Partner Connect: OAuth for external services

Meet Partner Connect — an OAuth 2.0 interface for external services that need access to Bitrix24 data through VibeCode on behalf of a user.

Why we built it. Before, partners asked users to create an API key manually and copy it into their service — insecure and inconvenient. Now there's a standard OAuth flow: the user sees a consent screen, approves the requested scopes, and the partner receives a key programmatically.

How it works. The partner registers an application with the platform admin, gets client_id and client_secret. They redirect the user to /v1/connect/authorize with the required scopes. The user sees who is asking for access and exactly what is requested — approves or declines. On approval, the partner exchanges the code for an API key through /v1/connect/token.

Security. Keys are bound to user and portal, scopes are limited to those requested, revocation is one click in the user cabinet. Full audit log of every partner action.

Who it's for. External SaaS products integrating with Bitrix24: CRM extensions, BI tools, AI platforms, marketplaces. If you're building one — Partner Connect removes the "send me your key" conversation and makes onboarding one-step.

Documentation at /docs/partner-connect. Request access through the feedback form.