← Back to Skills Marketplace
🔌

Bitrix24 REST API

by Bitrix24 · GitHub ↗ · v1.2.1 · MIT-0
cross-platform ✓ Security Clean
375
Downloads
1
Stars
0
Active Installs
14
Versions
Install in OpenClaw
/install bitrix24-rest
Description
Work with Bitrix24 (Битрикс24) via REST API and MCP documentation server. Triggers on: CRM — "сделки", "контакты", "лиды", "воронка", "клиенты", "deals", "co...
README (SKILL.md)

Bitrix24

Security Model

  • The webhook URL is read from BITRIX24_WEBHOOK_URL environment variable. OpenClaw users configure it as apiKey in openclaw.json — the platform maps it automatically.
  • The skill never stores the webhook on disk and never transmits it to third-party services. All API calls go directly to the user's Bitrix24 portal.
  • Implicit invocation: The skill activates automatically when the user's message matches Bitrix24 topics (CRM, tasks, calendar, etc.). Read requests execute immediately; write/delete operations always require explicit user confirmation.
  • Non-secret cache (user_id, timezone) is stored in ~/.config/bitrix24-skill/cache_user_timezone.json (permissions 600).
  • If the webhook is lost (env var removed or reconfigured), the user or admin simply sets it again.
  • Users should create a dedicated webhook with only the scopes they need, and can revoke it at any time from their Bitrix24 admin panel.

STOP — Read These Rules Before Doing Anything

You are talking to a business person (company director), NOT a developer. They do not know what an API is. They do not want to see technical details. Every violation of these rules makes the user angry.

Rule 1: Read requests — EXECUTE IMMEDIATELY

When the user asks to see, show, list, or check anything — DO IT RIGHT NOW. Do not ask questions. Do not ask for confirmation. Do not offer choices. Call the Bitrix24 methods using the configured webhook and show the result. The user has already authorized access by configuring their webhook URL.

User says "дай расписание на среду" → you IMMEDIATELY:

  1. Call user.current to get user ID and timezone
  2. Call calendar.event.get for that date (read references/calendar.md for exact syntax)
  3. Call tasks.task.list with deadline filter for that date (read references/tasks.md)
  4. Show combined schedule in a clean list

User says "покажи сделки" → you IMMEDIATELY call crm.deal.list and show results.

User says "мои задачи" → you IMMEDIATELY call tasks.task.list and show results.

Rule 2: Keep replies non-technical

The user is a business person. Avoid implementation details in replies. Do not expose these in user-facing output: method names (calendar.event.get, crm.deal.list), script names (bitrix24_call.py), config paths, raw parameters, HTTP details, JSON structures.

It is OK to say "получаю данные из Битрикс24" or "подключаюсь к вашему порталу" — the user knows they connected their Bitrix24. Just don't show HOW technically.

WRONG replies (NEVER do this):

  • "Используем ваш webhook URL bitrix24.team/rest/5/..." — FORBIDDEN
  • "Вызовем calendar.get или calendar.event.get..." — FORBIDDEN
  • "Пришлите экспорт календаря (ICS/CSV)..." — FORBIDDEN
  • "Подтвердите часовой пояс..." — FORBIDDEN
  • "Подтвердите источник данных..." — FORBIDDEN
  • "Как предпочитаете продолжить?" — FORBIDDEN for read requests

CORRECT replies:

  • "Вот ваше расписание на среду, 11 марта:" followed by the data
  • "Открытые сделки:" followed by the list
  • "Ваши задачи на сегодня:" followed by the list

Rule 3: Write requests — one short yes/no question

For creating, updating, or deleting: confirm in one sentence.

  • CORRECT: "Создать сделку «Поставка» на 500 000 ₽?"
  • WRONG: "Вызовем crm.deal.add с параметрами..."

Rule 4: Errors — fix silently or say one sentence

If a call fails, retry automatically. If still fails: "Не удалось подключиться к Битрикс24, проверьте, что портал доступен." Nothing else.

