One-time tokens
These are JSON Web Token (JWT) tokens that can be transferred together with a request to third-party resources from the Kommo Web interface.
The token contains encrypted information about the user from which a request was made to a resource.
How do I get a one-time token?
The method sends an ajax request with a temporary authorization token for the current user.
The X-Auth-Token header is added to the request. The remote server must give permission to receive requests from the account domain (configure CORS).
The method inherits all incoming parameters of the jQuery $.ajax()
function, and in response also returns an object of the type jQuery $.Deferred that is fully compatible with the response of the $.ajax
method.
define([], function() {
'use strict';
return function() {
var self = this;
this.callbacks = {
init: function() {
return true;
},
render: function() {
self.$authorizedAjax({
url: 'https://example.com/'// provide URL where you want to get your token
}).done(function (response) {
console.log('success', response);
}).fail(function (err) {
console.log('error', err);
});
return true;
},
bind_actions: function() {
return true;
}
};
return this;
};
});
Token decoding algorithm
The token signature algorithm is HS256.
The integration secret key is used as the encryption key (only the integration owner has access to this key).
To decode the token, we recommend using the methods from the public libraries. You can also use the debugger to decode, validate, and generate the JWT (JSON Web Token).
Token parameters after decoding
Parameter | Data Type | Description |
---|---|---|
iss | string | Kommo account address |
aud | string | The base address is formed based on the value of redirect_uri in the integration. |
jti | string | UUID token |
iat | int | Date when the token was issued in Unix Timestamp format |
nbf | int | Date when the token becomes valid in Unix Timestamp format |
exp | int | Date when the token will expire in Unix Timestamp format |
account_id | int | Account ID from which the request was made. |
user_id | int | ID of the user who made the request. |
client_uuid | string | The UUID of the integration that made the request |
Response example
{
"iss": "https://subdomain.kommo.com",
"aud": "https://external.integration.io",
"jti": "d123f123-5123-b123-a123-ed123ef123f",
"iat": 1594204245,
"nbf": 1594204245,
"exp": 1594206045,
"account_id": 12345678,
"user_id": 87654321,
"subdomain": "subdomain",
"client_uuid": "0b0123f4-d123-4123-9123-e09f123456c"
}
Updated about 2 months ago