Authorization in Marketplace integrations
When developing a marketplace integration, with or without a widget, you need to create an integration. After creating the integration, you need to submit it for moderation so that, if successful, it will be shown in the public marketplace.
In order to pass moderation for marketplace integrations, it is necessary to specify in the description:
- a clear description of the functionality
- where the user can get familiar with the prices (if any)
- features in more detail.
Your integration can be authorized in an Kommo account either via a webhook, or by the button on the site method, depending on whether it has a widget or not.
Important Note: The limit on sending a hook from our side is 3 seconds. The response code is not checked, and resending it is not possible. It is important to note that virtual clicks on the installation button are prohibited in widgets.
You can see a similar example of our marketplace below, where marketplace integration with a widget has an install button, and marketplace integration without widget is available only for viewing while installation happens in the site that provides it.
Marketplace integrations with widgets work with Kommo via both API and web SDK. They are displayed in the marketplace and available for installation directly there.
When installing the widget from the Kommo interface, the user will receive a webhook to the Redirect URI that you specified in the integration settings with the GET parameters: code, referer, from_widget.
The code parameter represents the Authorization code, the referer parameter is the address of the user account, and the from_widget parameter indicates that the request was caused by the widget installation.
Marketplace integrations without widgets work with Kommo only via API. They are displayed in the marketplace, but just for viewing.
When the user clicks on them, there will be a description of the integration, how it works and how to install it. The user will be instructed to visit an external website provided by the integration, not Kommo and the installation is implemented by a button on the site. When the button is clicked, a new page will appear where the user gets to choose the account and provide their consent to authorize the integration in that account.
After granting access, the user will be redirected to the Redirect URI page with the GET parameters: code, referer, state. Then you can exchange the received code for an Access token, and the user will see the integration in the list of installed ones.
In order to pass moderation for such integrations, it is necessary to specify in the description where users need to go to install the integration.
How to check the authorization mechanism before passing moderation?
If you are developing a marketplace integration without a widget, then before passing moderation, you can use the button on the site method, but in limited mode. In the generated window for granting access, only one account will be available, the one in which the integration was created. After selecting the account, the same user redirection mechanics will work as in public integration.
If you are developing an integration that has both a widget and a backend part that works with our API, you will be able to get a webhook when installing/enabling the widget.
We consider an account as technical for an integration if the integration was created in it. That means this account belongs to this integration. Any administrator of this account can manage the integration’s name, description, activity, and update.
All questions related to the development and moderation of the integration should be directed to support from the technical account.