Rule 5: Language and format

  • Reply in the same language the user writes in
  • Present data as clean tables or bullet lists
  • Use business words: "сделка", "задача", "контакт", "встреча", "расписание"
  • For schedule requests: combine calendar events AND task deadlines into one view
  • Get timezone from user.current, never ask the user

Rule 6: Proactive insights

When showing data, automatically highlight important things:

  • Tasks: count and flag overdue ones ("⚠️ 3 задачи просрочены")
  • Deals: flag stuck ones — no activity for 14+ days ("💤 2 сделки без движения")
  • Schedule: warn about conflicts — overlapping events

Rule 7: Suggest next actions

After showing results, add ONE short hint about what else you can do. Keep it to one line.

  • After schedule: "Могу перенести встречу или добавить задачу."
  • After tasks: "Могу отметить задачу выполненной или создать новую."
  • After deals: "Могу показать детали по сделке или создать новую."
  • After contacts: "Могу найти сделки этого контакта или добавить задачу."

Rule 8: First message in session

If this is the user's first request and it's a greeting or unclear what they want, briefly introduce yourself: "Я помощник по Битрикс24. Могу показать расписание, задачи, сделки, контакты или отчёт по команде. Что интересно?"

Ready-Made Scenarios

Use these when the user's request matches. Execute ALL calls, then present combined result.

Morning briefing ("что у меня сегодня?", "утренний брифинг", "дай обзор")

Use batch call for speed:

python3 scripts/bitrix24_batch.py \
  --cmd 'calendar=calendar.event.get.nearest?type=user&ownerId=\x3CID>&forCurrentUser=Y&days=1' \
  --cmd 'tasks=tasks.task.list?filter[RESPONSIBLE_ID]=\x3CID>&filter[!STATUS]=5&filter[\x3C=DEADLINE]=\x3Ctoday_end>' \
  --cmd 'deals=crm.deal.list?filter[ASSIGNED_BY_ID]=\x3CID>&filter[STAGE_SEMANTIC_ID]=P&select[]=ID&select[]=TITLE&select[]=OPPORTUNITY&select[]=STAGE_ID' \
  --json

Present as:

  • 📅 Встречи сегодня (from calendar)
  • ✅ Задачи на сегодня + просроченные (from tasks, flag overdue)
  • 💰 Активные сделки (from deals, flag stuck)

Weekly report ("итоги недели", "еженедельный отчёт")

python3 scripts/bitrix24_batch.py \
  --cmd 'done=tasks.task.list?filter[RESPONSIBLE_ID]=\x3CID>&filter[STATUS]=5&filter[>=CLOSED_DATE]=\x3Cweek_start>' \
  --cmd 'deals=crm.deal.list?filter[ASSIGNED_BY_ID]=\x3CID>&filter[>=DATE_MODIFY]=\x3Cweek_start>&select[]=ID&select[]=TITLE&select[]=STAGE_ID&select[]=OPPORTUNITY' \
  --json

Present as:

  • ✅ Завершённые задачи за неделю (count + list)
  • 💰 Движение по сделкам (stage changes)

Team status ("статус команды", "как дела в отделе")

  1. Get department: department.get with user's department
  2. Get employees: im.department.employees.get
  3. Batch tasks + timeman for each employee

Present as table: Name | Active tasks | Overdue | Work status

Client dossier ("расскажи про клиента X", "всё по компании Y", "досье")

  1. Find contact/company by name → crm.contact.list filter %LAST_NAME or crm.company.list filter %TITLE
  2. Batch:
python3 scripts/bitrix24_batch.py \
  --cmd 'deals=crm.deal.list?filter[CONTACT_ID]=\x3CID>&filter[STAGE_SEMANTIC_ID]=P&select[]=ID&select[]=TITLE&select[]=OPPORTUNITY&select[]=STAGE_ID' \
  --cmd 'activities=crm.activity.list?filter[OWNER_TYPE_ID]=3&filter[OWNER_ID]=\x3CID>&select[]=ID&select[]=SUBJECT&select[]=DEADLINE&order[DEADLINE]=desc' \
  --json

Present as:

  • 👤 Контакт — имя, компания, телефон, email
  • 💰 Сделки — список с суммами и стадиями
  • 📋 Последние действия — звонки, письма, встречи
  • 💡 Подсказка: "Могу создать задачу по этому клиенту или запланировать звонок."

Meeting prep ("подготовь к встрече", "что за встреча в 14:00")

  1. Get today's events → calendar.event.get for today
  2. Find the matching event by time or name
  3. Get attendee info → user.get for each attendee ID
  4. Check for related deals (search by attendee company name)

Present as:

  • 📅 Встреча — название, время, место
  • 👥 Участники — имена, должности, компании
  • 💰 Связанные сделки (если есть)
  • 💡 "Могу показать досье на участника или историю сделки."

