Bitrix24 REST API

Authentication

OAuth is an open authentication protocol providing a method for third parties to access protected resources of end users without sharing their credentials (login and password).

Only the applications of the third kind require authentication. The applications of the first and second kind get authenticated when connecting to the JS library, or when receiving POST request data when an application is started.

To use OAuth in your application, first of all register the application with Marketplace.

Then, in the application:

  • request keys from a remote server;
  • the server redirects the browser to an URL registered by the application;
  • the response is processed;
  • the obtained key is used to sing all Rest API calls.

The authorization is available both for internal users and external users through the extranet.

How the Protocol Works

The protocol is very common and used by a large number of services worldwide.

The protocol OAuth 2.0 permits an application to obtain access to API on behalf of a specific user of a specific portal.

The authorization for the server is an indication that the user has given access to the application, and the application submits its secret. The portal combines all this and issues an appropriate access type to the application.

The protocol consists of two steps:

  • The user informs the portal that they are authorized. The application adds its identifier: client id. In return, the server transmits to the user, and through the user to the application, the first authorization code: code.
  • The application submits this code back to the portal (invisibly to the user), adding its secret key: client secret. Thus, the application confirms that it is the application that is “known” to the portal and that such application can work with the portal. In response, the portal issues two parameters: access_token – parameter properly required for access to authorization and refresh_token – a token required for authorization extension.

User comments

Comments by users are not official documentation. Responsibility for use of the comments are born by users themselves.

The user comments section is not intended as a request box or training area, but rather for specific usage examples. For more general inquiries, please refer to link.

Comments may be added only by registered users and appear after moderation.
© 2001-2017 Bitrix, Inc. Bitrix® is a registered trademark of Bitrix, Inc. Powered by Bitrix Site Manager