Browser

When performing the client-side browser requests to ONLYOFFICE Document Server a token is added to the parameters to validate the data.

When a file is opened for editing in ONLYOFFICE Document Server, the token is added to the configuration to validate the parameters.

The payload for the JWT token in the JSON format must have the same structure as the config. The parameter list to be signed is not strictly regulated, but we recommend that you specify the following parameters:

{
    "document": {
        "fileType": "docx",
        "key": "Khirz6zTPdfd7",
        "permissions": {
            "download": true,
            "edit": true,
            "print": true,
            "review": true
        },
        "title": "Example Document Title.docx",
        "url": "http://example.com/url-to-example-document.docx"
    },
    "editorConfig": {
        "callbackUrl": "http://example.com/url-to-callback.ashx",
        "mode": "edit",
        "user": {
            "id": "78e1e841",
            "name": "Smith"
        }
    }
}

Where the example.com is the name of the the server where document manager and document storage service are installed. See the How it works section to find out more on Document Server service client-server interactions.

Sample token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb2N1bWVudCI6eyJmaWxlVHlwZSI6ImRvY3giLCJrZXkiOiJLaGlyejZ6VFBkZmQ3IiwicGVybWlzc2lvbnMiOnsiZG93bmxvYWQiOnRydWUsImVkaXQiOnRydWUsInByaW50Ijp0cnVlLCJyZXZpZXciOnRydWV9LCJ0aXRsZSI6IkV4YW1wbGUgRG9jdW1lbnQgVGl0bGUuZG9jeCIsInVybCI6Imh0dHA6Ly9leGFtcGxlLmNvbS91cmwtdG8tZXhhbXBsZS1kb2N1bWVudC5kb2N4In0sImVkaXRvckNvbmZpZyI6eyJjYWxsYmFja1VybCI6Imh0dHA6Ly9leGFtcGxlLmNvbS91cmwtdG8tY2FsbGJhY2suYXNoeCIsIm1vZGUiOiJlZGl0IiwidXNlciI6eyJpZCI6Ijc4ZTFlODQxIiwibmFtZSI6IlNtaXRoIn19fQ.dQLHmsYqKoAG6vpcLngrIUkstAycpi8dFfP4lHPk0Uc

When calling the setHistoryData method to view the document history version in ONLYOFFICE Document Server, the token is added to validate the parameters.

The payload for the JWT token in the JSON format must have the same structure as the method parameter. The parameter list to be signed is not strictly regulated, but we recommend that you specify all the parameter sent:

{
    "changesUrl": "http://example.com/url-to-changes.zip",
    "key": "Khirz6zTPdfd7",
    "previous": {
        "key": "af86C7e71Ca8",
        "url": "http://example.com/url-to-the-previous-version-of-the-document.docx"
    },
    "url": "http://example.com/url-to-example-document.docx",
    "version": 2
}

Where the example.com is the name of the the server where document manager and document storage service are installed. See the How it works section to find out more on Document Server service client-server interactions.

Sample token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjaGFuZ2VzVXJsIjoiaHR0cDovL2V4YW1wbGUuY29tL3VybC10by1jaGFuZ2VzLnppcCIsImtleSI6IktoaXJ6NnpUUGRmZDciLCJwcmV2aW91cyI6eyJrZXkiOiJhZjg2QzdlNzFDYTgiLCJ1cmwiOiJodHRwOi8vZXhhbXBsZS5jb20vdXJsLXRvLXRoZS1wcmV2aW91cy12ZXJzaW9uLW9mLXRoZS1kb2N1bWVudC5kb2N4In0sInVybCI6Imh0dHA6Ly9leGFtcGxlLmNvbS91cmwtdG8tZXhhbXBsZS1kb2N1bWVudC5kb2N4IiwidmVyc2lvbiI6Mn0.9dgDsaVLFQ6RtoX_1s2pBVJHGnyMjxDXKC2TpC2nXb4