Starting Thursday, March 30th, 2023, we will implement sandboxing for all apps running in iframes (view apps)!

These apps will be subject to additional security measures to help protect our users from XSS attacks by only allowing specific actions in the sandboxed environment.

While we do not expect this update to break anything, we recommend testing all the flows in your app in the sandboxed environment just to be sure. You can do so by adding the _apps_sandbox=v1 query param to a monday URL.

On June 28th, 2023, we will then implement the second part of sandboxing by limiting these apps’ actions and only allowing the following directives in our iframes:

  • allow-forms: Allows the page to submit forms. The form will be displayed as normal, but submitting it will not trigger input validation, sending data to a web server, or closing a dialog if this keyword is not used.
  • allow-downloads: Allows downloading files through an <a> or <area> element with the download attribute and through the navigation that leads to a file download. This works regardless of whether the user clicked on the link or JS code initiated it without user interaction.
  • allow-presentation: Allows embedders to have control over whether an iframe can start a presentation session.
  • allow-same-origin: The resource is treated as being from a special origin that always fails the same-origin policy (potentially preventing access to data storage/cookies and some JavaScript APIs) if this token is not used.
  • allow-scripts: Allows the page to run scripts (but not create pop-up windows). This operation is not allowed if this keyword is not used.

We again recommend testing your app in the sandboxed environment with the new restrictions to ensure nothing breaks. You can do so by adding the _apps_sandbox=v2 query param to a monday URL. If something breaks and there’s no workaround, please complete a support request so we can find a resolution.

Keep your eyes out for more reminders as we get closer to implementing the second part of sandboxing!

We recently released the integration error handling mechanism that enables you to display descriptive errors when custom integrations fail. Our framework supports two different methods to communicate errors: severity codes and HTTP status codes. Check out our error handling doc to learn more about this new feature!

We recently added new get, set, and listen methods to the SDK called location. You can use these new methods to help improve routing and navigation inside your app. The monday.get("location") and monday.listen("location") methods can show you the URL location inside an app, and the monday.set("location") method can help you set the query params in the URL.

The monday.com SDK now supports TypeScript to expand its functionality and provide a better developer experience. Our updated SDK now includes type declarations for each SDK method, and you can find them in the types/index.d.ts file.

Please take note that you must update the version to 0.3.0 in all of your code to take advantage of all of the new features.

We recently added the ability to view app ratings and reviews in the App Analytics tab in the developer's section. You can access each rating, including the score, text review, and account ID.

Only app developers can see ratings and reviews, but we will expose the score to marketplace users in the next few weeks. The score will be an average of all the ratings submitted in the past 365 days by paying monday.com customers. Each app must meet the minimum threshold of 3 or more ratings to display the average in the marketplace.

You can use the new custom URL feature to encourage your customers to rate your app and boost your score, or you can directly reach out to those who previously rated your app to understand their rating better and improve your app’s user experience.

Please note that you cannot create a new major version if you already have a major version in your drafts. Check out our documentation to learn more about app versioning!

We're excited to announce our next big milestone – apps in workdocs!

You can now build apps inside of monday workdocs to add an extra layer of functionality to monday's document collaboration tool. With the new doc action feature, you can create new blocks or trigger actions from the contextual menu inside workdocs.

Learn more about the fantastic tools you can build on the monday developer's blog or take a deeper look at the new feature and build your first app using our documentation!

We recently added the Installed outside the marketplace section to the Installed apps page in the marketplace. This section will contain any apps developed on your account and apps that were installed but not necessarily developed on your account (like apps shared with you).

You can use this new section to test out your app's user onboarding experience. It also provides a simple way for users to access your app if it is not listed in the marketplace!

We recently released app card labels to highlight high-performing and successful apps in the marketplace!

These two labels, Editor's Choice and Best Seller, will be applied to apps that meet the qualification criteria each quarter. These labels appear on the app card in the marketplace and their own category on the left-side menu.

Check out our documentation to learn more!