One-time Tokens for Integrations
These are JSON Web Token (JWT) tokens that can be transferred together with a request to third-party resources from the Kommo Web interface.
The token contains encrypted information about the user from which a request was made to a resource.
How do I get a one-time token?
We have already implemented the method this.$authorizedAjax() within the WEB SDK for your integration to work.
The method sends an ajax request with a temporary authorization token for the current user.
The X-Auth-Token header is added to the request. The remote server must give permission to receive requests from the account domain (configure CORS).
The method inherits all incoming parameters of the jQuery $.ajax() function, and in response also returns an object of the type jQuery $.Deferred that is fully compatible with the response of the $.ajax method.
Example of a call:
define([], function() {
'use strict';
return function() {
var self = this;
this.callbacks = {
init: function() {
return true;
},
render: function() {
self.$authorizedAjax({
url: 'https://example.com/'
}).done(function (response) {
console.log('success', response);
}).fail(function (err) {
console.log('error', err);
});
return true;
},
bind_actions: function() {
return true;
}
};
return this;
};
});Token decoding algorithm
The token signature algorithm is HS256.
The integration secret key is used as the encryption key (only the integration owner has access to this key).
To decode the token, we recommend using the methods of the public libraries. You can also use the debugger to decode, validate, and generate the JWT (JSON Web Token).
Token parameters after decoding
| Parameter | Data Type | Description |
| iss | string | Kommo account address |
| aud | string | The base address, which is formed based on the redirect_uri value in the integration |
| jti | string | UUID token |
| iat | int | Timestamp, when the token was issued |
| nbf | int | Timestamp, when the token begins to take effect |
| exp | int | Timestamp, when the token will expire |
| account_id | int | ID of the account from which the request was made |
| user_id | int | ID of the user from which the request was made |
| client_uuid | string | The UUID of the integration that made the request |
Response example
{
"iss": "https://subdomain.kommo.com",
"aud": "https://external.integration.io",
"jti": "d628f123-5123-473e-a123-ed123ef31f8f",
"iat": 1594204245,
"nbf": 1594204245,
"exp": 1594206045,
"account_id": 12345678,
"user_id": 87654321,
"subdomain": "subdomain",
"client_uuid": "0b0832f6-d123-4123-9123-e73f236833c"
}