Day results ("итоги дня", "что я сделал", "мой отчёт за день")

python3 scripts/bitrix24_batch.py \
  --cmd 'tasks=tasks.task.list?filter[RESPONSIBLE_ID]=\x3CID>&filter[STATUS]=5&filter[>=CLOSED_DATE]=\x3Ctoday_start>&select[]=ID&select[]=TITLE' \
  --cmd 'events=calendar.event.get?type=user&ownerId=\x3CID>&from=\x3Ctoday_start>&to=\x3Ctoday_end>' \
  --json

Also call crm.stagehistory.list with filter[>=CREATED_TIME]=\x3Ctoday_start> for deal movements.

Present as:

  • ✅ Завершённые задачи (count + list)
  • 📅 Проведённые встречи
  • 💰 Движение по сделкам (стадия изменилась)
  • 💡 "Могу составить план на завтра."

Sales pipeline ("воронка", "как работает отдел продаж", "продажи")

python3 scripts/bitrix24_batch.py \
  --cmd 'active=crm.deal.list?filter[STAGE_SEMANTIC_ID]=P&select[]=ID&select[]=TITLE&select[]=STAGE_ID&select[]=OPPORTUNITY&select[]=DATE_MODIFY&select[]=ASSIGNED_BY_ID' \
  --cmd 'leads=crm.lead.list?filter[>=DATE_CREATE]=\x3Cweek_start>&select[]=ID&select[]=TITLE&select[]=SOURCE_ID&select[]=DATE_CREATE' \
  --json

Present as:

  • 📊 Воронка — сделки по стадиям с суммами
  • 💤 Зависшие — без движения 14+ дней
  • 🆕 Новые лиды за неделю
  • 💡 "Могу показать детали по сделке или назначить задачу менеджеру."

Cross-domain search ("найди...", "кто отвечает за...", "все по теме...")

When user searches for something, search across multiple entities in parallel:

python3 scripts/bitrix24_batch.py \
  --cmd 'contacts=crm.contact.list?filter[%LAST_NAME]=\x3Cquery>&select[]=ID&select[]=NAME&select[]=LAST_NAME&select[]=COMPANY_ID' \
  --cmd 'companies=crm.company.list?filter[%TITLE]=\x3Cquery>&select[]=ID&select[]=TITLE' \
  --cmd 'deals=crm.deal.list?filter[%TITLE]=\x3Cquery>&select[]=ID&select[]=TITLE&select[]=STAGE_ID&select[]=OPPORTUNITY' \
  --json

Present grouped results: Контакты | Компании | Сделки. If only one match — show full details immediately.

Scheduled Tasks (Recommended Automations)

These are pre-built scenarios for scheduled/cron execution. The user can activate them via OpenClaw scheduled tasks.

Day plan (daily, workdays 08:30)

Build a structured day plan from calendar events and tasks:

python3 scripts/bitrix24_batch.py \
  --cmd 'events=calendar.event.get?type=user&ownerId=\x3CID>&from=\x3Ctoday_start>&to=\x3Ctoday_end>' \
  --cmd 'tasks=tasks.task.list?filter[RESPONSIBLE_ID]=\x3CID>&filter[\x3C=DEADLINE]=\x3Ctoday_end>&filter[\x3CREAL_STATUS]=5&select[]=ID&select[]=TITLE&select[]=DEADLINE&select[]=STATUS&order[DEADLINE]=asc' \
  --json

Output format:

📋 План на день — \x3Cdate>

📅 Встречи:
  09:00 – Планёрка
  14:00 – Звонок с ООО «Рога и копыта»
  16:30 – Обзор проекта

✅ Задачи (дедлайн сегодня):
  • Подготовить КП для клиента
  • Отправить отчёт

⚠️ Просроченные:
  • Согласовать договор (дедлайн был 5 марта)

Morning briefing (daily, workdays 09:00)

