push notification
firebase
fcm
Studio_Creatio
8.0

Hi all,

i'm trying to setup a backend system able to send push notification to mobile app (not developed in creatio) through FCM rest API.

The first hurdle is obtaining a valid token to authenticate to notification api exposed by firebase. In order to obtain this token i do have to call another rest api passing a jwt token generated by me and signed by a private key downloaded from fcm.

I've got a code (pasted below) that manages to generate this encrypted token and it's working in visual studio. But if i try to use it in a script task i got the exception 

'RSA' does not contain a definition for 'ImportPkcs8PrivateKey' and no accessible extension method 'ImportPkcs8PrivateKey' accepting a first argument of type 'RSA' could be found (are you missing a using directive or an assembly reference?)

As far as i know this exception is thrown if .net core being used is version 5 or below. But i'm on a demo instance with creation 8.2.0.4183 which should be already using net core 6 right?

Do you have any suggestion? (the flow is already configured to import System.Security.Cryptography)

 

 

--code--

   var now = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
var header = new Dictionary
       {
           { "alg", "RS256" },
           { "typ", "JWT" }
       };
string headerJson = JsonConvert.SerializeObject(header);
string encodedHeader = Convert.ToBase64String(Encoding.UTF8.GetBytes(headerJson)).TrimEnd('=').Replace('+', '-').Replace('/', '_');

var payload = new Dictionary
       {
           { "iss", CLIENT_EMAIL },
           { "scope", SCOPE },
           { "aud", TOKEN_URI },
           { "iat", now },
           { "exp", now + 3600 }
       };
string payloadJson = JsonConvert.SerializeObject(payload);
string encodedPayload = Convert.ToBase64String(Encoding.UTF8.GetBytes(payloadJson)).TrimEnd('=').Replace('+', '-').Replace('/', '_');
string unsignedJwt = $"{encodedHeader}.{encodedPayload}";
byte[] dataBytes = Encoding.UTF8.GetBytes(unsignedJwt);

// Decode PEM -> PKCS#8 bytes
string cleanKey = PRIVATE_KEY
   .Replace("-----BEGIN PRIVATE KEY-----", "")
   .Replace("-----END PRIVATE KEY-----", "")
   .Replace("\\n", "\n")  // ← decodifica reale da stringa JSON
   .Trim();


byte[] privateKeyBytes = Convert.FromBase64String(cleanKey);

// Firma con RSA-SHA256
byte[] signature;
using (var rsa = RSA.Create())
{
   rsa.ImportPkcs8PrivateKey(privateKeyBytes, out _);
   signature = rsa.SignData(dataBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
string encodedSignature = Convert.ToBase64String(signature)
   .TrimEnd('=').Replace('+', '-').Replace('/', '_');

string jwt = $"{unsignedJwt}.{encodedSignature}";


return true;

Like 1

Like

1 comments
Best reply

Hi Roberto,

In the cloud-based demo version of Creatio (including your current instance), the Script Task in business processes runs under .NET Framework 4.7.2. This limitation is specific to the cloud version. If you run Creatio on-premises, it's possible to configure and run business logic under .NET Core instead.

As a result, the method ImportPkcs8PrivateKey() is not available in the cloud version. Other types like RSASignaturePadding, HashAlgorithmName, and RSA.Create() are also unavailable in this context.

Recommended Solution:
Move JWT generation to an external service
- Create a small Web API (in .NET 6 or above).
- Let it generate and return the signed JWT token.
- Call it from Creatio using HTTP request.

Hi Roberto,

In the cloud-based demo version of Creatio (including your current instance), the Script Task in business processes runs under .NET Framework 4.7.2. This limitation is specific to the cloud version. If you run Creatio on-premises, it's possible to configure and run business logic under .NET Core instead.

As a result, the method ImportPkcs8PrivateKey() is not available in the cloud version. Other types like RSASignaturePadding, HashAlgorithmName, and RSA.Create() are also unavailable in this context.

Recommended Solution:
Move JWT generation to an external service
- Create a small Web API (in .NET 6 or above).
- Let it generate and return the signed JWT token.
- Call it from Creatio using HTTP request.

Show all comments
Validation
Field validation
Phone number format
communication options
Studio_Creatio
8.0

Hello,

I created a validation for telephone numbers as explained in this article: Implement the validation of a field value on a page | Creatio Academy
For testing purposes, I added it to the notes field on the contacts form, and it works fine.


