rules:
  - name: Freshdesk Domain
    id: kingfisher.freshdesk.1
    visible: false
    confidence: medium
    min_entropy: 0.0
    pattern: |
      (?xi)
      \b
      (
        [0-9a-z-]{1,63}\.freshdesk\.com
      )
      \b
    examples:
      - acme-support.freshdesk.com
      - mycompany-helpdesk.freshdesk.com

  - name: Freshdesk API Key
    id: kingfisher.freshdesk.2
    pattern: |
      (?xi)
      \b
      freshdesk
      (?:.|[\n\r]){0,64}?
      (?:api[_-]?key|secret|private|access|key|token)
      (?:.|[\n\r]){0,32}?
      \b
      (
        [0-9A-Z]{20}
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.3
    confidence: medium
    examples:
      - 'FRESHDESK_API_KEY=abcdefghij1234567890'
      - 'freshdesk token: ABCDEFGHIJ1234567890'
    references:
      - https://developers.freshdesk.com/api/#authentication
      - https://developers.freshworks.com/docs/app-sdk/v3.0/support_agent/rest-apis/
    depends_on_rule:
      - rule_id: kingfisher.freshdesk.1
        variable: FRESHDESK_DOMAIN
    validation:
      type: Http
      content:
        request:
          method: GET
          url: "https://{{ FRESHDESK_DOMAIN }}/api/v2/agents/me"
          headers:
            Accept: application/json
            # Freshdesk API key auth is HTTP Basic where username=apikey and password can be any dummy value (commonly "X").
            # Docs note you can use a dummy password and (when using Authorization header) base64("apikey:X")  
            Authorization: "Basic {{ TOKEN | append: ':X' | b64enc }}"
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: JsonValid
            - type: WordMatch
              words: ['"id"']