• 1-800-224-1462

How can I find my Bitrix24 Access API Parameters?

Here are the access parameters you need to connect Bitrix24 with API2Task:

type – Bitrix24

url – TMS URL

(example: https://testapi.bitrix24.com/)

access_token – your Bitrix24 access_token API REST with scopes "calendar, disk, telephony, crm, im, user, entity, task, tasks_extended, bizproc, mailservice, log, sonet_group, department"

(example: s6re4n8qilgqab41x1xcrf63z1esrzig)

refresh_token – your Bitrix24 refresh_token API REST

(example: s6re4n8qilgqab41x1xcrf63z1esrzig)

To obtain access_token and refresh_token:

    1. A Bitrix24 application uses client_id to get the value of code, which is imperative to get the authorization token. A user opens the following address in a browser:
      https://intranet_name.bitrix24.com/oauth/authorize/?response_type=code&client_id=app_ID&redirect_uri=app_URL
      intranet_name - it is a name of your Bitrix24 network.
      The browser will now redirect to the application URL passing the first authentication code (the code).
    2. The application uses clent_id, client_secret and code to get the values of access_code and refresh_token.
      The application sends a request: https://intranet_name.bitrix24.com/oauth/token/?grant_type=authorization_code&client_id=app_ID&client_secret=app_secret_code
      &code=first_authentication_code&scope=application_permissions&redirect_uri=application_URL
      The server will reply with a JSON string like:
      "access_token":"authentication_code","expires_in":3600,"scope":"granted_permissions","refresh_token":"authentication_refresh_code","domain":"Intranet_name","member_id":"Intranet_ID"}
    3. The application uses access_code to send REST requests until the access code is expired.
      https://intranet_name.bitrix24.com/rest/user.current?auth=authentication_code
    4. access_code will expire in an hour. The application can then use refresh_token to get a new access_code.
      https://intranet_name.bitrix24.com/oauth/token/?grant_type=refresh_token&client_id=app_ID&client_secret=app_secret_code
      &refresh_token=authentication_refresh_code&scope=granted_permission&redirect_uri=app_URL
    5. If refresh_token is still valid (was obtained less than a month ago), the application gets new valid access_code and refresh_token and proceeds to the step 3.
    6. If, however, refresh_token has expired, a user will have to authenticate again manually next time a REST request is going to be sent out.
In fact, a user intervention is only required at the first step. If the application is in frequent use, at least once per month, authorization will refresh in silent mode indefinitely. Notice that this algorithm is only applied to external applications. Hosted applications obtain and refresh authorization automatically.

Posted in: Getting Started

(Visited 1,121 times, 1 visits today)

Chat now
Welcome! I'm here to help with any questions
×
Need Help?

Schedule a Call

Still have questions? Let us know when you have time to discuss the business advantages you can gain from integration with API2Task with our expert.

Time zone: UTC +0

Your browser is out-of-date!

Update your browser to view this website correctly.Update my browser now

×