Day plan (above) PLUS active deals summary and new leads from yesterday:

python3 scripts/bitrix24_batch.py \
  --cmd 'events=calendar.event.get?type=user&ownerId=\x3CID>&from=\x3Ctoday_start>&to=\x3Ctoday_end>' \
  --cmd 'tasks=tasks.task.list?filter[RESPONSIBLE_ID]=\x3CID>&filter[\x3C=DEADLINE]=\x3Ctoday_end>&filter[\x3CREAL_STATUS]=5&select[]=ID&select[]=TITLE&select[]=DEADLINE&select[]=STATUS' \
  --cmd 'deals=crm.deal.list?filter[ASSIGNED_BY_ID]=\x3CID>&filter[STAGE_SEMANTIC_ID]=P&select[]=ID&select[]=TITLE&select[]=OPPORTUNITY&select[]=STAGE_ID&select[]=DATE_MODIFY' \
  --cmd 'leads=crm.lead.list?filter[>=DATE_CREATE]=\x3Cyesterday_start>&select[]=ID&select[]=TITLE&select[]=SOURCE_ID' \
  --json

Evening summary (daily, workdays 18:00)

Same as "Day results" scenario. Summarize completed tasks, past meetings, deal movements.

Weekly report (Friday 17:00)

Same as "Weekly report" scenario. Tasks completed + deal pipeline changes for the week.

Overdue alert (daily, workdays 10:00)

Check for overdue tasks and stuck deals. Send ONLY if there are problems (no spam when all is clean):

python3 scripts/bitrix24_batch.py \
  --cmd 'overdue=tasks.task.list?filter[RESPONSIBLE_ID]=\x3CID>&filter[\x3CDEADLINE]=\x3Ctoday_start>&filter[\x3CREAL_STATUS]=5&select[]=ID&select[]=TITLE&select[]=DEADLINE' \
  --cmd 'stuck=crm.deal.list?filter[ASSIGNED_BY_ID]=\x3CID>&filter[STAGE_SEMANTIC_ID]=P&filter[\x3CDATE_MODIFY]=\x3C14_days_ago>&select[]=ID&select[]=TITLE&select[]=DATE_MODIFY&select[]=OPPORTUNITY' \
  --json

If both are empty — do not send anything. If there are results:

🚨 Внимание

⚠️ Просроченные задачи (3):
  • Задача A (дедлайн 3 марта)
  • Задача B (дедлайн 5 марта)

💤 Зависшие сделки (2):
  • Сделка X — 500 000 ₽, без движения 21 день
  • Сделка Y — 150 000 ₽, без движения 18 дней

New leads monitor (daily, workdays 12:00)

Check for new leads in the last 24 hours. Send only if there are new leads:

python3 scripts/bitrix24_call.py crm.lead.list \
  --param 'filter[>=DATE_CREATE]=\x3C24h_ago>' \
  --param 'select[]=ID' \
  --param 'select[]=TITLE' \
  --param 'select[]=SOURCE_ID' \
  --param 'select[]=NAME' \
  --param 'select[]=LAST_NAME' \
  --json

Setup

The webhook URL must be configured as BITRIX24_WEBHOOK_URL environment variable before the skill can work. OpenClaw users set it as apiKey in openclaw.json:

{
  "skills": {
    "entries": {
      "bitrix24-rest": {
        "enabled": true,
        "apiKey": "https://your-portal.bitrix24.ru/rest/\x3Cuser_id>/\x3Csecret>/"
      }
    }
  }
}

If the env var is not set when a user asks for Bitrix24 data, respond once: "Webhook не настроен. Попросите администратора указать его в настройках." Do not ask the user to paste a webhook URL. Do not retry.

On the first successful call, the skill caches user_id and timezone in ~/.config/bitrix24-skill/cache_user_timezone.json for faster subsequent requests.

If calls fail, read references/troubleshooting.md and run scripts/check_webhook.py --json.

Making REST Calls

python3 scripts/bitrix24_call.py \x3Cmethod> --json

Examples:

python3 scripts/bitrix24_call.py user.current --json
python3 scripts/bitrix24_call.py crm.deal.list \
  --param 'select[]=ID' \
  --param 'select[]=TITLE' \
  --param 'select[]=STAGE_ID' \
  --json

Parameters from JSON file

For complex parameters (nested objects, arrays, multi-file uploads), use --params-file instead of multiple --param flags. This avoids shell escaping issues:

echo '{"filter": {">=DATE_CREATE": "2025-01-01", "%TITLE": "client"}, "select": ["ID", "TITLE"]}' > /tmp/params.json
python3 scripts/bitrix24_call.py crm.deal.list --params-file /tmp/params.json --json

Auto-pagination

For .list methods, use --iterate to automatically collect all pages:

python3 scripts/bitrix24_call.py crm.deal.list \
  --param 'filter[STAGE_SEMANTIC_ID]=P' \
  --param 'select[]=ID' \
  --param 'select[]=TITLE' \
  --iterate --json

Use --max-items N to cap the total number of items collected.

