[{"data":1,"prerenderedAt":2742},["ShallowReactive",2],{"navigation":3,"-docs-working-with-the-rest-api-logging":491,"-docs-working-with-the-rest-api-logging-description":2731},[4],{"title":5,"path":6,"stem":7,"children":8,"page":47},"Docs","\u002Fdocs","docs",[9,78,383],{"title":10,"path":11,"stem":12,"children":13,"restApiVersion":15,"category":15,"description":15,"badge":15},"Get Started","\u002Fdocs\u002Fgetting-started","docs\u002F1.getting-started\u002F1.index",[14,17,48,63],{"title":10,"path":11,"stem":12,"restApiVersion":15,"category":15,"description":16,"badge":15},null,"Quick start guide for working with the SDK for Bitrix24 REST API",{"title":18,"path":19,"stem":20,"children":21,"page":47},"Installation","\u002Fdocs\u002Fgetting-started\u002Finstallation","docs\u002F1.getting-started\u002F2.installation",[22,27,32,37,42],{"title":23,"path":24,"stem":25,"restApiVersion":15,"category":15,"description":26,"badge":15},"Vue","\u002Fdocs\u002Fgetting-started\u002Finstallation\u002Fvue","docs\u002F1.getting-started\u002F2.installation\u002F1.vue","Guide for installing Bitrix24 JS SDK in Vue applications.",{"title":28,"path":29,"stem":30,"restApiVersion":15,"category":15,"description":31,"badge":15},"Nuxt","\u002Fdocs\u002Fgetting-started\u002Finstallation\u002Fnuxt","docs\u002F1.getting-started\u002F2.installation\u002F2.nuxt","Guide for installing Bitrix24 JS SDK in Nuxt applications.",{"title":33,"path":34,"stem":35,"restApiVersion":15,"category":15,"description":36,"badge":15},"React","\u002Fdocs\u002Fgetting-started\u002Finstallation\u002Freact","docs\u002F1.getting-started\u002F2.installation\u002F3.react","Guide for installing Bitrix24 JS SDK in React applications.",{"title":38,"path":39,"stem":40,"restApiVersion":15,"category":15,"description":41,"badge":15},"Node.js","\u002Fdocs\u002Fgetting-started\u002Finstallation\u002Fnodejs","docs\u002F1.getting-started\u002F2.installation\u002F4.nodejs","Guide for installing Bitrix24 JS SDK in Node.js applications.",{"title":43,"path":44,"stem":45,"restApiVersion":15,"category":15,"description":46,"badge":15},"UMD","\u002Fdocs\u002Fgetting-started\u002Finstallation\u002Fumd","docs\u002F1.getting-started\u002F2.installation\u002F5.umd","Guide for using UMD version Bitrix24 JS SDK in you applications.",false,{"title":49,"restApiVersion":15,"category":15,"description":15,"badge":15,"shadow":47,"path":50,"stem":51,"children":52,"page":47},"Migration","\u002Fdocs\u002Fgetting-started\u002Fmigration","docs\u002F1.getting-started\u002F3.migration",[53,58],{"title":54,"path":55,"stem":56,"restApiVersion":15,"category":15,"description":57,"badge":15},"v0 to v1","\u002Fdocs\u002Fgetting-started\u002Fmigration\u002Fv1","docs\u002F1.getting-started\u002F3.migration\u002F1.v1","A comprehensive guide to migrate your application from Bitrix24 JS SDK v0 to Bitrix24 JS SDK v1.",{"title":59,"path":60,"stem":61,"restApiVersion":15,"category":15,"description":62,"badge":15},"v2 to v3","\u002Fdocs\u002Fgetting-started\u002Fmigration\u002Fv3","docs\u002F1.getting-started\u002F3.migration\u002F2.v3","How to migrate off the deprecated REST surface that is removed in Bitrix24 JS SDK 3.0.0.",{"title":64,"restApiVersion":15,"category":15,"description":15,"badge":15,"path":65,"stem":66,"children":67,"page":47},"AI Tools","\u002Fdocs\u002Fgetting-started\u002Fai","docs\u002F1.getting-started\u002F7.ai",[68,73],{"title":69,"path":70,"stem":71,"restApiVersion":15,"category":15,"description":72,"badge":15},"Skills","\u002Fdocs\u002Fgetting-started\u002Fai\u002Fskills","docs\u002F1.getting-started\u002F7.ai\u002F1.skills","Task-focused skill files for AI coding agents working with @bitrix24\u002Fb24jssdk.",{"title":74,"path":75,"stem":76,"restApiVersion":15,"category":15,"description":77,"badge":15},"LLMs.txt","\u002Fdocs\u002Fgetting-started\u002Fai\u002Fllms-txt","docs\u002F1.getting-started\u002F7.ai\u002F2.llms-txt","How to get AI tools like Cursor, Windsurf, GitHub Copilot, ChatGPT, and Claude to understand Bitrix24 JS SDK methods, tools, and best practices.",{"title":79,"path":80,"stem":81,"children":82,"restApiVersion":15,"category":15,"description":15,"badge":15},"Working with the REST API","\u002Fdocs\u002Fworking-with-the-rest-api","docs\u002F2.working-with-the-rest-api\u002F0.index",[83,86,93,98,103,107,112,116,121,126,130,135,140,145,150,155,160,165,170,175,179,184,189,194,200,205,210,215,220,225,230,235,240,245,251,256,261,267,272,277,282,287,293,299,304,310,315,320,325,330,335,341,348,353,358,363,368,373,378],{"title":84,"path":80,"stem":81,"restApiVersion":15,"category":15,"description":85,"badge":15},"Introduction","Overview of SDK capabilities for working with Bitrix24 REST API",{"title":87,"path":88,"stem":89,"restApiVersion":90,"category":91,"description":92,"badge":15},"Call","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fcall-rest-api-ver2","docs\u002F2.working-with-the-rest-api\u002F1.call-rest-api-ver2","rest-api-ver2","actions","A method for making Bitrix24 REST API version 2 calls.",{"title":87,"path":94,"stem":95,"restApiVersion":96,"category":91,"description":97,"badge":15},"\u002Fdocs\u002Fworking-with-the-rest-api\u002Fcall-rest-api-ver3","docs\u002F2.working-with-the-rest-api\u002F1.call-rest-api-ver3","rest-api-ver3","Method for making Bitrix24 REST API version 3 calls.",{"title":99,"path":100,"stem":101,"restApiVersion":90,"category":91,"description":102,"badge":15},"CallList","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fcall-list-rest-api-ver2","docs\u002F2.working-with-the-rest-api\u002F2.call-list-rest-api-ver2","Method for quickly retrieving all data from list methods of Bitrix24 REST API version 2.",{"title":99,"path":104,"stem":105,"restApiVersion":96,"category":91,"description":106,"badge":15},"\u002Fdocs\u002Fworking-with-the-rest-api\u002Fcall-list-rest-api-ver3","docs\u002F2.working-with-the-rest-api\u002F2.call-list-rest-api-ver3","Method for quickly retrieving all data from list methods of Bitrix24 REST API version 3.",{"title":108,"path":109,"stem":110,"restApiVersion":90,"category":91,"description":111,"badge":15},"FetchList","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ffetch-list-rest-api-ver2","docs\u002F2.working-with-the-rest-api\u002F2.fetch-list-rest-api-ver2","Returns an AsyncGenerator that allows processing data from list methods of Bitrix24 REST API version 2 as it is received without loading the entire array into memory at once. This is especially useful when working with very large volumes of data.",{"title":108,"path":113,"stem":114,"restApiVersion":96,"category":91,"description":115,"badge":15},"\u002Fdocs\u002Fworking-with-the-rest-api\u002Ffetch-list-rest-api-ver3","docs\u002F2.working-with-the-rest-api\u002F2.fetch-list-rest-api-ver3","Returns an AsyncGenerator that allows processing data from list methods of Bitrix24 REST API version 3 as it is received without loading the entire array into memory at once. This is especially useful when working with very large volumes of data.",{"title":117,"path":118,"stem":119,"restApiVersion":15,"category":117,"description":120,"badge":15},"B24Hook","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fhook","docs\u002F2.working-with-the-rest-api\u002F20.hook","Server-side entry point for talking to the Bitrix24 REST API through an inbound webhook (permanent token).",{"title":122,"path":123,"stem":124,"restApiVersion":90,"category":91,"description":125,"badge":15},"Batch","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fbatch-rest-api-ver2","docs\u002F2.working-with-the-rest-api\u002F3.batch-rest-api-ver2","Method for executing batch requests to Bitrix24 REST API version 2. Allows executing up to 50 commands in a single API call.",{"title":122,"path":127,"stem":128,"restApiVersion":96,"category":91,"description":129,"badge":15},"\u002Fdocs\u002Fworking-with-the-rest-api\u002Fbatch-rest-api-ver3","docs\u002F2.working-with-the-rest-api\u002F3.batch-rest-api-ver3","Method for executing batch requests to Bitrix24 REST API version 3. Allows executing up to 50 commands in a single API call.",{"title":84,"path":131,"stem":132,"restApiVersion":15,"category":133,"description":134,"badge":15},"\u002Fdocs\u002Fworking-with-the-rest-api\u002Fframe","docs\u002F2.working-with-the-rest-api\u002F30.frame","B24Frame","Designed for managing Bitrix24 applications running inside a placement iframe. Inherits from AbstractB24 and exposes managers for authentication, parent-window messaging, sliders, dialogs, placements, and options.",{"title":136,"path":137,"stem":138,"restApiVersion":15,"category":133,"description":139,"badge":15},"Initialization","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fframe-initialize-b24-frame","docs\u002F2.working-with-the-rest-api\u002F30.frame-initialize-b24-frame","Function is designed to initialize a B24Frame",{"title":141,"path":142,"stem":143,"restApiVersion":15,"category":133,"description":144,"badge":15},"Auth","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fframe-auth","docs\u002F2.working-with-the-rest-api\u002F31.frame-auth","Designed for managing authentication in Bitrix24 applications. It handles authentication data received from the parent window and provides methods for updating and retrieving this data.",{"title":146,"path":147,"stem":148,"restApiVersion":15,"category":133,"description":149,"badge":15},"Dialog","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fframe-dialog","docs\u002F2.working-with-the-rest-api\u002F31.frame-dialog","Wraps the BX24 system dialogs (user picker, access permission picker, CRM entity picker) so they can be opened from inside a Bitrix24 application iframe.",{"title":151,"path":152,"stem":153,"restApiVersion":15,"category":133,"description":154,"badge":15},"Options","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fframe-options","docs\u002F2.working-with-the-rest-api\u002F31.frame-options","Used for managing application and user settings in the Bitrix24 application. It allows initializing data, getting, and setting options through messages to the parent window.",{"title":156,"path":157,"stem":158,"restApiVersion":15,"category":133,"description":159,"badge":15},"Parent","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fframe-parent","docs\u002F2.working-with-the-rest-api\u002F31.frame-parent","Provides methods for managing the parent application window in Bitrix24, including