One-time Tokens for Integrations

These are JSON Web Token (JWT) tokens that can be transferred together with a request to third-party resources from the amoCRM Web interface.

The token contains encrypted information about the user from which a request was made to a resource.

How do I get a one-time token?

We have already implemented the method this.$authorizedAjax() within the WEB SDK for your integration to work.

The method sends an ajax request with a temporary authorization token for the current user.

The X-Auth-Token header is added to the request. The remote server must give permission to  receive requests from the account domain (configure CORS).

The method inherits all incoming parameters of the jQuery $.ajax() function, and in response also returns an object of the type jQuery $.Deferred that is fully compatible with the response of the $.ajax method.

Example of a call:

define([], function() {
  'use strict';
  return function() {
    var self = this;
    this.callbacks = {
      init: function() {
        return true;
      },
      render: function() {
        self.$authorizedAjax({
          url: 'https://example.com/'
        }).done(function (response) {
          console.log('success', response);
        }).fail(function (err) {
          console.log('error', err);
        });
        return true;
      },
      bind_actions: function() {
        return true;
      }
    };
    return this;
  };
});

Token decoding algorithm

The token signature algorithm is HS256.

The integration secret key is used as the encryption key (only the integration owner has access to this key).

To decode the token, we recommend using the methods of the public libraries. You can also use the debugger to decode, validate, and generate the JWT (JSON Web Token).

Token parameters after decoding

Parameter Data Type Description
iss string amoCRM account address
aud string The base address, which is formed based on the redirect_uri value in the integration
jti string UUID token
iat int Timestamp, when the token was issued
nbf int Timestamp, when the token begins to take effect
exp int Timestamp, when the token will  expire
account_id int ID of the account from which the request was made
user_id int ID of the user from which the request was made
client_uuid string The UUID of the integration that made the request

Response example

{
    "iss": "https://subdomain.amocrm.ru",
    "aud": "https://external.integration.io",
    "jti": "d628f123-5123-473e-a123-ed123ef31f8f",
    "iat": 1594204245,
    "nbf": 1594204245,
    "exp": 1594206045,
    "account_id": 12345678,
    "user_id": 87654321,
    "subdomain": "subdomain",
    "client_uuid": "0b0832f6-d123-4123-9123-e73f236833c"
}