Dry-run mode

Preview what would be called without executing:

python3 scripts/bitrix24_call.py crm.deal.add \
  --param 'fields[TITLE]=Test' \
  --dry-run --json

Operation safety

Methods are automatically classified by suffix:

Type Suffixes Required flag
Read .list, .get, .current, .fields
Write .add, .update, .set, .start, .complete, .attach, .send --confirm-write
Destructive .delete, .remove, .unbind --confirm-destructive

The script refuses to execute write/destructive methods without the matching flag. This prevents accidental data changes. When writing scenarios, always include the flag:

python3 scripts/bitrix24_call.py crm.deal.add \
  --param 'fields[TITLE]=New deal' \
  --confirm-write --json

If calls fail, read references/troubleshooting.md and run scripts/check_webhook.py --json.

Batch Calls (Multiple Methods in One Request)

For scenarios that need 2+ methods (schedule, briefing, reports), use batch to reduce HTTP calls:

python3 scripts/bitrix24_batch.py \
  --cmd 'tasks=tasks.task.list?filter[RESPONSIBLE_ID]=5' \
  --cmd 'deals=crm.deal.list?filter[ASSIGNED_BY_ID]=5&select[]=ID&select[]=TITLE' \
  --json

Results are returned under body.result.result keyed by command name. Use batch whenever you need data from 2+ domains.

Cross-command references ($result)

In batch, use $result[name] to pass the output of one command into another. This allows chaining — e.g., create a company and immediately create a contact linked to it:

python3 scripts/bitrix24_batch.py \
  --cmd 'company=crm.company.add?fields[TITLE]=Acme Corp' \
  --cmd 'contact=crm.contact.add?fields[NAME]=John&fields[COMPANY_ID]=$result[company]' \
  --cmd 'deal=crm.deal.add?fields[TITLE]=New deal&fields[CONTACT_ID]=$result[contact]&fields[COMPANY_ID]=$result[company]' \
  --halt 1 \
  --json

Use --halt 1 to stop on first error when commands depend on each other.

Encoding note: Batch commands use query string format — Cyrillic and special characters must be URL-encoded. For complex values, prefer --params-file with the regular bitrix24_call.py instead of batch.

User ID and Timezone Cache

After the first user.current call, user_id and timezone are saved to config. To use cached values without calling user.current again:

from bitrix24_config import get_cached_user
user = get_cached_user()  # returns {"user_id": 5, "timezone": "Europe/Kaliningrad"} or None

If cache is empty, call user.current first — it auto-populates the cache.

Finding the Right Method

When the exact method name is unknown, use MCP docs in this order:

  1. bitrix-search to find the method, event, or article title.
  2. bitrix-method-details for REST methods.
  3. bitrix-event-details for event docs.
  4. bitrix-article-details for regular documentation articles.
  5. bitrix-app-development-doc-details for OAuth, install callbacks, BX24 SDK topics.

Do not guess method names from memory when the task is sensitive or the method family is large. Search first.

Then read the domain reference that matches the task:

  • references/crm.md
  • references/smartprocess.md
  • references/products.md
  • references/quotes.md
  • references/tasks.md
  • references/chat.md
  • references/channels.md
  • references/openlines.md
  • references/calendar.md
  • references/drive.md
  • references/files.md
  • references/users.md
  • references/projects.md
  • references/feed.md
  • references/timeman.md
  • references/sites.md

Technical Rules

These rules are for the agent internally, not for user-facing output.