resizing the window, managing scroll, initiating calls, and opening the messenger.",{"title":161,"path":162,"stem":163,"restApiVersion":15,"category":133,"description":164,"badge":15},"Placement","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fframe-placement","docs\u002F2.working-with-the-rest-api\u002F31.frame-placement","Used for managing the placement of widgets in the Bitrix24 application.",{"title":166,"path":167,"stem":168,"restApiVersion":15,"category":133,"description":169,"badge":15},"Slider","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fframe-slider","docs\u002F2.working-with-the-rest-api\u002F31.frame-slider","Provides methods for working with sliders in the Bitrix24 application. It allows opening and closing sliders, as well as managing their content.",{"title":171,"path":172,"stem":173,"restApiVersion":90,"category":91,"description":174,"badge":15},"BatchByChunk","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fbatch-by-chunk-rest-api-ver2","docs\u002F2.working-with-the-rest-api\u002F4.batch-by-chunk-rest-api-ver2","Method for executing batch requests with automatic chunking for any number of commands. Automatically splits large command sets into batches of 50 and executes them sequentially. Use only arrays of tuples or arrays of objects.",{"title":171,"path":176,"stem":177,"restApiVersion":96,"category":91,"description":178,"badge":15},"\u002Fdocs\u002Fworking-with-the-rest-api\u002Fbatch-by-chunk-rest-api-ver3","docs\u002F2.working-with-the-rest-api\u002F4.batch-by-chunk-rest-api-ver3","Method for executing batch requests to Bitrix24 REST API version 3 with automatic chunking for any number of commands. Automatically splits large command sets into batches of 50 and executes them sequentially. Use only arrays of tuples or arrays of objects.",{"title":180,"path":181,"stem":182,"restApiVersion":15,"category":180,"description":183,"badge":15},"B24OAuth","\u002Fdocs\u002Fworking-with-the-rest-api\u002Foauth","docs\u002F2.working-with-the-rest-api\u002F40.oauth","Server-side entry point for talking to the Bitrix24 REST API with an OAuth 2.0 access token (and automatic refresh).",{"title":185,"path":186,"stem":187,"restApiVersion":15,"category":15,"description":188,"badge":15},"Choosing the method","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fchoosing-the-right-method","docs\u002F2.working-with-the-rest-api\u002F5.choosing-the-right-method","Decision guide for picking between Call, CallList, FetchList, Batch and BatchByChunk in REST API v2 and v3.",{"title":190,"path":191,"stem":192,"restApiVersion":15,"category":15,"description":193,"badge":15},"Filtering","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ffiltering","docs\u002F2.working-with-the-rest-api\u002F5.filtering","Reference for building filter parameters in Bitrix24 REST API v2 (prefix operators) and v3 (array-of-triples), including date formatting and the order-stripping rule.",{"title":195,"path":196,"stem":197,"restApiVersion":15,"category":198,"description":199,"badge":15},"B24HelperManager","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fhelper","docs\u002F2.working-with-the-rest-api\u002F50.helper","Helper","Aggregate manager that loads profile, app, payment, license, currency, and options data with one batched REST call, plus wires the Pull client.",{"title":201,"path":202,"stem":203,"restApiVersion":15,"category":198,"description":204,"badge":15},"useB24Helper","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fhelper-use-b24-helper","docs\u002F2.working-with-the-rest-api\u002F51.helper-use-b24-helper","Closure-based composable that owns a single B24HelperManager instance and exposes lifecycle helpers (init \u002F destroy \u002F Pull client glue).",{"title":206,"path":207,"stem":208,"restApiVersion":15,"category":198,"description":209,"badge":15},"ProfileManager","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fhelper-profile-manager","docs\u002F2.working-with-the-rest-api\u002F52.helper-profile-manager","Parsed `profile` REST response: id, name, last name, gender, photo, time zone, admin flag.",{"title":211,"path":212,"stem":213,"restApiVersion":15,"category":198,"description":214,"badge":15},"AppManager","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fhelper-app-manager","docs\u002F2.working-with-the-rest-api\u002F53.helper-app-manager","Parsed `app.info` REST response: app id, code, version, status, install flag.",{"title":216,"path":217,"stem":218,"restApiVersion":15,"category":198,"description":219,"badge":15},"PaymentManager","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fhelper-payment-manager","docs\u002F2.working-with-the-rest-api\u002F54.helper-payment-manager","Payment status of a Bitrix24 application — extracted from `app.info`.",{"title":221,"path":222,"stem":223,"restApiVersion":15,"category":198,"description":224,"badge":15},"LicenseManager","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fhelper-license-manager","docs\u002F2.working-with-the-rest-api\u002F55.helper-license-manager","Bitrix24 license info from `app.info` — and an automatic restriction-manager retune for the matching tariff plan.",{"title":226,"path":227,"stem":228,"restApiVersion":15,"category":198,"description":229,"badge":15},"CurrencyManager","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fhelper-currency-manager","docs\u002F2.working-with-the-rest-api\u002F56.helper-currency-manager","Currency catalogue cached in memory — base currency, per-currency formatters, and number-to-string formatter.",{"title":231,"path":232,"stem":233,"restApiVersion":15,"category":198,"description":234,"badge":15},"OptionsManager","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fhelper-options-manager","docs\u002F2.working-with-the-rest-api\u002F57.helper-options-manager","Typed access to `app.option.get` \u002F `user.option.get`, plus a save() that batches `*.option.set` with an optional Pull notification.",{"title":236,"path":237,"stem":238,"restApiVersion":15,"category":15,"description":239,"badge":15},"Errors","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ferrors","docs\u002F2.working-with-the-rest-api\u002F6.errors","Reference for SdkError and AjaxError codes raised by the SDK, plus the Bitrix24 REST error codes that surface through them.",{"title":241,"path":242,"stem":243,"restApiVersion":15,"category":241,"description":244,"badge":15},"Pull","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fpull","docs\u002F2.working-with-the-rest-api\u002F60.pull","Real-time message stream from Bitrix24 to your application — WebSocket primary, long-polling fallback. Frame-only.",{"title":246,"path":247,"stem":248,"restApiVersion":15,"category":249,"description":250,"badge":15},"Logger","\u002Fdocs\u002Fworking-with-the-rest-api\u002Flogger","docs\u002F2.working-with-the-rest-api\u002F66.logger","logger","Logger inspired by PHP Monolog, provides a structured logging system with support for channels, handlers, processors, and formatters. Implementation follows PSR-3 principles and the chain of responsibility pattern.",{"title":252,"path":253,"stem":254,"restApiVersion":15,"category":249,"description":255,"badge":15},"Telegram","\u002Fdocs\u002Fworking-with-the-rest-api\u002Flogger-telegram","docs\u002F2.working-with-the-rest-api\u002F66.logger-telegram","Sending logs to Telegram",{"title":257,"path":258,"stem":259,"restApiVersion":15,"category":15,"description":260,"badge":15},"Discovering v3 methods","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fdiscovering-v3-methods","docs\u002F2.working-with-the-rest-api\u002F7.discovering-v3-methods","Use rest.documentation.openapi to fetch the portal's own machine-readable list of every available REST API v3 method — the source of truth the SDK relies on instead of a hardcoded allowlist. Especially useful for AI agents and codegen.",{"title":262,"path":263,"stem":264,"restApiVersion":15,"category":265,"description":266,"badge":15},"AjaxResult","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fcore-ajax-result","docs\u002F2.working-with-the-rest-api\u002F70.core-ajax-result","Core","Specialised Result returned by every REST helper. Provides `isMore() \u002F getNext() \u002F getTotal() \u002F getStatus()` for paged responses, and immutable data.",{"title":268,"path":269,"stem":270,"restApiVersion":15,"category":265,"description":271,"badge":15},"Http","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fcore-http","docs\u002F2.working-with-the-rest-api\u002F70.core-http","Low-level transport interface returned by `b24.getHttpClient(version)`. Direct access to the axios-based clients, restriction params, statistics, and reset.",{"title":273,"path":274,"stem":275,"restApiVersion":15,"category":265,"description":276,"badge":15},"B24LangList","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fcore-lang-list","docs\u002F2.working-with-the-rest-api\u002F70.core-lang-list","Enum of Bitrix24 cloud interface languages plus the BCP-47 locale map.",{"title":278,"path":279,"stem":280,"restApiVersion":15,"category":265,"description":281,"badge":15},"RequestIdGenerator","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fcore-request-id-generator","docs\u002F2.working-with-the-rest-api\u002F70.core-request-id-generator","Default `IRequestIdGenerator` implementation. Generates UUID v7 request ids and exposes the header \u002F query parameter names used by the SDK.",{"title":283,"path":284,"stem":285,"restApiVersion":15,"category":265,"description":286,"badge":15},"Result","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fcore-result","docs\u002F2.working-with-the-rest-api\u002F70.core-result","Generic operation result with success flag, data, and an error map. Analogue of \\\\Bitrix\\\\Main\\\\Result from the Bitrix Framework.",{"title":288,"path":289,"stem":290,"restApiVersion":15,"category":291,"description":292,"badge":15},"Limiters","\u002Fdocs\u002Fworking-with-the-rest-api\u002Flimiters","docs\u002F2.working-with-the-rest-api\u002F77.limiters","limiters","The restrictions system provides a comprehensive mechanism for managing request frequency, operation execution time, and adaptive delays.",{"title":294,"path":295,"stem":296,"restApiVersion":15,"category":297,"description":298,"badge":15},"Logging & Redaction","\u002Fdocs\u002Fworking-with-the-rest-api\u002Flogging","docs\u002F2.working-with-the-rest-api\u002F78.logging","logging","What