However, I want to add the validation to the communications options on the left side of the form.
How do I bind the validation in the viewModelConfigDiff?
Also, only communication options of type "phone number" should be validated.

 

Thanks,

Robert

Like 1

Like

3 comments

Hello,

Currently there is no way to add the validator using the regular approach with the validators property on the schema. However you can try adding it using the formControl for the ContactCommunicationOptionsItems (but note that this will be applied for phones, email, skype and web (in other words for all communication options)).

 

How to add the validator using formControl:

 

  1. Implement the same validator on some separate field on the page
  2. Find this validator in the context of the crt.HandleViewModelAttributeChangeRequest request execution (like request.$context._validators["AccountAccountCategory_List.value"][0]), but replace AccountAccountCategory_List.value with your attribute name on the page to which the validator is added. Also make sure array with only one element is returned (since you can have several validators for the same field and the array of validators can contain more than 1 element thus ...["AccountAccountCategory_List.value"][0] can return another validator.
  3. In the context of the crt.HandleViewModelAttributeChangeRequest request (connected to the change of the ContactCommunicationOptionsItems attribute) add the following code:

request.$context.getControl("ContactCommunicationOptionsItems").formControl.addValidators(request.$context._validators["AccountAccountCategory_List.value"][0])
 

But replace equest.$context._validators["AccountAccountCategory_List.value"][0] with the needed validator.

 

This is the only way to add the validator for this CommunicationOptions component (but once again note that this will be added to all the other communication options). 

Oleg Drobina,

thank you for pointing me in the right direction!

However, I can't get it to run...I used the following code, but the validation won't be triggered:

			{
			    request: "crt.HandleViewModelAttributeChangeRequest",
			    handler: async (request, next) => {
					if (request.attributeName === 'ContactCommunicationOptionsItems') {
						const validators = request.$context._validators;
						const telValidator = validators["StringAttribute_cuzyv0b"]?.[0];
						if (telValidator) {
							request.$context.getControl("ContactCommunicationOptionsItems").formControl.addValidators(telValidator);	
						}
					}					
			        return true;
			    }
			}

What's also strange is that when the handler is executed again (after I changed the field value), all properties of the formControl related to validation (asyncValidator, validator, _rawValidators, _rawAsyncValidators) are empty again!

Any idea what could go wrong here?

Thanks,

Robert

 

Robert Pordes,

Unfortunately no, this was the way I used locally and that worked and maybe the difference may arrise in the application version that was used for tests (8.2.2 in my case) or in other handlers maybe. This should be debugged only, there is no other way to identify what's wrong.

Show all comments
Studio_Creatio

Is there a way to implement authentication in an IFrame of my web app inside Creatio using the info of the already signed on user in Creatio?

Like 0

Like

1 comments


Hello, Creatio supports SAML and OpenId authentication protocols. If your third-party application also supports such a protocol, then the task can be realized in theory, the main point is to add an authorization string to the link in Sso: For OpenId: https://sitename.creatio.com/0/Shell/?autoOpenIdLogin=true#IntroPage/SystemDesigner For SAML: https://sitename.creatio.com/Login/NuiLogin.aspx?use_sso=true&ReturnUrl=%2f0%2fShell%2f#IntroPage/SystemDesigner We also recommend that you consider enabling SSO redirect for the environment, so that when you log in to the login page or follow a link, you will be redirected to the Identity Provider's login page: Step 5. in the article: https://academy.creatio.com/docs/user/setup_and_administration/user_and_access_management/authentication/set_up_sso_via_adfs/single_sign-on_via_adfs Unfortunately, we don't have any ready-made instructions, as we haven't tested such solutions, but Creatio supports SSO login, so the rest depends on the implementation. Thank you for contacting us, I hope this helps.

Show all comments

Hello,

In Creatio Studio, is it possible to give a user permissions to add users to any role, except to the sys administrator or supervisor roles? If so, how?

Thanks,

Jose

Like 0

Like

1 comments

Hello,

Unfortunately, it's not possible to implement such a logic due to the specifics of the system.

Show all comments

Hi everyone,

I’m currently facing a technical issue with a webhook handler I’ve implemented in Creatio.

Background:

  • I have a webhook endpoint that gets called by an external system at a rate of approximately 150 hits per second.
  • The Creatio database has a maximum connection limit of 400 connections.

The Problem:

During high load, I observed that the number of open database connections increases rapidly, and some queries are left idle (idle in transaction) even after the handler completes its process.