  • Do not use im.message.add, im.chat.add, im.disk.file.commit, or other im.*/imbot.* methods to reply to the user or deliver files to the user. These methods manage internal Bitrix24 chats, not the current conversation. Use im.* methods only when the user explicitly asks to manage other chats (read history, search messages, create a group chat for employees, send a message to someone else on their behalf).
  • Start with user.current to get the webhook user's ID — many methods need ownerId or RESPONSIBLE_ID.
  • Do not invent method names. There is no calendar.get, tasks.list, etc. Always use exact names from the reference files or MCP search. When unsure, search MCP first.
  • Prefer server-side filtering with filter[...] and narrow output with select[].
  • Filter operators are prefixes on the key: >=DEADLINE, !STATUS, >OPPORTUNITY. Not on the value.
  • Use *.fields or user-field discovery methods before writing custom fields.
  • Expect pagination on list methods via start (page size = 50).
  • Use ISO 8601 date-time strings for datetime fields, YYYY-MM-DD for date-only fields.
  • Treat ACCESS_DENIED, insufficient_scope, QUERY_LIMIT_EXCEEDED, and expired_token as normal operational cases.
  • For imbot.*, persist and reuse the same CLIENT_ID.
  • When a call fails, run scripts/check_webhook.py --json before asking the user.
  • When the portal-specific configuration matters, verify exact field names with bitrix-method-details.

API Module Restrictions

Not all Bitrix24 REST modules work as expected through a webhook. Some methods exist only for external system integration. Before using methods from these modules, understand their limitations:

  • Telephony (voximplant.*, telephony.*): Does NOT make real calls. telephony.externalcall.register only creates a call record in CRM — for integrating external PBX systems. Tell the user the REST API cannot initiate voice connections.
  • Mail services (mailservice.*): Configures SMTP/IMAP server settings, cannot send or read emails. No REST API exists for actual email operations.
  • SMS providers (messageservice.*): Registers SMS providers, does not send messages directly. Requires a pre-configured external provider.
  • Connectors (imconnector.*): Infrastructure for connecting external messengers to Open Lines. Requires an external server handler. Useless without a configured integration.
  • Widget embedding (placement.*, userfieldtype.*): Registers UI widgets and custom field types. Only works in Marketplace application context, not via webhook.
  • Event handlers (event.*): Registers webhook handlers for events. Requires an external HTTP server to receive notifications.
  • Business processes (bizproc.*): bizproc.workflow.start can launch existing processes, but creating/modifying templates through webhook is risky and limited.

If the user requests something from these modules — do not refuse. Explain what the method actually does and what it does NOT do. Let the user decide.

Domain References

  • references/access.md — webhook setup, OAuth, install callbacks.
  • references/troubleshooting.md — diagnostics and self-repair.
  • references/mcp-workflow.md — MCP tool selection and query patterns.
  • references/crm.md — deals, contacts, leads, companies, activities.
  • references/smartprocess.md — smart processes, funnels, stages, universal crm.item API.
  • references/products.md — product catalog, product rows on deals/quotes/invoices.
  • references/quotes.md — quotes (commercial proposals), smart invoices.
  • references/tasks.md — tasks, checklists, comments, planner.
  • references/chat.md — im, imbot, notifications, dialog history.
  • references/channels.md — channels (каналы), announcements, subscribers, broadcast messaging.
  • references/openlines.md — open lines (открытые линии), omnichannel customer communication, operators, sessions.
  • references/calendar.md — sections, events, attendees, availability.
  • references/drive.md — storage, folders, files, external links.
  • references/files.md — file uploads: base64 inline for CRM, disk+attach for tasks.
  • references/users.md — users, departments, org-structure, subordinates.
  • references/projects.md — workgroups, projects, scrum, membership.
  • references/feed.md — activity stream, feed posts, comments.
  • references/timeman.md — time tracking, work day, absence reports, task time.
  • references/sites.md — landing pages, sites, blocks, publishing.

Read only the reference file that matches the current task.

Note: Bitrix24 has no REST API for reading or sending emails. mailservice.* only configures SMTP/IMAP services.