the SDK redacts automatically before any request information enters the logger or an AjaxError, what it does not redact, and how to wire a custom logger via setLogger(...) without re-introducing credential leaks.",{"title":300,"path":301,"stem":302,"restApiVersion":15,"category":15,"description":303,"badge":15},"Security","\u002Fdocs\u002Fworking-with-the-rest-api\u002Fsecurity","docs\u002F2.working-with-the-rest-api\u002F79.security","Two hardening patterns for any server that receives Bitrix24 outbound events or OAuth install\u002Funinstall callbacks: reply 200 before you verify, and compare application_token in constant time.",{"title":305,"path":306,"stem":307,"restApiVersion":15,"category":308,"description":309,"badge":15},"Browser","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftools-browser","docs\u002F2.working-with-the-rest-api\u002F80.tools-browser","tools","Cheap user-agent \u002F platform \u002F capability detector. Useful for runtime branches in front-end code.",{"title":311,"path":312,"stem":313,"restApiVersion":15,"category":308,"description":314,"badge":15},"Environment","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftools-environment","docs\u002F2.working-with-the-rest-api\u002F80.tools-environment","Runtime environment detection — `getEnvironment()` and the `Environment` enum for branching between browser and Node.js code paths.",{"title":316,"path":317,"stem":318,"restApiVersion":15,"category":308,"description":319,"badge":15},"Object helpers","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftools-object-helpers","docs\u002F2.working-with-the-rest-api\u002F80.tools-object-helpers","Tiny, dependency-free object and enum helpers — `pick`, `omit`, `getEnumValue`, and the `isArrayOfArray` type guard.",{"title":321,"path":322,"stem":323,"restApiVersion":15,"category":308,"description":324,"badge":15},"Text","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftools-text","docs\u002F2.working-with-the-rest-api\u002F80.tools-text","Text and date utilities — UUID v4 \u002F v7, encode \u002F decode HTML entities, type conversions, case helpers, Luxon-backed `toDateTime` \u002F `toB24Format`, number formatting, and query-string builder.",{"title":326,"path":327,"stem":328,"restApiVersion":15,"category":308,"description":329,"badge":15},"Type","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftools-type","docs\u002F2.working-with-the-rest-api\u002F80.tools-type","Runtime type guards — strings, numbers, plain objects, arrays, DOM nodes, Blobs, FormData, JSON-RPC message shapes.",{"title":331,"path":332,"stem":333,"restApiVersion":15,"category":308,"description":334,"badge":15},"useFormatter","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftools-use-formatters","docs\u002F2.working-with-the-rest-api\u002F80.tools-use-formatters","Composable that returns shared `FormatterNumbers` and `FormatterIban` instances pre-configured with country specifications.",{"title":336,"path":337,"stem":338,"restApiVersion":15,"category":339,"description":340,"badge":15},"Common","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftypes-common","docs\u002F2.working-with-the-rest-api\u002F90.types-common","Types","Foundational building blocks used across the SDK — scalar string aliases, field-metadata shapes (Fields, MultiField, UserFieldType), and the DataType enum.",{"title":342,"path":343,"stem":344,"children":345,"restApiVersion":15,"category":339,"description":347,"badge":15},"Types overview","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftypes-index","docs\u002F2.working-with-the-rest-api\u002F90.types-index",[346],{"title":342,"path":343,"stem":344,"restApiVersion":15,"category":339,"description":347,"badge":15},"Navigable map of every types\u002F* module in the SDK — which have a dedicated page, which are surfaced through another page, and which are follow-ups.",{"title":349,"path":350,"stem":351,"restApiVersion":15,"category":339,"description":352,"badge":15},"IResult","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftypes-iresult","docs\u002F2.working-with-the-rest-api\u002F90.types-iresult","Generic operation-result interface. Implemented by `Result\u003CT>` and (transitively) by `AjaxResult\u003CT>`.",{"title":354,"path":355,"stem":356,"restApiVersion":15,"category":339,"description":357,"badge":15},"Payloads","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftypes-payloads","docs\u002F2.working-with-the-rest-api\u002F90.types-payloads","The REST response envelope — PayloadTime, GetPayload, ListPayload, BatchPayload, SuccessPayload, and the Payload union, with a note on the v2 vs v3 envelope status.",{"title":359,"path":360,"stem":361,"restApiVersion":15,"category":339,"description":362,"badge":15},"TypeB24","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftypes-type-b24","docs\u002F2.working-with-the-rest-api\u002F90.types-type-b24","Public contract implemented by every entry-point class (B24Frame, B24Hook, B24OAuth). Single source of truth for the SDK surface.",{"title":364,"path":365,"stem":366,"restApiVersion":15,"category":265,"description":367,"badge":15},"Telemetry","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftelemetry","docs\u002F2.working-with-the-rest-api\u002F95.telemetry","Request id, SDK version, and SDK type query parameters added to every Bitrix24 REST call.",{"title":369,"path":370,"stem":371,"restApiVersion":15,"category":265,"description":372,"badge":15},"Error Codes","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ferror-codes","docs\u002F2.working-with-the-rest-api\u002F96.error-codes","Catalogue of error codes the SDK recognises — split into \"hard\" (thrown) and \"soft\" (returned as AjaxError inside AjaxResult).",{"title":374,"path":375,"stem":376,"restApiVersion":15,"category":308,"description":377,"badge":15},"HealthCheck","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftools-health-check","docs\u002F2.working-with-the-rest-api\u002Ftools-health-check","Method for checking the availability of Bitrix24 REST API. Performs a simple request to the REST API to verify service health.",{"title":379,"path":380,"stem":381,"restApiVersion":15,"category":308,"description":382,"badge":15},"Ping","\u002Fdocs\u002Fworking-with-the-rest-api\u002Ftools-ping","docs\u002F2.working-with-the-rest-api\u002Ftools-ping","Method for measuring Bitrix24 REST API response speed. Performs a test request and returns response time in milliseconds.",{"title":384,"path":385,"stem":386,"children":387,"restApiVersion":15,"category":15,"description":15,"badge":15},"Examples","\u002Fdocs\u002Fexamples","docs\u002F99.examples\u002F0.index",[388,390,396,401,406,411,416,421,426,431,436,441,446,451,456,461,466,471,476,481,486],{"title":84,"path":385,"stem":386,"restApiVersion":15,"category":15,"description":389,"badge":15},"Recipes that pair the SDK with realistic scenarios — CRM analytics, mass messaging, AI assistants, OAuth installs, and more. Each recipe is a single, copy-paste-friendly file.",{"title":391,"path":392,"stem":393,"restApiVersion":15,"category":394,"description":395,"badge":15},"CRM analytics","\u002Fdocs\u002Fexamples\u002Fcrm-analytics","docs\u002F99.examples\u002F1.crm-analytics","examples","Stream all deals via actions.v2.fetchList.make, group by stage, print a funnel report (counts, conversion %, avg ticket, win rate).",{"title":397,"path":398,"stem":399,"restApiVersion":15,"category":394,"description":400,"badge":15},"Deals → CSV","\u002Fdocs\u002Fexamples\u002Fdashboard-deals-csv","docs\u002F99.examples\u002F1.dashboard-deals-csv","Stream every CRM deal that matches a date filter into a CSV file using a webhook and FetchListV2.",{"title":402,"path":403,"stem":404,"restApiVersion":15,"category":15,"description":405,"badge":15},"Entity List","\u002Fdocs\u002Fexamples\u002Fentity-list","docs\u002F99.examples\u002F10.entity-list","Render a paged Bitrix24 entity list with B24UI components and the SDK callList action.",{"title":407,"path":408,"stem":409,"restApiVersion":15,"category":394,"description":410,"badge":15},"Error handling","\u002Fdocs\u002Fexamples\u002Ferror-handling","docs\u002F99.examples\u002F10.error-handling","Demonstrates the four error layers (SdkError \u002F AjaxError \u002F network \u002F soft) and the hardErrorCodes \u002F softErrorCodes \u002F retryOnNetworkError knobs on the restriction manager.",{"title":412,"path":413,"stem":414,"restApiVersion":15,"category":394,"description":415,"badge":15},"Event registration","\u002Fdocs\u002Fexamples\u002Fevent-registration","docs\u002F99.examples\u002F11.event-registration","CLI tool — list, bind, and unbind Bitrix24 outbound webhook events via event.get \u002F event.bind \u002F event.unbind. Pairs with the webhook handler recipe.",{"title":417,"path":418,"stem":419,"restApiVersion":15,"category":394,"description":420,"badge":15},"OAuth install","\u002Fdocs\u002Fexamples\u002Foauth-install","docs\u002F99.examples\u002F12.oauth-install","Express server that handles ONAPPINSTALL \u002F ONAPPUPDATE \u002F ONAPPUNINSTALL events for a Bitrix24 marketplace app, persists tokens per portal, and builds a B24OAuth client on demand with a refresh callback wired to storage.",{"title":422,"path":423,"stem":424,"restApiVersion":15,"category":394,"description":425,"badge":15},"Frame app skeleton","\u002Fdocs\u002Fexamples\u002Fframe-app-skeleton","docs\u002F99.examples\u002F2.frame-app-skeleton","Minimum viable Bitrix24 iframe app: init handshake, set title, persist app state, open a slider, close cleanly.",{"title":427,"path":428,"stem":429,"restApiVersion":15,"category":394,"description":430,"badge":15},"Mass messaging","\u002Fdocs\u002Fexamples\u002Fmass-messaging","docs\u002F99.examples\u002F2.mass-messaging","Filter contacts in CRM, personalise a template, send IM notifications to assigned managers.",{"title":432,"path":433,"stem":434,"restApiVersion":15,"category":15,"description":435,"badge":15},"Installation Wizard","\u002Fdocs\u002Fexamples\u002Fapp-installation-wizard","docs\u002F99.examples\u002F20.app-installation-wizard","Multi-step install flow that creates user fields, registers placements, finalises the installation, and celebrates with confetti.",{"title":437,"path":438,"stem":439,"restApiVersion":15,"category":394,"description":440,"badge":15},"Task automation","\u002Fdocs\u002Fexamples\u002Ftask-automation","docs\u002F99.examples\u002F3.task-automation","Poll