This leads to:

  • Exhaustion of available database connections
  • Timeout errors on other operations
  • Overall system unresponsiveness

What I’ve Tried So Far:

  1. I modified the data access code by changing queries from ESQ (EntitySchemaQuery) to direct Entity usage.
  2. I manually handled database connections by using:
    • using (DBConnection dbConnection = new DBConnection(...)) { ... }
    • Explicit calls to .Close() and .Dispose() on connections to ensure cleanup.

Despite these adjustments, I'm still seeing idle queries accumulating under high load.

My Questions:

  1. What could be the possible reasons why queries remain idle even after the handler has completed?
  2. Are there any known best practices in Creatio for managing database connections under high request volumes like this?
  3. Is there a proper way to ensure UserConnection or underlying connections are completely released, especially in high-frequency webhook scenarios?

I would really appreciate any insights, suggestions, or shared experiences that could help resolve this issue.

Thank you in advance!

Like 1

Like

1 comments

Hello.

1. There are many potential reasons for this behavior:
- Blocking at the DB level (when a large number of requests block each other), such requests may be displayed as "idle in transaction".
- Incorrect operation in the code that executes requests, but "a lot" of code is executed between the start of the transaction and the commit.
- There is not enough capacity of the DB server to process requests (including releasing the connection after the request is completed).

There is also a probability that the issue lies in the handler itself, and it doesn't close the database connection once the query is executed, but the issue may also be in the server configuration. 

2. The options that you use are suitable for such purposes (but of course it all depends on what code and what requests are being generated).

3. At the code level, they must be completely released. At the DB level, the DBMS itself is engaged in the release, with sufficient capacity it usually copes well.
Without knowing what code is executed, what requests, what capacities with such activity it is difficult to accurately name the cause and how it can be fixed.

Best regards,
Antonii.

Show all comments
Studio_Creatio
8.0

I need to download a file attached to an object and then upload it to an API that will process it.
I've already tried using Odata, but I always get a 204 error. I also tried creating a web service, but I couldn't. Now I'm trying to convert the file to Base64 using a script task, but I'm still unsuccessful. It's a production environment.

Like 0

Like

2 comments

Hello,

You can find the instructions on working with files via API in the article below:

https://academy.creatio.com/docs/8.x/dev/development-on-creatio-platfor…

Mira Dmitruk,

Hello Mira, thanks, finally i can do it, i make an internal web service with API File Management, and with some parameters i can get the document in Base64 and send to AI Bot.

Show all comments
Studio_Creatio
8.0

i want download an attached file on Creatio, using this endpoint:
https://miinstance.com/0/odata/ContactFile(f7946070-164d-48d3-8516-c31aff3f1588)/Data
But, don't work, If I consult directly without data, I receive the data, but to add /Data i receive the 204 status, y try with demo instance and works!, but in my production enviroment i always get the 204 status

 

{
    "@odata.context": "https://astec.creatio.com/0/odata/$metadata#ContactFile/$entity",
    "Id": "cd7641f2-8e9f-00c5-6662-c68f0f2dd298",
    "CreatedOn": "2025-05-16T22:46:30.610332Z",
    "CreatedById": "410006e1-ca4e-4502-a9ec-e54d922d2c00",
    "ModifiedOn": "2025-05-16T22:46:31.525903Z",
    "ModifiedById": "410006e1-ca4e-4502-a9ec-e54d922d2c00",
    "Name": "Abril 2025.pdf",
    "Notes": "",
    "LockedById": "00000000-0000-0000-0000-000000000000",
    "LockedOn": "0001-01-01T00:00:00Z",
    "TypeId": "529bc2f8-0ee0-df11-971b-001d60e938c6",
    "Version": 1,
    "Size": 135896,
    "ProcessListeners": 0,
    "ContactId": "35e409d2-c8fd-4790-9adf-43ff73abfc3e",
    "SysFileStorageId": "65e42805-0e6d-43c9-8784-32b555f08421",
    "FileGroupId": "efbf3a0d-d780-465a-8e4b-8c0765197cfb",
    "Tag": "",
    "TotalSize": 135896,
    "Data@odata.mediaEditLink": "ContactFile(cd7641f2-8e9f-00c5-6662-c68f0f2dd298)/Data",
    "Data@odata.mediaReadLink": "ContactFile(cd7641f2-8e9f-00c5-6662-c68f0f2dd298)/Data",
    "Data@odata.mediaContentType": "application/octet-stream"
}
Like 0

Like

4 comments

Hello,

Here are a few possible reasons for this behavior and some directions on where to start the investigation:

1. A 204 response usually means the endpoint was found, but the file content is zero bytes. This can happen if the file wasn’t uploaded correctly or if there’s an issue with the file storage. You can confirm this by checking the file size directly in the database, for example:
SELECT DATALENGTH([Data]) AS Bytes
FROM   ContactFile
WHERE  Id = 'f7946070-164d-48d3-8516-c31aff3f1588'
If this returns 0, the problem is likely at the storage level, not the API.

