Documentation

Access Permissions for REST Methods

Access for applications (and webhooks) to REST API methods is regulated via the access to the scopes - Bitrix24 modules that execute particular REST methods.

In case of local apps and webhooks !!!, a user with the rights to administrate Bitrix24 specifies the required scopes when adding an app or when creating a webhook.

If an off-the-shelf app is installed, this app will request access permissions from the user for the necessary scopes and the user will either grant the requested access permission rights, or will interrupt the app installation process.

At present, the following scopes can be used:

Values
calendar Calendar
crm CRM
disk Drive
department Company Structure
entity Data Storage
im Notifications
imbot Chatbots
lists Lists
log Activity Stream
mailservice Mailservice
sonet_group Workgroups
task Tasks
tasks_extended Tasks (extended rights)
telephony Telephony
call Telephony (making calls). The following methods are included into the scope:
voximplant.infocall.startwithsound voximplant.infocall.startwithtext
user Users
imopenlines Open Channels
placement Application Embedding
messageservice Message Service
pay_system Payment Systems
landing Sites
faceid Face Identification
© «Bitrix Inc.», 2001-2021, «Bitrix Inc.», 2021