Documentation

Safety Check in Events

App developer should ensure that event handlers for the app are requested specifically by Bitrix24 and not by illegal parties. For this, when requesting handlers, Bitrix24 sends the additional application_token parameter.

First, the parameter is submitted to the OnAppInstall event handler jointly with authorization data of the user, who installed the app. By using this authorization data, OnAppInstall event handler can ensure the validity of the received access_token, record application_token and verify the received application_token with the saved one in its handlers for other events in the future.

It is especially relevant for the OnAppUninstall event handler, because it does not receive authorization data (the application is already deleted in Bitrix24). That is why, in case of OnAppUninstall, the verification of application_token with the saved value becomes the only way to ensure that the handler is requested specifically by Bitrix24.

User Comments

User comments are not part of official documentation. Use information provided by other users in the comments at your own risk.

The User Comments section is not to be used as a feature discussion board. Only registered users can post comments. Your comment will be visible once it has been approved by the moderator.
© «Bitrix Inc.», 2001-2020, «Bitrix Inc.», 2020