Data protection proxy (DPP) is configured by dpp/src/main/webapp/WEB-INF/config.xml file. The file has the following structure:
Pay attention to the directory: "dpp/src/main/webapp/WEB-INF"
- it is a directory that you need to work with.
There is another directory that is generated automatically after starting
a command "mvn clean install": "dpp/target/dpp/web-inf/".
That directory will be rewritten every time after the command "mvn clean install",
so you don't need to change the file "dpp/target/dpp/web-inf/config.xml"
The first section is responsible for authentication:
<baseurl>https://yourdomain.zendesk.com</baseurl> - your Zendesk subdomain
<apiuser>user@yourdomain.com</apiuser> - the email of Zendesk user on behalf of which DPP will operate. When authenticating with tokens, add /token to the end of your username
<apipassword>yourapipassword</apipassword> - the password of the user. When authenticating with tokens specify your token in this field
<proxyuser>yourproxyuser</proxyuser> - the user name for authentication on DPP
<proxypassword>yourproxypassword</proxypassword> - the password of the user.
Warning! never use real Zendesk user credentials in <proxyuser> and <proxypassword> fields.
The second section is responsible for logs:
<loglevel>info</loglevel> possible values: warning, info, config.
warning - only warning and errors will be logged
info - regular calls, warning and errors will be logged
config - input and output data, regular calls, warning and errors will be logged
Warning! never use config mode for regular operation in production environment so to prevent storing your customer's personal data in the log. This mode is intended for setup and debug purposes only.
To view the logs go to the viewer available at:
https://console.cloud.google.com/logs/viewer
Then choose the proxy project:
And choose the instance of the app (the last version has "100%" marker):
https://console.cloud.google.com/logs/viewer
Then choose the proxy project:
And choose the instance of the app (the last version has "100%" marker):
The third section holds the rules which determine what the data is allowed to get or change:
The rule bellow allows caller to get user.id, user.name and user.role fields via Zendesk API call GET /api/v2/users/me.json.
All data, except listed in <response> tag, received from Zendesk API will be hide (nulled) in proxy response.
The rule bellow allows caller to change a ticket via Zendesk API call PUT /api/v2/tickets/\d+\.json but set only three fields: ticket.assignee_id, ticket.comment.body,
ticket.comment.public. "\d+" is reg exp means any digits.
ticket.comment.public. "\d+" is reg exp means any digits.
If a caller try to change any other ticket field, except listed in <request> tag, the error 403 will be returned by the proxy.
As well as previous example, all data, except listed in <response> tag, received from Zendesk API will be hide (nulled) in proxy response.
All that is not explicitly allowed is forbidden. So if a caller try to call any other Zendesk API method, except listed in <rules> tag, the error 403 will be returned by the proxy.
Now you can check Data protection proxy config.xml for Round Robin App to be aware what the data is really shared with Round Robin App.
So as to update your DPP configuration please make the following steps.
0 Comments