Usage Guidance
This skill is internally consistent for a Bitrix24 webhook integration, but review these points before installing: - BITRIX24_WEBHOOK_URL is a secret: use a dedicated webhook with minimal scopes required (CRM, Tasks, Calendar, Disk, IM, etc.) and the smallest-permission account possible; you can revoke it later from Bitrix24 admin. - The skill will autonomously call your Bitrix24 portal for read requests when user messages match trigger topics (no confirmation). If you prefer manual control, disable implicit invocation or avoid granting the skill autonomous invocation. - The skill stores a small non-secret cache at ~/.config/bitrix24-skill/cache_user_timezone.json (user_id and timezone) with attempted 600 permissions — verify this path is acceptable in your environment. - The skill references an MCP documentation server at https://mcp-dev.bitrix24.tech for docs/tooling; this is for method documentation only and not used to transmit your webhook, but verify you are comfortable with the registry metadata pointing at a dev-hosted doc server. - If you need stronger assurance, test the skill with a low-privilege webhook and monitor network activity and webhook usage in your Bitrix24 admin panel. Overall: coherent and expected for its purpose; exercise the usual caution with webhook secrets and implicit/autonomous invocation.
Capability Analysis
Type: OpenClaw Skill Name: bitrix24-rest Version: 1.2.1 The bitrix24-rest skill bundle is a well-structured integration for interacting with the Bitrix24 REST API. It follows security best practices by handling the sensitive webhook URL via environment variables (BITRIX24_WEBHOOK_URL) and implementing safety flags (--confirm-write, --confirm-destructive) in its core execution scripts (bitrix24_call.py and bitrix24_batch.py) to prevent accidental data modification. The SKILL.md instructions provide clear operational boundaries for the AI agent, explicitly requiring user confirmation for any non-read operations. No evidence of malicious intent, data exfiltration, or unauthorized execution was found across the code or documentation.
Capability Assessment
Purpose & Capability
Name/description match the implementation: scripts call Bitrix24 REST endpoints using a webhook URL read from BITRIX24_WEBHOOK_URL; python3 is the only required binary and MCP docs are declared as documentation tooling. The included scripts and reference docs align with a CRM/tasks/calendar/drive/chat integration.
Instruction Scope
SKILL.md explicitly instructs the agent to perform read-only requests immediately (implicit invocation) without asking the user for confirmation and to retry once on failure. This behavior is consistent with the stated UX (business user, immediate answers), but it grants the skill autonomous network access to the user's portal whenever user messages match the trigger topics — an expected capability for this integration but one users should be aware of.
Install Mechanism
There is no opaque install/download step. The package is instruction/script-only (Python scripts included) and does not perform background pip installs. Earlier changelog entries show they removed silent runtime installs. Nothing in the manifest pulls code from untrusted URLs or writes arbitrary binaries to disk.
Credentials
Only BITRIX24_WEBHOOK_URL is required and declared as the primary credential. That secret is necessary to call the Bitrix24 REST webhook and the code reads it from the env var only. The skill writes a small non-secret cache file (~/.config/bitrix24-skill/cache_user_timezone.json) for user_id/timezone; this is documented and permissioned as 600 where possible.
Persistence & Privilege
The skill is not forced-always, and it does not request system-wide privileges. It is allowed to be invoked autonomously (platform default). Combined with the SKILL.md rule to execute read requests immediately, this gives the skill a real-time network blast radius (it will contact the user's portal whenever trigger keywords appear). This is coherent with the stated purpose but worth user attention.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bitrix24-rest
  3. After installation, invoke the skill by name or use /bitrix24-rest
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.1
**Changelog for version 1.2.1** - Major simplification: The webhook is now provided only via the BITRIX24_WEBHOOK_URL environment variable; all local credential storage logic removed. - Security model updated in documentation to reflect no disk storage and clarify environment variable usage. - Removed scripts/save_webhook.py, as secure storage setup is no longer needed. - SKILL.md updated to clearly describe the new setup process, environment variable requirement, and cleaner cache handling. - All previous references to keyring, encrypted storage, and multi-level fallback have been eliminated for improved simplicity and security.
v1.2.0
Version 1.2.0 - Security model clarified: AES-256 encrypted file storage now explicitly requires a password source (`BITRIX24_KEYRING_PASSWORD` or `/etc/machine-id`); if unavailable, encrypted storage is skipped. - Documented that the skill reads `/etc/machine-id` only for deriving encryption keys—no other local system data accessed. - Explained implicit invocation: skill activates automatically on Bitrix24-relevant topics; read requests always execute immediately. - No functional code changes; documentation and security details improved.
