megaphone icon Inc. Recognizes Mattermost as a 2023 'Power Partner'!
Best practices
Get started
    Webhooks Slash commands Apps Plugins Customize and embed Examples
      Frequently asked questions (FAQ)
        Quick reference Contribute to the Marketplace
          Integrate with Zapier
            Edit on GitHub

            Best practices for Plugins on Mattermost

            How should plugins serve publicly available static files? 

            Add all static files under a file directory named public within the plugin directory, and include the files in the plugin bundle using the Makefile.

            How can plugins make sure http requests are authentic? 

            Plugins can implement the ServeHTTP to listen to http requests. This can e.g. be used to receive post action requests when Interactive Messages Buttons and Menus are triggered by users. Since these requests are just http requests, anyone can send them to the plugin. Hence the plugin must make sure the requests are authentic. The Mattermost Server sets the http header Mattermost-User-Id if and only if the request is made by an authenticated client. The plugin therefore has to only check if this header is set and reject all other requests.

            Did you find what you were looking for?

            ๐Ÿ˜€

            Yes

             ๐Ÿ˜

            Mostly

             ๐Ÿ™

            No!
            Thank you! We appreciate your feedback.
            ร—

            Tell us more

            Your feedback helps us improve the Mattermost developer documentation.

            0/186

            Have a feature request? Share it here.

            Having issues? Join our Community server.

            Submit