Signature

ONLYOFFICE Document Server uses tokens generated using the JSON Web Tokens standard.

This feature is used in Document Server starting with version 4.2

For the validation setup it is necessary to edit the configuration file which can be found (or created) at the following path:

For Linux - /etc/onlyoffice/documentserver/local.json.
For Windows - %ProgramFiles%\ONLYOFFICE\DocumentServer\config\local.json.
The default values are available in the default.json configuration file, which is available in the folders above (for Linux and Windows). Please do not edit the contents of the default.json file directly. The default values will be restored each time you restart Docker container or upgrade Document Server to a new version and all your changes will be lost.

Restart the services for the config changes to take effect:

supervisorctl restart all
Parameters
Parameter Description Type Example
services.CoAuthoring.secret.inbox.string Defines the secret key to generate the token in the browser for the document editor opening and calling the methods and the requests to the document command service and document conversion service. string secret
services.CoAuthoring.secret.outbox.string Defines the secret key to generate the token in the requests by document editing service to "callbackUrl" address. string secret
services.CoAuthoring.token.enable.browser Specifies the enabling the token validation in the config for the document editor opening and calling the methods. boolean false
services.CoAuthoring.token.enable.request.inbox Specifies the enabling the token validation in the requests to the document command service and document conversion service. boolean false
services.CoAuthoring.token.enable.request.outbox Specifies the enabling the token generation for the requests by document editing service to document storage service. boolean false
Sample local.json configuration
{
    "services": {
        "CoAuthoring": {
            "secret": {
                "inbox": {
                    "string": "secret"
                },
                "outbox": {
                    "string": "secret"
                },
            },
            "token": {
                "enable": {
                    "browser": true,
                    "request": {
                        "inbox": true,
                        "outbox": true
                    }
                }
            }
        }
    }
}