Method Calls with Confirmation

If you are developing integrations for Bitrix24 using AI tools (Codex, Claude Code, Cursor), connect to the MCP server so that the assistant can utilize the official REST documentation.

Some methods require the account administrator's permission to be called. When such a method is invoked by the application, the account administrator will receive a notification asking to allow or deny the call, while the application will receive an error.

The permission or denial is granted to a specific authorization token used to call the method. This means that the permission is valid for the lifetime of the token, and a new permission must be obtained when receiving the next token.

How to Use Examples in Documentation

GET https://portal.bitrix24.com/rest/voximplant.user.get?auth=fkp963yuv1ggkfbs5z3f5hy8lilm0iw6&USER_ID=1
        HTTP/1.1 401 Unauthorized
        {
            "error": "METHOD_CONFIRM_WAITING", 
            "error_description": "Waiting for confirmation"
        }

Calling the method before receiving confirmation or a response will yield the same reply, but without a request for re-confirmation.

When the administrator confirms or denies the permission, an event handler OnAppMethodConfirm will be triggered, passing the confirmation result and the token to which this permission was granted:

array (
            'event' => 'ONAPPMETHODCONFIRM',
            'data' => 
            array (
                'TOKEN' => 'fkp963yuv1ggkfbs5z3f5hy8lilm0iw6',
                'METHOD' => 'voximplant.user.get',
                'CONFIRMED' => '1',
                'LANGUAGE_ID' => 'de',
                ),
            'ts' => '1478790852',
            'auth' => 
            array (
                'domain' => 'portal.bitrix24.com',
                'client_endpoint' => 'https://portal.bitrix24.com/rest/',
                'server_andpoint' => 'https://oauth.bitrix.info/rest/',
                'member_id' => '74ef8a46a75104de55d5d4a61b98ab6d',
                'application_token' => 'c289487163b58658eae5e8b42eaf11b8',
        	),

If the administrator allows the action, the application can use the same authorization token to work with the requested method:

GET https://portal.bitrix24.com/rest/voximplant.user.get?auth=fkp963yuv1ggkfbs5z3f5hy8lilm0iw6&USER_ID=1
        HTTP/1.1 200 OK
        {
            "result": [
                {
                    "DEFAULT_LINE": null, 
                    "ID": "1", 
                    "INNER_NUMBER": null, 
                    "PHONE_ENABLED": "Y", 
                    "SIP_LOGIN": "****", 
                    "SIP_PASSWORD": "*****", 
                    "SIP_SERVER": "*****"
                }
            ]
        }

In the case of denial, a corresponding error will be returned:

GET https://portal.bitrix24.com/rest/voximplant.user.get?auth=fkp963yuv1ggkfbs5z3f5hy8lilm0iw6&USER_ID=1
        HTTP/1.1 403 Forbidden
        {
            "error": "METHOD_CONFIRM_DENIED", 
            "error_description": "Method call denied"
        }

List of Methods Requiring Confirmation

Previous
Available scopes
Next
Widget Embedding Mechanism