deal stages every 60 s. When a watched transition fires, create a task with description, deadline and priority.",{"title":442,"path":443,"stem":444,"restApiVersion":15,"category":394,"description":445,"badge":15},"Webhook CLI","\u002Fdocs\u002Fexamples\u002Fwebhook-cli-node","docs\u002F99.examples\u002F3.webhook-cli-node","A 30-line Node script that authenticates against a Bitrix24 portal via inbound webhook and prints the calling user — useful as the first thing you run after creating a webhook.",{"title":447,"path":448,"stem":449,"restApiVersion":15,"category":15,"description":450,"badge":15},"Node + Hook Export","\u002Fdocs\u002Fexamples\u002Fnode-hook-company-export","docs\u002F99.examples\u002F30.node-hook-company-export","Export Bitrix24 companies into a CSV file from a pure Node.js script using B24Hook.",{"title":452,"path":453,"stem":454,"restApiVersion":15,"category":394,"description":455,"badge":15},"Bulk update","\u002Fdocs\u002Fexamples\u002Fbulk-update-deals","docs\u002F99.examples\u002F4.bulk-update-deals","Migrate thousands of CRM deals to a new stage using BatchByChunkV2 — automatic chunking, partial-error handling, and a single progress line.",{"title":457,"path":458,"stem":459,"restApiVersion":15,"category":394,"description":460,"badge":15},"ERP sync","\u002Fdocs\u002Fexamples\u002Ferp-sync","docs\u002F99.examples\u002F4.erp-sync","Two-way contact sync between Bitrix24 and an external ERP. Match by INN (primary) or email (fallback). Cron every hour.",{"title":462,"path":463,"stem":464,"restApiVersion":15,"category":394,"description":465,"badge":15},"Disk files","\u002Fdocs\u002Fexamples\u002Fdisk-files","docs\u002F99.examples\u002F5.disk-files","List storages and folder children, create subfolders, inspect files. File upload (multipart) is intentionally out of scope.",{"title":467,"path":468,"stem":469,"restApiVersion":15,"category":394,"description":470,"badge":15},"Pull subscribe","\u002Fdocs\u002Fexamples\u002Fpull-subscribe-frame","docs\u002F99.examples\u002F5.pull-subscribe-frame","Open a live channel from a Bitrix24 frame app and react to push events using useB24Helper + the Pull client.",{"title":472,"path":473,"stem":474,"restApiVersion":15,"category":394,"description":475,"badge":15},"Telegram bot","\u002Fdocs\u002Fexamples\u002Ftelegram-bot","docs\u002F99.examples\u002F6.telegram-bot","Poll new CRM deals every two minutes; notify a Telegram chat with an HTML-formatted card.",{"title":477,"path":478,"stem":479,"restApiVersion":15,"category":394,"description":480,"badge":15},"Webhook handler","\u002Fdocs\u002Fexamples\u002Fwebhook-handler","docs\u002F99.examples\u002F7.webhook-handler","Express server that receives Bitrix24 outbound events, fetches details via REST, dispatches by event name. Always returns 200.",{"title":482,"path":483,"stem":484,"restApiVersion":15,"category":394,"description":485,"badge":15},"AI assistant","\u002Fdocs\u002Fexamples\u002Fai-assistant","docs\u002F99.examples\u002F8.ai-assistant","Load a deal and its activities, ask GPT-4o for the next-best action, create a task bound to the deal with priority and deadline.",{"title":487,"path":488,"stem":489,"restApiVersion":15,"category":394,"description":490,"badge":15},"Web search + LLM","\u002Fdocs\u002Fexamples\u002Fweb-search-llm","docs\u002F99.examples\u002F9.web-search-llm","Two-step RAG: ask any web-search provider, run the result through your LLM with [N] citations, post the answer as a CRM timeline comment on a deal.",{"id":492,"title":493,"audited":494,"badge":15,"body":495,"category":297,"cookbookOrder":15,"description":298,"extension":2718,"featured":47,"links":2719,"meta":2727,"navigation":2728,"path":295,"restApiVersion":15,"scopes":15,"seo":2729,"stack":15,"stem":296,"__hash__":2730},"docs\u002Fdocs\u002F2.working-with-the-rest-api\u002F78.logging.md","Logging & Credential Redaction","2026-07-01",{"type":496,"value":497,"toc":2704},"minimark",[498,503,518,526,577,593,612,630,634,643,836,860,882,911,934,954,959,1118,1167,1197,1214,1217,1224,1486,1510,1514,1559,1579,1589,1606,1675,1678,1687,1765,1837,1844,1848,1851,1854,2219,2225,2228,2395,2398,2468,2471,2474,2480,2522,2533,2538,2571,2580,2595,2607,2626,2642,2645,2649,2652,2684,2700],[499,500,502],"h2",{"id":501},"overview","Overview",[504,505,506,507,517],"p",{},"The SDK redacts a fixed set of credential-bearing keys before request data\ncan reach a logger sink or an error object. The redactor\n(",[508,509,513],"a",{"href":510,"rel":511},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fblob\u002Fmain\u002Fpackages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fredact.ts",[512],"nofollow",[514,515,516],"code",{},"redact.ts",")\nis a single source of truth, shared across the SDK.",[504,519,520,521,525],{},"In the ",[522,523,524],"strong",{},"HTTP layer"," (since v1.1.2) it strips those keys from any request\npayload before it can reach:",[527,528,529,556],"ul",{},[530,531,532,533,536,537,540,541,540,544,547,548,551,552,555],"li",{},"the ",[522,534,535],{},"logger context"," of ",[514,538,539],{},"post\u002Fsend",", ",[514,542,543],{},"post\u002Fresponse",[514,545,546],{},"post\u002FcatchError","\ninfo-level entries (and the lower-level ",[514,549,550],{},"http request starting"," \u002F\n",[514,553,554],{},"_logRequest"," debug entry),",[530,557,532,558,561,562,568,569,572,573,576],{},[514,559,560],{},"requestInfo.params"," field carried by ",[508,563,565],{"href":564},"#ajaxerror--tojson--tostring",[514,566,567],{},"AjaxError",",\nwhich is what consumers see via ",[514,570,571],{},"AjaxError.toString()"," \u002F ",[514,574,575],{},"toJSON()",".",[504,578,579,580,583,584,587,588,592],{},"The same redactor — plus a few safe-projection fixes — also guards the\ncredential surfaces ",[522,581,582],{},"outside"," the HTTP layer: the pull client, the frame\n",[514,585,586],{},"postMessage"," channel, and hook error messages. See\n",[508,589,591],{"href":590},"#non-http-surfaces","Non-HTTP surfaces"," below.",[504,594,595,596,599,600,603,604,607,608,611],{},"This means a user wiring a custom logger through ",[514,597,598],{},"B24Hook.setLogger(...)",",\n",[514,601,602],{},"B24Frame.setLogger(...)"," or ",[514,605,606],{},"B24OAuth.setLogger(...)"," does ",[522,609,610],{},"not"," need\nto add their own redaction for the standard credential keys listed below —\nthe SDK already strips them on the way out.",[504,613,614,615,617,618,621,622,625,626,576],{},"Caller-supplied custom fields are ",[522,616,610],{}," covered. Anything you stuff into\n",[514,619,620],{},"params"," under a non-standard key (e.g. ",[514,623,624],{},"mySecretField",") reaches the logger\nverbatim. See ",[508,627,629],{"href":628},"#what-the-sdk-does-not-redact","What the SDK does not redact",[499,631,633],{"id":632},"what-the-sdk-redacts-automatically","What the SDK redacts automatically",[504,635,636,637,576],{},"The single source of truth is\n",[508,638,640],{"href":510,"rel":639},[512],[514,641,642],{},"packages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fredact.ts",[644,645,650],"pre",{"className":646,"code":647,"language":648,"meta":649,"style":649},"language-ts shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","\u002F\u002F packages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fredact.ts\nexport const SENSITIVE_PARAM_KEYS: readonly string[] = [\n  'auth',\n  'password',\n  'token',\n  'secret',\n  'access_token',\n  'refresh_token',\n  'client_secret',\n  'application_token',\n  'sessid',\n  'key',\n  'signature'\n]\n","ts","",[514,651,652,661,696,711,723,735,747,759,771,783,795,807,819,830],{"__ignoreMap":649},[653,654,657],"span",{"class":655,"line":656},"line",1,[653,658,660],{"class":659},"sHwdD","\u002F\u002F packages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fredact.ts\n",[653,662,664,668,672,676,680,683,687,690,693],{"class":655,"line":663},2,[653,665,667],{"class":666},"s7zQu","export",[653,669,671],{"class":670},"spNyl"," const",[653,673,675],{"class":674},"sTEyZ"," SENSITIVE_PARAM_KEYS",[653,677,679],{"class":678},"sMK4o",":",[653,681,682],{"class":670}," readonly",[653,684,686],{"class":685},"sBMFI"," string",[653,688,689],{"class":674},"[] ",[653,691,692],{"class":678},"=",[653,694,695],{"class":674}," [\n",[653,697,699,702,706,709],{"class":655,"line":698},3,[653,700,701],{"class":678},"  '",[653,703,705],{"class":704},"sfazB","auth",[653,707,708],{"class":678},"'",[653,710,599],{"class":678},[653,712,714,716,719,721],{"class":655,"line":713},4,[653,715,701],{"class":678},[653,717,718],{"class":704},"password",[653,720,708],{"class":678},[653,722,599],{"class":678},[653,724,726,728,731,733],{"class":655,"line":725},5,[653,727,701],{"class":678},[653,729,730],{"class":704},"token",[653,732,708],{"class":678},[653,734,599],{"class":678},[653,736,738,740,743,745],{"class":655,"line":737},6,[653,739,701],{"class":678},[653,741,742],{"class":704},"secret",[653,744,708],{"class":678},[653,746,599],{"class":678},[653,748,750,752,755,757],{"class":655,"line":749},7,[653,751,701],{"class":678},[653,753,754],{"class":704},"access_token",[653,756,708],{"class":678},[653,758,599],{"class":678},[653,760,762,764,767,769],{"class":655,"line":761},8,[653,763,701],{"class":678},[653,765,766],{"class":704},"refresh_token",[653,768,708],{"class":678},[653,770,599],{"class":678},[653,772,774,776,779,781],{"class":655,"line":773},9,[653,775,701],{"class":678},[653,777,778],{"class":704},"client_secret",[653,780,708],{"class":678},[653,782,599],{"class":678},[653,784,786,788,791,793],{"class":655,"line":785},10,[653,787,701],{"class":678},[653,789,790],{"class":704},"application_token",[653,792,708],{"class":678},[653,794,599],{"class":678},[653,796,798,800,803,805],{"class":655,"line":797},11,[653,799,701],{"class":678},[653,801,802],{"class":704},"sessid",[653,804,708],{"class":678},[653,806,599],{"class":678},[653,808,810,812,815,817],{"class":655,"line":809},12,[653,811,701],{"class":678},[653,813,814],{"class":704},"key",[653,816,708],{"class":678},[653,818,599],{"class":678},[653,820,822,824,827],{"class":655,"line":821},13,[653,823,701],{"class":678},[653,825,826],{"class":704},"signature",[653,828,829],{"class":678},"'\n",[653,831,833],{"class":655,"line":832},14,[653,834,835],{"class":674},"]\n",[504,837,838,839,842,843,572,845,572,848,851,852,855,856,859],{},"Wherever any of these keys appears — matched ",[522,840,841],{},"case-insensitively",", so\n",[514,844,141],{},[514,846,847],{},"TOKEN",[514,849,850],{},"Access_Token"," are caught too — the value is replaced\nwith ",[514,853,854],{},"'***REDACTED***'"," (the exported ",[514,857,858],{},"REDACTED_PLACEHOLDER",") before the\npayload is serialised for logging or stored on an error object.",[504,861,862,863,866,867,870,871,874,875,878,879,881],{},"The walk descends ",[522,864,865],{},"two levels"," into nested objects and arrays. That\ncovers the batch shape ",[514,868,869],{},"{ cmd: [{ method, params: { ...creds... } }, ...] }","\nwhere the credential lives at ",[514,872,873],{},"cmd[i].params.\u003Ckey>",", plus flat one-level\nshapes like ",[514,876,877],{},"{ data: { token } }",". Anything deeper than that is ",[522,880,610],{},"\nwalked — keep secrets close to the top of the payload if you want them\ncaught, or redact at the callsite.",[504,883,884,885,888,889,892,893,896,897,900,901,572,904,907,908,910],{},"The redactor also scans ",[522,886,887],{},"string values"," for query-string credential\npairs (",[514,890,891],{},"\u003Ckey>=\u003Cvalue>",") and masks the value in place. This covers the\nserialised batch command shape ",[514,894,895],{},"cmd[i] = 'method?auth=\u003Ctoken>&…'",", where\nthe credential is text rather than an object key. Only a ",[514,898,899],{},"key=value"," pair\nwhose key is one of the canonical keys is masked, and a query boundary\n(",[514,902,903],{},"?",[514,905,906],{},"&"," \u002F start of string) is required — so a value-position ",[514,909,692],{}," is\nleft alone.",[504,912,913,914,916,917,919,920,923,924,926,927,929,930,933],{},"The ",[514,915,814],{}," entry is deliberately broad: it masks any property literally\nnamed ",[514,918,814],{}," (and any ",[514,921,922],{},"?key=…"," query pair), not only API-key-shaped values.\nIn Bitrix24 REST ",[514,925,814],{}," is a credential parameter, so this is a conservative\nchoice — be aware a non-credential field named ",[514,928,814],{}," will also show as\n",[514,931,932],{},"***REDACTED***"," in your logs.",[504,935,913,936,938,939,941,942,945,946,948,949,951,952,576],{},[514,937,826],{}," entry (added in #43 for the Pull channel HMAC) is broad in\nthe same way: any property named ",[514,940,826],{}," and any ",[514,943,944],{},"?signature=…"," query\npair is masked. In Bitrix24 push\u002Fpull ",[514,947,826],{}," is the channel HMAC, so the\nbreadth is accepted — a non-credential field named ",[514,950,826],{}," will also\nrender as ",[514,953,932],{},[955,956,958],"h3",{"id":957},"http-callsites-that-consume-the-redactor","HTTP callsites that consume the redactor",[960,961,962,981],"table",{},[963,964,965],"thead",{},[966,967,968,972,975,978],"tr",{},[969,970,971],"th",{},"Where",[969,973,974],{},"Log channel",[969,976,977],{},"Level",[969,979,980],{},"Source",[982,983,984,1011,1036,1061,1089],"tbody",{},[966,985,986,992,997,1002],{},[987,988,989,991],"td",{},[514,990,539],{}," (request being dispatched)",[987,993,994,995],{},"logger context ",[514,996,620],{},[987,998,999],{},[514,1000,1001],{},"info",[987,1003,1004],{},[508,1005,1008],{"href":1006,"rel":1007},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fblob\u002Fmain\u002Fpackages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fabstract-http.ts#L544",[512],[514,1009,1010],{},"abstract-http.ts:544",[966,1012,1013,1018,1023,1027],{},[987,1014,1015,1017],{},[514,1016,543],{}," (success body)",[987,1019,994,1020],{},[514,1021,1022],{},"result",[987,1024,1025],{},[514,1026,1001],{},[987,1028,1029],{},[508,1030,1033],{"href":1031,"rel":1032},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fblob\u002Fmain\u002Fpackages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fabstract-http.ts#L561",[512],[514,1034,1035],{},"abstract-http.ts:561",[966,1037,1038,1043,1048,1052],{},[987,1039,1040,1042],{},[514,1041,546],{}," (axios error)",[987,1044,994,1045],{},[514,1046,1047],{},"responseData",[987,1049,1050],{},[514,1051,1001],{},[987,1053,1054],{},[508,1055,1058],{"href":1056,"rel":1057},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fblob\u002Fmain\u002Fpackages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fabstract-http.ts#L506",[512],[514,1059,1060],{},"abstract-http.ts:506",[966,1062,1063,1071,1075,1080],{},[987,1064,1065,1067,1068,1070],{},[514,1066,550],{}," (",[514,1069,554],{},")",[987,1072,994,1073],{},[514,1074,620],{},[987,1076,1077],{},[514,1078,1079],{},"debug",[987,1081,1082],{},[508,1083,1086],{"href":1084,"rel":1085},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fblob\u002Fmain\u002Fpackages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fabstract-http.ts#L678",[512],[514,1087,1088],{},"abstract-http.ts:678",[966,1090,1091,1096,1106,1109],{},[987,1092,1093,1095],{},[514,1094,567],{}," constructor",[987,1097,1098,1100,1101,572,1103,1070],{},[514,1099,560],{}," (visible via ",[514,1102,575],{},[514,1104,1105],{},"toString()",[987,1107,1108],{},"n\u002Fa",[987,1110,1111],{},[508,1112,1115],{"href":1113,"rel":1114},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fblob\u002Fmain\u002Fpackages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fajax-error.ts#L44",[512],[514,1116,1117],{},"ajax-error.ts:44",[504,1119,1120,1121,1128,1129,540,1132,540,1135,599,1138,540,1141,1144,1145,540,1148,540,1151,540,1154,540,1157,1160,1161,1163,1164,1166],{},"The other log callsites in ",[508,1122,1125],{"href":1123,"rel":1124},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fblob\u002Fmain\u002Fpackages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fabstract-http.ts",[512],[514,1126,1127],{},"abstract-http.ts","\n(",[514,1130,1131],{},"http request attempt",[514,1133,1134],{},"http request successful",[514,1136,1137],{},"http request failed",[514,1139,1140],{},"http refreshing auth token",[514,1142,1143],{},"http auth error detected",", retry-wait\nlogs) carry only ",[514,1146,1147],{},"requestId",[514,1149,1150],{},"method",[514,1152,1153],{},"api",[514,1155,1156],{},"attempt",[514,1158,1159],{},"duration",",\nand ",[514,1162,567],{}," code\u002Fmessage\u002Fstatus — none of them touch ",[514,1165,620],{}," or\nthe webhook URL, so they have no redaction concern.",[504,1168,1169,1170,1173,1174,1176,1177,599,1179,1176,1181,1183,1184,1176,1186,1188,1189,1192,1193,1196],{},"The logged payloads are also ",[522,1171,1172],{},"length-capped",": ",[514,1175,539],{}," ",[514,1178,620],{},[514,1180,543],{},[514,1182,1022],{},", and ",[514,1185,546],{},[514,1187,1047],{}," are each\ntruncated to a 100-character prefix + ",[514,1190,1191],{},"..."," once they exceed 300 characters, so\na large body (an HTML error page, a big validation dump) can't flood a wired\nlogger sink. The cap is applied ",[522,1194,1195],{},"after"," redaction, so it never affects what is\nmasked — only how much is written (#236).",[504,1198,1199,1200,1203,1204,540,1207,540,1210,1213],{},"The redaction is ",[522,1201,1202],{},"level-independent"," — it runs on the data before it\nis handed to the logger, so it applies whether your handler is filtering\nat ",[514,1205,1206],{},"DEBUG",[514,1208,1209],{},"INFO",[514,1211,1212],{},"ERROR",", or anything else.",[955,1215,591],{"id":1216},"non-http-surfaces",[504,1218,1219,1220,1223],{},"The #43 audit extended the same protection to the credential surfaces that\nlive outside the HTTP layer. These do not pass through ",[514,1221,1222],{},"post\u002F*",", so they are\nguarded at their own callsites:",[960,1225,1226,1239],{},[963,1227,1228],{},[966,1229,1230,1233,1236],{},[969,1231,1232],{},"Surface",[969,1234,1235],{},"What was carrying a credential",[969,1237,1238],{},"How it's guarded",[982,1240,1241,1281,1307,1333,1352,1402,1433,1466],{},[966,1242,1243,1263,1274],{},[987,1244,1245,1247,1248,1067,1251,1254,1255,1258,1259,1262],{},[522,1246,241],{}," — ",[514,1249,1250],{},"logMessage",[514,1252,1253],{},"onPull*Event"," info logs), ",[514,1256,1257],{},"broadcastMessages"," error warning, ",[514,1260,1261],{},"attachCommandHandler"," debug",[987,1264,1265,1266,572,1268,1271,1272,1070],{},"app-defined ",[514,1267,620],{},[514,1269,1270],{},"extra"," may hold a credential-shaped key (e.g. a channel ",[514,1273,826],{},[987,1275,1276,1277,1280],{},"run through ",[514,1278,1279],{},"redactSensitiveParams"," before logging",[966,1282,1283,1298,1303],{},[987,1284,1285,1287,1288,572,1291,572,1294,1297],{},[522,1286,241],{}," — JSON-RPC ",[514,1289,1290],{},"unknown id",[514,1292,1293],{},"unknown rpc packet",[514,1295,1296],{},"unknown rpc command in batch"," error logs",[987,1299,1300,1301],{},"an opaque server frame can carry a ",[514,1302,826],{},[987,1304,1276,1305],{},[514,1306,1279],{},[966,1308,1309,1317,1326],{},[987,1310,1311,1247,1313,1316],{},[522,1312,241],{},[514,1314,1315],{},"CHANNEL_EXPIRE"," \"new config for … channel set\" console log",[987,1318,1319,1320,1323,1324],{},"stringified the ",[514,1321,1322],{},"TypeChanel"," object, which includes its ",[514,1325,826],{},[987,1327,1328,1329,1332],{},"emits ",[514,1330,1331],{},"[updated]"," instead of the object",[966,1334,1335,1340,1345],{},[987,1336,1337,1339],{},[522,1338,241],{}," — unparseable raw wire frame",[987,1341,1342,1343],{},"the raw bytes could embed a ",[514,1344,826],{},[987,1346,1347,1348,1351],{},"logs only the frame's ",[514,1349,1350],{},"byteLength",", never its content",[966,1353,1354,1363,1384],{},[987,1355,1356,1247,1359,1362],{},[522,1357,1358],{},"Frame",[514,1360,1361],{},"B24Frame.init()"," \"init data\" debug log",[987,1364,1365,1366,1369,1370,572,1373,572,1376,1379,1380,1383],{},"the handshake ",[514,1367,1368],{},"data"," carries ",[514,1371,1372],{},"AUTH_ID",[514,1374,1375],{},"REFRESH_ID",[514,1377,1378],{},"MEMBER_ID"," and the app ",[514,1381,1382],{},"*_OPTIONS"," stores",[987,1385,1386,1387,572,1390,572,1393,572,1396,572,1399,1070],{},"logs a fixed allowlist projection (",[514,1388,1389],{},"PLACEMENT",[514,1391,1392],{},"LANG",[514,1394,1395],{},"INSTALL",[514,1397,1398],{},"IS_ADMIN",[514,1400,1401],{},"FIRST_RUN",[966,1403,1404,1412,1422],{},[987,1405,1406,1408,1409],{},[522,1407,1358],{}," — inbound ",[514,1410,1411],{},"MessageManager._runCallback",[987,1413,1414,1417,1418,572,1420],{},[514,1415,1416],{},"event.data"," carries the refreshed ",[514,1419,1372],{},[514,1421,1375],{},[987,1423,1424,1425,1428,1429,1432],{},"logs only the callback ",[514,1426,1427],{},"id"," and ",[514,1430,1431],{},"origin",", never the payload",[966,1434,1435,1443,1457],{},[987,1436,1437,1439,1440],{},[522,1438,1358],{}," — outbound ",[514,1441,1442],{},"MessageManager.send",[987,1444,1445,1446,1449,1450,572,1453,1456],{},"the assembled ",[514,1447,1448],{},"cmd"," string carries serialised ",[514,1451,1452],{},"setAppOption",[514,1454,1455],{},"setUserOption"," values",[987,1458,1459,1460,1463,1464,686],{},"logs only the ",[514,1461,1462],{},"command"," + callback key, never the ",[514,1465,1448],{},[966,1467,1468,1477,1483],{},[987,1469,1470,1247,1473,1476],{},[522,1471,1472],{},"Hook",[514,1474,1475],{},"B24Hook.fromWebhookUrl"," parse \u002F format errors",[987,1478,1479,1480,1070],{},"the webhook URL embeds the secret in its path (",[514,1481,1482],{},"\u002Frest\u002F\u003CuserId>\u002F\u003Csecret>\u002F",[987,1484,1485],{},"the thrown messages are generic, never echoing the URL",[504,1487,1488,1489,1492,1493,1496,1497,1500,1501,1504,1505,576],{},"The pull ",[514,1490,1491],{},"localStorage"," config cache (push ",[514,1494,1495],{},"jwt"," + channel signatures) persists\nonly for the life of the client: ",[514,1498,1499],{},"PullClient.destroy()"," removes it on teardown,\nand a stale entry is evicted on load. While the client is live the cache remains\na ",[522,1502,1503],{},"documented, accepted"," shared-origin trade-off (it avoids a config round-trip\non every reconnect) — see ",[508,1506,1509],{"href":1507,"rel":1508},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fissues\u002F242",[512],"#242",[499,1511,1513],{"id":1512},"webhook-url-is-no-longer-logged","Webhook URL is no longer logged",[504,1515,1516,1517,1520,1521,1523,1524,540,1527,1530,1531,1428,1533,1535,1536,1539,1540,1543,1544,1546,1547,1550,1551,1558],{},"The full webhook URL (",[514,1518,1519],{},"https:\u002F\u002F\u003Cportal>\u002Frest\u002F\u003CuserId>\u002F\u003Csecret>\u002F\u003Cmethod>.json",")\nused to enter the ",[514,1522,539],{}," info log. Since v1.1.2 only the bare REST\nmethod name (e.g. ",[514,1525,1526],{},"user.current",[514,1528,1529],{},"crm.item.add",") is logged; the\n",[514,1532,543],{},[514,1534,546],{}," callsites have always been URL-free\nand stay that way. ",[514,1537,1538],{},"AjaxQuery"," (the ",[514,1541,1542],{},"requestInfo"," shape carried by\n",[514,1545,567],{},") no longer types a ",[514,1548,1549],{},"url"," field at all — see\n",[508,1552,1555],{"href":1553,"rel":1554},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fblob\u002Fmain\u002Fpackages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fajax-result.ts#L12-L16",[512],[514,1556,1557],{},"ajax-result.ts:12-16"," —\nso a future change cannot accidentally re-introduce the leak through\nerror rendering.",[504,1560,1561,1562,1565,1566,1569,1570,1573,1574,1578],{},"Log archives from SDK versions ",[514,1563,1564],{},">= 1.1.0, \u003C 1.1.2"," with a custom\nlogger wired may contain the webhook URL pattern\n(",[514,1567,1568],{},"\u002Frest\u002F{userId}\u002F{secret}\u002F",") or the auth-token pattern\n(",[514,1571,1572],{},"\"auth\":\"...\"",") that are no longer produced since v1.1.2. See\n",[508,1575,1577],{"href":1576},"#auditing-your-log-archives","Auditing your log archives"," below for\npatterns to verify your sinks are clean.",[499,1580,1582,1583,572,1586],{"id":1581},"ajaxerror-tojson-tostring","AjaxError — ",[514,1584,1585],{},"toJSON",[514,1587,1588],{},"toString",[504,1590,1591,1593,1594,1596,1597,1599,1600,1602,1603,1605],{},[514,1592,567],{}," accepts a ",[514,1595,1542],{}," containing the caller-supplied\n",[514,1598,620],{},". The constructor passes those ",[514,1601,620],{}," through the same\nredactor, so the credential keys above never survive on the error\nobject — neither in ",[514,1604,575],{}," output, nor in the stringified form, nor\nin any log line that subsequently includes the error.",[644,1607,1611],{"className":1608,"code":1609,"language":1610,"meta":649,"style":649},"language-ts-type shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","\u002F\u002F What you get out of AjaxError.toJSON().requestInfo.params,\n\u002F\u002F no matter what the caller passed in:\n{\n  ID: 42,\n  access_token: '***REDACTED***',\n  auth: '***REDACTED***'\n}\n","ts-type",[514,1612,1613,1618,1623,1628,1641,1657,1670],{"__ignoreMap":649},[653,1614,1615],{"class":655,"line":656},[653,1616,1617],{"class":659},"\u002F\u002F What you get out of AjaxError.toJSON().requestInfo.params,\n",[653,1619,1620],{"class":655,"line":663},[653,1621,1622],{"class":659},"\u002F\u002F no matter what the caller passed in:\n",[653,1624,1625],{"class":655,"line":698},[653,1626,1627],{"class":678},"{\n",[653,1629,1630,1633,1635,1639],{"class":655,"line":713},[653,1631,1632],{"class":685},"  ID",[653,1634,679],{"class":678},[653,1636,1638],{"class":1637},"sbssI"," 42",[653,1640,599],{"class":678},[653,1642,1643,1646,1648,1651,1653,1655],{"class":655,"line":725},[653,1644,1645],{"class":685},"  access_token",[653,1647,679],{"class":678},[653,1649,1650],{"class":678}," '",[653,1652,932],{"class":704},[653,1654,708],{"class":678},[653,1656,599],{"class":678},[653,1658,1659,1662,1664,1666,1668],{"class":655,"line":737},[653,1660,1661],{"class":685},"  auth",[653,1663,679],{"class":678},[653,1665,1650],{"class":678},[653,1667,932],{"class":704},[653,1669,829],{"class":678},[653,1671,1672],{"class":655,"line":749},[653,1673,1674],{"class":678},"}\n",[499,1676,629],{"id":1677},"what-the-sdk-does-not-redact",[504,1679,1680,1681,1683,1684,1686],{},"The SDK knows about the canonical keys listed above, matched\n",[522,1682,841],{}," by exact key name. The redactor will ",[522,1685,610],{}," strip:",[527,1688,1689,1710,1739,1748],{},[530,1690,1691,1694,1695,599,1697,540,1700,1703,1704,576],{},[522,1692,1693],{},"Custom payload fields you invented"," — e.g. ",[514,1696,624],{},[514,1698,1699],{},"apiKeyHeader",[514,1701,1702],{},"x_internal_token",", anything whose key is not in\n",[508,1705,1707],{"href":1706},"#what-the-sdk-redacts-automatically",[514,1708,1709],{},"SENSITIVE_PARAM_KEYS",[530,1711,1712,1715,1716,1719,1720,1723,1724,1727,1728,1730,1731,1734,1735,1738],{},[522,1713,1714],{},"Credentials embedded inside string values, except canonical\nquery-string pairs"," — a ",[514,1717,1718],{},"\u003Ccanonical-key>=\u003Cvalue>"," pair inside a string\n(e.g. a batch ",[514,1721,1722],{},"cmd[i]",") ",[522,1725,1726],{},"is"," masked, but a secret that is not in\n",[514,1729,899],{}," form — a bare token pasted into a ",[514,1732,1733],{},"description",", or a\nbracketed\u002Fencoded query key like ",[514,1736,1737],{},"auth[application_token]=…"," — is not.",[530,1740,1741,1744,1745,1747],{},[522,1742,1743],{},"Data more than two levels deep"," — anything past ",[514,1746,873],{},"\ndepth is walked past, not into.",[530,1749,1750,1753,1754,1757,1758,1760,1761,1764],{},[522,1751,1752],{},"Custom request headers you set on the underlying axios client"," —\ne.g. an ",[514,1755,1756],{},"Authorization: Bearer \u003Ctoken>"," header configured via your\nown axios interceptor. The redactor only touches ",[514,1759,620],{},", not\nheaders, and headers are not part of the SDK's standard logger\ncontext anyway — but they do live on ",[514,1762,1763],{},"AxiosError.config.headers",", see\nthe next bullet.",[1766,1767,1768],"warning",{},[504,1769,1770,1176,1777,1779,1780,1787,1788,1791,1792,1176,1795,1798,1799,1802,1803,1806,1807,1809,1810,1813,1814,1816,1817,540,1820,540,1823,1826,1827,1830,1831,1833,1834,1836],{},[522,1771,1772,1773,1776],{},"Don't log ",[514,1774,1775],{},"err.originalError"," directly.",[514,1778,567],{}," (via its\n",[508,1781,1784],{"href":1782,"rel":1783},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fblob\u002Fmain\u002Fpackages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fsdk-error.ts#L15",[512],[514,1785,1786],{},"SdkError","\nbase) exposes a public ",[514,1789,1790],{},"originalError"," field that, for transport\nfailures, holds the ",[522,1793,1794],{},"raw",[514,1796,1797],{},"AxiosError",". That ",[514,1800,1801],{},"AxiosError.config.url","\ncontains the full webhook URL\n(",[514,1804,1805],{},"\u002Frest\u002F{userId}\u002F{secret}\u002Fmethod.json",") and ",[514,1808,1763],{},"\ncan contain ",[514,1811,1812],{},"Authorization",". Neither is redacted by the SDK — they\nwere never inside ",[514,1815,620],{},". Use ",[514,1818,1819],{},"err.code",[514,1821,1822],{},"err.status",[514,1824,1825],{},"err.message",",\nor ",[514,1828,1829],{},"err.requestInfo"," (which ",[522,1832,1726],{}," redacted), and never blanket-stringify\n",[514,1835,1775],{}," into any logger sink.",[504,1838,1839,1840,1843],{},"Stripping the items above is ",[522,1841,1842],{},"caller responsibility",". Either don't put\nsecrets into non-standard keys \u002F non-standard log channels to begin\nwith, or redact in your custom logger's handler \u002F processor.",[499,1845,1847],{"id":1846},"recommended-pattern-wiring-a-custom-logger","Recommended pattern: wiring a custom logger",[504,1849,1850],{},"The safe pattern is to leave the SDK's redaction in place and bolt your\ncustom sink on top — never replace the SDK-side scrubbing with a\nhomegrown one downstream of it.",[504,1852,1853],{},"\u002F\u002F @check-ignore: full example — sendToRemoteAggregator is a placeholder, not declared",[644,1855,1857],{"className":646,"code":1856,"language":648,"meta":649,"style":649},"import {\n  B24Hook,\n  Logger,\n  ConsoleV2Handler,\n  LogLevel\n} from '@bitrix24\u002Fb24jssdk'\n\nconst b24 = new B24Hook({ \u002F* … *\u002F })\n\nconst $logger = new Logger('app')\n$logger.pushHandler(new ConsoleV2Handler(LogLevel.INFO))\n\n\u002F\u002F Optional belt-and-braces processor: redact any *custom* keys the SDK\n\u002F\u002F does not know about. Standard keys (auth \u002F token \u002F …) are already\n\u002F\u002F scrubbed before they reach this point.