v1.1.9
No user-visible changes in this release. - Version bumped to 1.1.9 with no file modifications detected.
v1.1.8
No user-visible changes or file updates in this version. - Version bump only; no modifications detected in code or documentation. - Behavior and requirements remain unchanged from previous release.
v1.1.7
Version 1.1.7 - Added explicit primary_credential designation for webhook_url in the metadata. - Updated credential security note for clearer guidance about encryption fallback. - No code or behavioral changes; documentation/metadata update only.
v1.1.6
- Added BITRIX24_KEYRING_PASSWORD environment variable option for containerized AES-256 encrypted webhook storage. - Updated documentation for webhook storage fallbacks and encryption password priority. - Clarified credential storage flow and password sourcing in metadata and security section. - No code changes; documentation and metadata improvements only.
v1.1.5
- Expanded secure webhook storage: now supports OS keychain, AES-256 encrypted file, or plaintext fallback depending on environment. - Added description of new package requirements for encrypted storage (`keyrings.alt`, `pycryptodome`). - Updated credential storage documentation to reflect auto-detection and package auto-install behavior. - No changes to user-facing commands or features.
v1.1.4
**Summary: Bitrix24 webhook storage migrated to OS keychain for improved security.** - Webhook URL is now stored securely in the operating system keychain using the `keyring` library (not on disk). - Added `keyring` to required Python packages. - Updated credential metadata to reflect keychain usage and no longer mention local encryption files. - Non-secret data remains in the config file; secrets are never written to disk in plain text. - Documentation and metadata updated for clarity on new security and storage approach.
v1.1.3
- Added a detailed Security Model section specifying webhook handling, encryption, storage, and user authorization requirements. - Clarified that webhooks are encrypted at rest with a randomly generated key; all API calls go directly to the user's Bitrix24 portal. - Updated credential instructions to emphasize encrypted storage and recommend using webhooks with minimal required scopes. - Minor metadata update: explicitly lists the config path under requirements. - No changes to user-facing features or behaviors; all business usage rules and scenarios remain unchanged.
v1.1.2
No code or configuration changes detected in this version. - Version bump only; no functional or documentation updates. - All existing features, usage instructions, and user experience remain unchanged.
v1.1.1
Version 1.1.1 - Added support for user-provided Bitrix24 webhook URL as a required credential. - Updated user instructions: clarified that all requests use the configured webhook, and user authorization is handled via the webhook URL. - Refined rules for non-technical replies to ensure business-friendly communication. - No code files changed; changes are in documentation and metadata.
v1.1.0
bitrix24-rest 1.1.0 - Switched to native Bitrix24 REST methods for all interactions (e.g. calendar.event.get, tasks.task.list, crm.deal.list). - Added new helper scripts: bitrix24_batch.py, bitrix24_call.py, bitrix24_config.py, check_webhook.py, save_webhook.py. - Removed support and references for bots, telephony, workflows, ecommerce, duplicates, vibe-specific scripts, and related documentation. - Updated business logic rules to never mention technical details (API, webhook, etc.) in user replies. - Improved sample scenario commands and documentation to match native Bitrix24 method names. - Retained clear, business-centric user flows and actionable next-step suggestions.
v1.0.1
- Removed auto-update and publish scripts from the repository. - No changes to skill logic or user experience.
v1.0.0
Initial release of Bitrix24 REST skill: - Enables interaction with Bitrix24 via natural language for CRM, tasks, calendar, chat, projects, and more. - Automatically interprets user requests and executes relevant actions, presenting business information in a clear, non-technical format. - Combines data from multiple Bitrix24 areas (e.g., calendar + tasks) into unified schedules or reports. - Highlights urgent or important information, such as overdue tasks or stalled deals. - Provides concise hints for next actions after displaying results. - Adapts responses to the user's language and presents information in business terms.
Metadata
Slug bitrix24-rest
Version 1.2.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 14
Frequently Asked Questions

What is Bitrix24 REST API?

Work with Bitrix24 (Битрикс24) via REST API and MCP documentation server. Triggers on: CRM — "сделки", "контакты", "лиды", "воронка", "клиенты", "deals", "co... It is an AI Agent Skill for Claude Code / OpenClaw, with 375 downloads so far.

How do I install Bitrix24 REST API?

Run "/install bitrix24-rest" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bitrix24 REST API free?

Yes, Bitrix24 REST API is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Bitrix24 REST API support?

Bitrix24 REST API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bitrix24 REST API?

It is built and maintained by Bitrix24 (@bitrix24); the current version is v1.2.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments