendesk admin clicks on "Authorize" to initiate the OAuth flow.
- A window pops up, describing the scope of access that will be granted to Playlist.
- If Zendesk admin authorizes, our server generates and signs a token to identify your account.
- This token serves is stored as a hidden, secure setting (secure data store hosted by Zendesk).
The app (Playlist iframe in Zendesk) will then use the secure: true parameter to include the token along with each request to our endpoints. With the secure parameter, communication between Zendesk and our endpoints is always server to server. The token is never exposed to clients or end-users.
When our endpoint receives a request, it will verify the token to validate the user’s identity. If we are able to verify the token, the user is authorized and the request is carried out. Otherwise, the request is rejected.
Why does Playlist need server-side API access?
Playlist only reads and writes data where it needs. Here are a couple of reasons why server-side API access is required:
Some features like Round Robin need to be carried out even when agents are not logged in to Zendesk. We also cache information (e.g. agent information, group memberships) on our servers to avoid excessive calls to Zendesk's APIs.
Admins can configure Zendesk triggers to send a message, usually just the ticket ID, to our webhooks when a new ticket is created. This enables workflows such as same agent (sticky) assignment, dedicated support, and real-time routing.
Amazon Web Services is our cloud provider. Our servers are located in the us-west-2 region (Oregon, USA).
All data is encrypted in transit using TLS 1.2 and at rest with Amazon RDS encryption.
Data we collect
Here’s a summary of data that is processed by our server.
|User (agents)||User ID, Name, Role, Custom role ID||x||Only agents. We never collect information about end-users.
|Ticket||Ticket ID, Status, Assignee ID, custom fields managed by Playlist||x||x||
Custom fields are updated to create an audit trail.
If using the Same Agent workflow, Playlist will also reference Requester ID to query for the user's most recent tickets.
|Group Membership||User ID, Group ID||x||Used to determine which agents have access based on group restrictions.|
|Attribute Value||ID, Name, Attribute ID||x||Only applies to Zendesk Enterprise customers who have enabled Playlist's skills-based routing solution.|
|Agent Attribute||Agent ID, Attribute Value ID||x||Only applies to Zendesk Enterprise customers who have enabled Playlist's skills-based routing solution.|
|Ticket Attribute||Ticket ID, Attribute Value ID||x||Only applies to Zendesk Enterprise customers who have enabled Playlist's skills-based routing solution.|
|Target||All fields||x||x||App automatically creates an http target when certain features are enabled.|
|OAuth Token||Token||x||Token is encrypted.|
|App Installation||Enabled, Group restrictions, Role restrictions||x||Details of your Playlist app installation.|
Admin contact details
We track Playlist usage so that we can monitor the app’s performance and make improvements to it over time. This data is non-identifiable and we only aggregate information such as the number of tickets auto assigned by Playlist.
Please contact us if you have any questions or would like to learn more.