\n$logger.pushProcessor((record) => {\n  if (record.context?.params && typeof record.context.params === 'string') {\n    record.context.params = record.context.params.replace(\n      \u002F\"mySecretField\":\"[^\"]*\"\u002Fg,\n      '\"mySecretField\":\"***REDACTED***\"'\n    )\n  }\n  return record\n})\n\nb24.setLogger($logger)\n",[514,1858,1859,1867,1874,1881,1888,1893,1908,1914,1946,1950,1975,2001,2005,2010,2015,2021,2046,2098,2133,2161,2172,2178,2184,2193,2200,2205],{"__ignoreMap":649},[653,1860,1861,1864],{"class":655,"line":656},[653,1862,1863],{"class":666},"import",[653,1865,1866],{"class":678}," {\n",[653,1868,1869,1872],{"class":655,"line":663},[653,1870,1871],{"class":674},"  B24Hook",[653,1873,599],{"class":678},[653,1875,1876,1879],{"class":655,"line":698},[653,1877,1878],{"class":674},"  Logger",[653,1880,599],{"class":678},[653,1882,1883,1886],{"class":655,"line":713},[653,1884,1885],{"class":674},"  ConsoleV2Handler",[653,1887,599],{"class":678},[653,1889,1890],{"class":655,"line":725},[653,1891,1892],{"class":674},"  LogLevel\n",[653,1894,1895,1898,1901,1903,1906],{"class":655,"line":737},[653,1896,1897],{"class":678},"}",[653,1899,1900],{"class":666}," from",[653,1902,1650],{"class":678},[653,1904,1905],{"class":704},"@bitrix24\u002Fb24jssdk",[653,1907,829],{"class":678},[653,1909,1910],{"class":655,"line":749},[653,1911,1913],{"emptyLinePlaceholder":1912},true,"\n",[653,1915,1916,1919,1922,1924,1927,1931,1934,1937,1940,1943],{"class":655,"line":761},[653,1917,1918],{"class":670},"const",[653,1920,1921],{"class":674}," b24 ",[653,1923,692],{"class":678},[653,1925,1926],{"class":678}," new",[653,1928,1930],{"class":1929},"s2Zo4"," B24Hook",[653,1932,1933],{"class":674},"(",[653,1935,1936],{"class":678},"{",[653,1938,1939],{"class":659}," \u002F* … *\u002F",[653,1941,1942],{"class":678}," }",[653,1944,1945],{"class":674},")\n",[653,1947,1948],{"class":655,"line":773},[653,1949,1913],{"emptyLinePlaceholder":1912},[653,1951,1952,1954,1957,1959,1961,1964,1966,1968,1971,1973],{"class":655,"line":785},[653,1953,1918],{"class":670},[653,1955,1956],{"class":674}," $logger ",[653,1958,692],{"class":678},[653,1960,1926],{"class":678},[653,1962,1963],{"class":1929}," Logger",[653,1965,1933],{"class":674},[653,1967,708],{"class":678},[653,1969,1970],{"class":704},"app",[653,1972,708],{"class":678},[653,1974,1945],{"class":674},[653,1976,1977,1980,1982,1985,1987,1990,1993,1996,1998],{"class":655,"line":797},[653,1978,1979],{"class":674},"$logger",[653,1981,576],{"class":678},[653,1983,1984],{"class":1929},"pushHandler",[653,1986,1933],{"class":674},[653,1988,1989],{"class":678},"new",[653,1991,1992],{"class":1929}," ConsoleV2Handler",[653,1994,1995],{"class":674},"(LogLevel",[653,1997,576],{"class":678},[653,1999,2000],{"class":674},"INFO))\n",[653,2002,2003],{"class":655,"line":809},[653,2004,1913],{"emptyLinePlaceholder":1912},[653,2006,2007],{"class":655,"line":821},[653,2008,2009],{"class":659},"\u002F\u002F Optional belt-and-braces processor: redact any *custom* keys the SDK\n",[653,2011,2012],{"class":655,"line":832},[653,2013,2014],{"class":659},"\u002F\u002F does not know about. Standard keys (auth \u002F token \u002F …) are already\n",[653,2016,2018],{"class":655,"line":2017},15,[653,2019,2020],{"class":659},"\u002F\u002F scrubbed before they reach this point.\n",[653,2022,2024,2026,2028,2031,2033,2035,2039,2041,2044],{"class":655,"line":2023},16,[653,2025,1979],{"class":674},[653,2027,576],{"class":678},[653,2029,2030],{"class":1929},"pushProcessor",[653,2032,1933],{"class":674},[653,2034,1933],{"class":678},[653,2036,2038],{"class":2037},"sHdIc","record",[653,2040,1070],{"class":678},[653,2042,2043],{"class":670}," =>",[653,2045,1866],{"class":678},[653,2047,2049,2052,2055,2057,2059,2062,2065,2067,2070,2073,2076,2078,2080,2082,2084,2087,2089,2092,2094,2096],{"class":655,"line":2048},17,[653,2050,2051],{"class":666},"  if",[653,2053,1067],{"class":2054},"swJcz",[653,2056,2038],{"class":674},[653,2058,576],{"class":678},[653,2060,2061],{"class":674},"context",[653,2063,2064],{"class":678},"?.",[653,2066,620],{"class":674},[653,2068,2069],{"class":678}," &&",[653,2071,2072],{"class":678}," typeof",[653,2074,2075],{"class":674}," record",[653,2077,576],{"class":678},[653,2079,2061],{"class":674},[653,2081,576],{"class":678},[653,2083,620],{"class":674},[653,2085,2086],{"class":678}," ===",[653,2088,1650],{"class":678},[653,2090,2091],{"class":704},"string",[653,2093,708],{"class":678},[653,2095,1723],{"class":2054},[653,2097,1627],{"class":678},[653,2099,2101,2104,2106,2108,2110,2112,2115,2117,2119,2121,2123,2125,2127,2130],{"class":655,"line":2100},18,[653,2102,2103],{"class":674},"    record",[653,2105,576],{"class":678},[653,2107,2061],{"class":674},[653,2109,576],{"class":678},[653,2111,620],{"class":674},[653,2113,2114],{"class":678}," =",[653,2116,2075],{"class":674},[653,2118,576],{"class":678},[653,2120,2061],{"class":674},[653,2122,576],{"class":678},[653,2124,620],{"class":674},[653,2126,576],{"class":678},[653,2128,2129],{"class":1929},"replace",[653,2131,2132],{"class":2054},"(\n",[653,2134,2136,2139,2142,2145,2148,2151,2153,2156,2159],{"class":655,"line":2135},19,[653,2137,2138],{"class":678},"      \u002F",[653,2140,2141],{"class":704},"\"mySecretField\":\"",[653,2143,2144],{"class":678},"[^",[653,2146,2147],{"class":704},"\"",[653,2149,2150],{"class":678},"]*",[653,2152,2147],{"class":704},[653,2154,2155],{"class":678},"\u002F",[653,2157,2158],{"class":1637},"g",[653,2160,599],{"class":678},[653,2162,2164,2167,2170],{"class":655,"line":2163},20,[653,2165,2166],{"class":678},"      '",[653,2168,2169],{"class":704},"\"mySecretField\":\"***REDACTED***\"",[653,2171,829],{"class":678},[653,2173,2175],{"class":655,"line":2174},21,[653,2176,2177],{"class":2054},"    )\n",[653,2179,2181],{"class":655,"line":2180},22,[653,2182,2183],{"class":678},"  }\n",[653,2185,2187,2190],{"class":655,"line":2186},23,[653,2188,2189],{"class":666},"  return",[653,2191,2192],{"class":674}," record\n",[653,2194,2196,2198],{"class":655,"line":2195},24,[653,2197,1897],{"class":678},[653,2199,1945],{"class":674},[653,2201,2203],{"class":655,"line":2202},25,[653,2204,1913],{"emptyLinePlaceholder":1912},[653,2206,2208,2211,2213,2216],{"class":655,"line":2207},26,[653,2209,2210],{"class":674},"b24",[653,2212,576],{"class":678},[653,2214,2215],{"class":1929},"setLogger",[653,2217,2218],{"class":674},"($logger)\n",[504,2220,2221,2222,679],{},"What to ",[522,2223,2224],{},"avoid",[504,2226,2227],{},"\u002F\u002F @check-ignore: anti-pattern illustration — b24 and sendToRemoteAggregator are undeclared placeholders",[644,2229,2231],{"className":646,"code":2230,"language":648,"meta":649,"style":649},"\u002F\u002F DON'T — re-emitting context without inspection forwards arbitrary\n\u002F\u002F caller-supplied data into a remote sink, and bypassing LoggerInterface\n\u002F\u002F with `as any` hides the fact that handlers must implement all 8\n\u002F\u002F log-level methods (log \u002F debug \u002F info \u002F notice \u002F warning \u002F error \u002F\n\u002F\u002F critical \u002F alert \u002F emergency). A partial implementation will silently\n\u002F\u002F drop entries at the unimplemented levels.\nb24.setLogger({\n  async info(message, context) {\n    await sendToRemoteAggregator({\n      msg: message,\n      \u002F\u002F `context.params` on `post\u002Fsend` is already a redacted *string*,\n      \u002F\u002F but a custom action wrapper may also call this `info` with a\n      \u002F\u002F raw `params` object (or with an `error` whose `originalError`\n      \u002F\u002F is the unredacted `AxiosError`). Don't forward `context`\n      \u002F\u002F blindly — pick the fields you actually want.\n      ctx: context\n    })\n  }\n  \u002F\u002F ...other 7 methods omitted — the cast below is what lets this\n  \u002F\u002F compile despite the incomplete interface; in real code, implement\n  \u002F\u002F `LoggerInterface` fully (or extend `AbstractLogger`).\n} as any)\n",[514,2232,2233,2238,2243,2248,2253,2258,2263,2275,2298,2310,2322,2327,2332,2337,2342,2347,2357,2364,2368,2373,2378,2383],{"__ignoreMap":649},[653,2234,2235],{"class":655,"line":656},[653,2236,2237],{"class":659},"\u002F\u002F DON'T — re-emitting context without inspection forwards arbitrary\n",[653,2239,2240],{"class":655,"line":663},[653,2241,2242],{"class":659},"\u002F\u002F caller-supplied data into a remote sink, and bypassing LoggerInterface\n",[653,2244,2245],{"class":655,"line":698},[653,2246,2247],{"class":659},"\u002F\u002F with `as any` hides the fact that handlers must implement all 8\n",[653,2249,2250],{"class":655,"line":713},[653,2251,2252],{"class":659},"\u002F\u002F log-level methods (log \u002F debug \u002F info \u002F notice \u002F warning \u002F error \u002F\n",[653,2254,2255],{"class":655,"line":725},[653,2256,2257],{"class":659},"\u002F\u002F critical \u002F alert \u002F emergency). A partial implementation will silently\n",[653,2259,2260],{"class":655,"line":737},[653,2261,2262],{"class":659},"\u002F\u002F drop entries at the unimplemented levels.\n",[653,2264,2265,2267,2269,2271,2273],{"class":655,"line":749},[653,2266,2210],{"class":674},[653,2268,576],{"class":678},[653,2270,2215],{"class":1929},[653,2272,1933],{"class":674},[653,2274,1627],{"class":678},[653,2276,2277,2280,2283,2285,2288,2291,2294,2296],{"class":655,"line":761},[653,2278,2279],{"class":670},"  async",[653,2281,2282],{"class":2054}," info",[653,2284,1933],{"class":678},[653,2286,2287],{"class":2037},"message",[653,2289,2290],{"class":678},",",[653,2292,2293],{"class":2037}," context",[653,2295,1070],{"class":678},[653,2297,1866],{"class":678},[653,2299,2300,2303,2306,2308],{"class":655,"line":773},[653,2301,2302],{"class":666},"    await",[653,2304,2305],{"class":1929}," sendToRemoteAggregator",[653,2307,1933],{"class":2054},[653,2309,1627],{"class":678},[653,2311,2312,2315,2317,2320],{"class":655,"line":785},[653,2313,2314],{"class":2054},"      msg",[653,2316,679],{"class":678},[653,2318,2319],{"class":674}," message",[653,2321,599],{"class":678},[653,2323,2324],{"class":655,"line":797},[653,2325,2326],{"class":659},"      \u002F\u002F `context.params` on `post\u002Fsend` is already a redacted *string*,\n",[653,2328,2329],{"class":655,"line":809},[653,2330,2331],{"class":659},"      \u002F\u002F but a custom action wrapper may also call this `info` with a\n",[653,2333,2334],{"class":655,"line":821},[653,2335,2336],{"class":659},"      \u002F\u002F raw `params` object (or with an `error` whose `originalError`\n",[653,2338,2339],{"class":655,"line":832},[653,2340,2341],{"class":659},"      \u002F\u002F is the unredacted `AxiosError`). Don't forward `context`\n",[653,2343,2344],{"class":655,"line":2017},[653,2345,2346],{"class":659},"      \u002F\u002F blindly — pick the fields you actually want.\n",[653,2348,2349,2352,2354],{"class":655,"line":2023},[653,2350,2351],{"class":2054},"      ctx",[653,2353,679],{"class":678},[653,2355,2356],{"class":674}," context\n",[653,2358,2359,2362],{"class":655,"line":2048},[653,2360,2361],{"class":678},"    }",[653,2363,1945],{"class":2054},[653,2365,2366],{"class":655,"line":2100},[653,2367,2183],{"class":678},[653,2369,2370],{"class":655,"line":2135},[653,2371,2372],{"class":659},"  \u002F\u002F ...other 7 methods omitted — the cast below is what lets this\n",[653,2374,2375],{"class":655,"line":2163},[653,2376,2377],{"class":659},"  \u002F\u002F compile despite the incomplete interface; in real code, implement\n",[653,2379,2380],{"class":655,"line":2174},[653,2381,2382],{"class":659},"  \u002F\u002F `LoggerInterface` fully (or extend `AbstractLogger`).\n",[653,2384,2385,2387,2390,2393],{"class":655,"line":2180},[653,2386,1897],{"class":678},[653,2388,2389],{"class":666}," as",[653,2391,2392],{"class":685}," any",[653,2394,1945],{"class":674},[504,2396,2397],{},"Three concrete failure modes to guard against:",[2399,2400,2401,2410,2446],"ol",{},[530,2402,2403,2406,2407,2409],{},[522,2404,2405],{},"Logging the original request object yourself."," If your wrapper\ncaptures ",[514,2408,620],{}," before calling into the SDK and logs it, the SDK's\nredactor never runs on that copy. Always redact in your own log path\ntoo.",[530,2411,2412,1176,2420,2422,2423,2425,2426,2429,2430,2433,2434,2436,2437,2439,2440,2443,2444,576],{},[522,2413,2414,2415,572,2417,576],{},"Reaching into ",[514,2416,1775],{},[514,2418,2419],{},"err.cause",[514,2421,567],{},"'s\n",[514,2424,560],{}," is scrubbed, so ",[514,2427,2428],{},"String(err)"," and\n",[514,2431,2432],{},"JSON.stringify(err)"," are safe by themselves. But if you log\n",[514,2435,1775],{},", you may be looking at a raw ",[514,2438,1797],{}," whose\n",[514,2441,2442],{},"config.url"," still holds the full webhook URL. See the warning\nblock in ",[508,2445,629],{"href":628},[530,2447,2448,2453,2454,2456,2457,2460,2461,2464,2465,2467],{},[522,2449,2450,2451,576],{},"Custom or deeply-nested secrets in ",[514,2452,543],{}," The\n",[514,2455,543],{}," channel now runs ",[514,2458,2459],{},"response.data.result"," through the\nsame redactor, so canonical credential keys at depth ≤ 2 are masked.\nBut a secret under a ",[522,2462,2463],{},"custom"," key, or nested deeper than two levels,\nstill reaches your sink — the same limits as everywhere else (see\n",[508,2466,629],{"href":628},").",[499,2469,1577],{"id":2470},"auditing-your-log-archives",[504,2472,2473],{},"Scan your log archives to verify that no credential patterns are present\n— a useful routine check, especially if your setup pipes logs to a\nthird-party aggregator or retains them long-term.",[504,2475,2476,2479],{},[522,2477,2478],{},"Webhook URL in request logs"," — grep (Linux\u002FmacOS) \u002F ripgrep \u002F PowerShell:",[644,2481,2485],{"className":2482,"code":2483,"language":2484,"meta":649,"style":649},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","grep -rEi '\u002Frest\u002F[0-9]+\u002F[a-zA-Z0-9]+\u002F' \u002Fvar\u002Flog\u002Fmyapp\u002F\nrg -i '\u002Frest\u002F\\d+\u002F[a-zA-Z0-9]+\u002F' \u002Fvar\u002Flog\u002Fmyapp\u002F\n","bash",[514,2486,2487,2505],{"__ignoreMap":649},[653,2488,2489,2492,2495,2497,2500,2502],{"class":655,"line":656},[653,2490,2491],{"class":685},"grep",[653,2493,2494],{"class":704}," -rEi",[653,2496,1650],{"class":678},[653,2498,2499],{"class":704},"\u002Frest\u002F[0-9]+\u002F[a-zA-Z0-9]+\u002F",[653,2501,708],{"class":678},[653,2503,2504],{"class":704}," \u002Fvar\u002Flog\u002Fmyapp\u002F\n",[653,2506,2507,2510,2513,2515,2518,2520],{"class":655,"line":663},[653,2508,2509],{"class":685},"rg",[653,2511,2512],{"class":704}," -i",[653,2514,1650],{"class":678},[653,2516,2517],{"class":704},"\u002Frest\u002F\\d+\u002F[a-zA-Z0-9]+\u002F",[653,2519,708],{"class":678},[653,2521,2504],{"class":704},[644,2523,2527],{"className":2524,"code":2525,"language":2526,"meta":649,"style":649},"language-powershell shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","Select-String -Path 'C:\\logs\\myapp\\*.log' -Pattern '\u002Frest\u002F\\d+\u002F[a-zA-Z0-9]+\u002F'\n","powershell",[514,2528,2529],{"__ignoreMap":649},[653,2530,2531],{"class":655,"line":656},[653,2532,2525],{},[504,2534,2535,2479],{},[522,2536,2537],{},"Credential keys in serialised params",[644,2539,2541],{"className":2482,"code":2540,"language":2484,"meta":649,"style":649},"grep -rE '\"(auth|password|token|secret|access_token|refresh_token|client_secret|application_token|sessid)\":\\s*\"[^\"]+\"' \u002Fvar\u002Flog\u002Fmyapp\u002F\nrg '\"(auth|password|token|secret|access_token|refresh_token|client_secret|application_token|sessid)\":\\s*\"[^\"]+\"' \u002Fvar\u002Flog\u002Fmyapp\u002F\n",[514,2542,2543,2559],{"__ignoreMap":649},[653,2544,2545,2547,2550,2552,2555,2557],{"class":655,"line":656},[653,2546,2491],{"class":685},[653,2548,2549],{"class":704}," -rE",[653,2551,1650],{"class":678},[653,2553,2554],{"class":704},"\"(auth|password|token|secret|access_token|refresh_token|client_secret|application_token|sessid)\":\\s*\"[^\"]+\"",[653,2556,708],{"class":678},[653,2558,2504],{"class":704},[653,2560,2561,2563,2565,2567,2569],{"class":655,"line":663},[653,2562,2509],{"class":685},[653,2564,1650],{"class":678},[653,2566,2554],{"class":704},[653,2568,708],{"class":678},[653,2570,2504],{"class":704},[644,2572,2574],{"className":2524,"code":2573,"language":2526,"meta":649,"style":649},"Select-String -Path 'C:\\logs\\myapp\\*.log' -Pattern '\"(auth|password|token|secret|access_token|refresh_token|client_secret|application_token|sessid)\":\\s*\"[^\"]+\"'\n",[514,2575,2576],{"__ignoreMap":649},[653,2577,2578],{"class":655,"line":656},[653,2579,2573],{},[504,2581,2582,2583,2586,2587,2590,2591,2594],{},"Replace ",[514,2584,2585],{},"\u002Fvar\u002Flog\u002Fmyapp\u002F"," (or ",[514,2588,2589],{},"C:\\logs\\myapp\\",") with your actual log\npaths. Common sinks to check: stdout captures (Docker logs, systemd\njournal, PM2), files written via ",[514,2592,2593],{},"StreamHandler",", and third-party\naggregators (Datadog, Logtail, Splunk, Papertrail, etc.).",[504,2596,2597,2598,2600,2601,2603,2604,2606],{},"The webhook URL pattern was produced by ",[514,2599,539],{}," entries in SDK\nversions ",[514,2602,1564],{}," when a custom logger was wired. The\ncredential-key patterns could appear in ",[514,2605,539],{}," for any version in\nthat range where the corresponding key was present in request params.\nBoth are suppressed by the SDK since v1.1.2.",[504,2608,2609,540,2611,1428,2613,2615,2616,2618,2619,2622,2623,2625],{},[514,2610,778],{},[514,2612,790],{},[514,2614,802],{}," were added to the\nredactor in v1.3 — include them (above) when scanning archives from\nendpoints that pass those params. The canonical list also covers ",[514,2617,814],{},",\nomitted from the patterns above because ",[514,2620,2621],{},"\"key\":"," is too common to grep\nwithout heavy noise — scan for it manually if your integration uses ",[514,2624,814],{},"\nas a credential.",[504,2627,2628,2630,2631,2634,2635,2638,2639,2641],{},[514,2629,826],{}," was added in #43 for the push\u002Fpull channel HMAC. Archives from\nolder versions that wired a custom logger with the pull client active may\ncontain ",[514,2632,2633],{},"\"signature\":\"…\""," — scan for ",[514,2636,2637],{},"\"signature\":\\s*\"[^\"]+\""," if you used the\npull server, keeping in mind it (like ",[514,2640,814],{},") can be noisy.",[504,2643,2644],{},"If either pattern matches in your archives, rotate the affected\ncredentials: delete and recreate the webhook to generate a new secret,\nor revoke and reissue the OAuth \u002F Frame token.",[499,2646,2648],{"id":2647},"advanced-reading-the-source","Advanced: reading the source",[504,2650,2651],{},"For details beyond what is summarised here, the canonical references are:",[527,2653,2654,2662,2671],{},[530,2655,2656,2661],{},[508,2657,2659],{"href":510,"rel":2658},[512],[514,2660,642],{},"\n— the key list, placeholder, and walk depth.",[530,2663,2664,2670],{},[508,2665,2667],{"href":1123,"rel":2666},[512],[514,2668,2669],{},"packages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fabstract-http.ts","\n— every callsite that pipes data through the redactor.",[530,2672,2673,2680,2681,2683],{},[508,2674,2677],{"href":2675,"rel":2676},"https:\u002F\u002Fgithub.com\u002Fbitrix24\u002Fb24jssdk\u002Fblob\u002Fmain\u002Fpackages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fajax-error.ts",[512],[514,2678,2679],{},"packages\u002Fjssdk\u002Fsrc\u002Fcore\u002Fhttp\u002Fajax-error.ts","\n— error-construction redaction and the ",[514,2682,1542],{}," shape.",[504,2685,2686,2687,2691,2692,2696,2697,2699],{},"See also the ",[508,2688,2690],{"href":2689},"\u002Fdocs\u002Fworking-with-the-rest-api\u002Flogger\u002F","Logger page"," for\nthe logging framework itself (channels, handlers, processors,\nformatters) and the ",[508,2693,2695],{"href":2694},"\u002Fdocs\u002Fworking-with-the-rest-api\u002Ferrors\u002F","Errors page","\nfor ",[514,2698,567],{}," semantics.",[2701,2702,2703],"style",{},"html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sHdIc, html code.shiki .sHdIc{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#EEFFFF;--shiki-default-font-style:italic;--shiki-dark:#BABED8;--shiki-dark-font-style:italic}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}",{"title":649,"searchDepth":663,"depth":663,"links":2705},[2706,2707,2711,2712,2714,2715,2716,2717],{"id":501,"depth":663,"text":502},{"id":632,"depth":663,"text":633,"children":2708},[2709,2710],{"id":957,"depth":698,"text":958},{"id":1216,"depth":698,"text":591},{"id":1512,"depth":663,"text":1513},{"id":1581,"depth":663,"text":2713},"AjaxError — toJSON \u002F toString",{"id":1677,"depth":663,"text":629},{"id":1846,"depth":663,"text":1847},{"id":2470,"depth":663,"text":1577},{"id":2647,"depth":663,"text":2648},"md",[2720,2723,2725],{"label":2721,"iconName":2722,"to":510},"redact.ts (canonical key list)","GitHubIcon",{"label":2724,"iconName":2722,"to":1123},"abstract-http.ts (log callsites)",{"label":2726,"iconName":2722,"to":2675},"ajax-error.ts (error redaction)",{},{"title":294},{"title":493,"description":298},"Ffboqr3w2yVQv0e-pT3kjVMzh1ueUowLu2FtdySwEJM",{"data":2732,"body":2733},{},{"type":2734,"children":2735},"root",[2736],{"type":2737,"tag":504,"props":2738,"children":2739},"element",{},[2740],{"type":2741,"value":298},"text",1783080300495]