2. In production, the file may be stored in an external location like AWS S3, Azure Blob, or a network share. In this case check the ActiveFileContentStorage system setting is correctly configured.

If your website is using an S3 storage and since it's an external storage there is no possibility to use OData to get files from it. 
In this case we recommend to use a FileApiService in case you need to work with files on your website.

Nick Ovchynnik,

 

Nick Ovchynnik,

Hi Nick, I noticed that the storage is on S3, but I tried to create a web service with FileApiService to retrieve these documents attached to an object, but I wasn't successful. Not to mention creating a ScriptTask didn't work either.
Do you have a working example of how to do this?

Hi,

This article describes the operations with the files. Specifically, under the "Retrieve the file content" expandable tab.

If you face a specific issue with some part of the code, please submit a ticket to support@creatio.com so our team can address the error you got and suggest a solution.

Nick Ovchynnik,

Nick, finally i can make a webservice that, download a base64 of the selected document, let the code here, for help others with the same need.
Thank you very much.

namespace Terrasoft.Configuration.UsrFileRetrievalServiceNamespace {
    using System;
    using System.IO;
    using System.ServiceModel;
    using System.ServiceModel.Web;
    using System.ServiceModel.Activation;
    using Terrasoft.Web.Common;
    using Terrasoft.Core;
    using Terrasoft.Core.Factories;
    using Terrasoft.File;
    using Terrasoft.File.Abstractions;
 
    [ServiceContract]
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
    public class UsrFileRetrievalService : BaseService {
 
        [OperationContract]
        [WebInvoke(Method = "GET", RequestFormat = WebMessageFormat.Json,
                   BodyStyle = WebMessageBodyStyle.Wrapped,
                   ResponseFormat = WebMessageFormat.Json)]
        public string GetFileBase64(string fileId, string schemaName) {
            try {
                // Validaciones básicas
                if (string.IsNullOrEmpty(fileId) || string.IsNullOrEmpty(schemaName)) {
                    return "Parámetros inválidos.";
                }
 
                Guid recordId = new Guid(fileId);
 
                // Creamos el localizador del archivo
                var fileLocator = new EntityFileLocator(schemaName, recordId);
 
                // Obtenemos la fábrica de archivos
                IFileFactory fileFactory = UserConnection.GetFileFactory();
 
                // Cargamos el archivo desde la base de datos
                IFile file = fileFactory.Get(fileLocator);
 
                // Leemos el contenido del archivo
                byte[] content;
                using (Stream stream = file.Read()) {
                    using (var ms = new MemoryStream()) {
                        stream.CopyTo(ms);
                        content = ms.ToArray();
                    }
                }
 
                // Convertimos a Base64 para retorno JSON seguro
                return Convert.ToBase64String(content);
            } catch (Exception ex) {
                return $"Error: {ex.Message}";
            }
        }
    }
}
Show all comments
Studio_Creatio
studio
Studio_Creatio
8.0

Hi Community,

I'm currently using the RichText element in a Creatio Freedom UI page to load a static HTML page inside a Tab container. The HTML content is stored in a System Setting, and I retrieve this code at runtime to display it using the RichText editor.

For example, I read the HTML code from a System Setting and then attempt to render the full HTML (including inline styles) in the RichText element.

However, I'm facing an issue where inline styles or custom CSS seem to be stripped out.

Figure 1: Original Design Layout

Figure 2: Current UI Output

Has anyone else encountered this?

Any suggestions would be appreciated.

Thanks in advance!

Like 2

Like

1 comments

Hi everyone, kindly bumping this up, any input would be greatly appreciated.

Show all comments

Below is the link I used, which I followed to a tee. I built the image with changed database string, testing the connections, verified Creatio is running, and still the container fails to start???

 

https://academy.creatio.com/docs/8.x/setup-and-administration/on-site-deployment/deployment-additional-setup/identity-service/set-up-the-identity-service-instruction#title-2002-6

appsettings.json:

{
  "Logging": {
    "LogLevel": {
      "Default": "Debug"
    }
  },
  "AllowedHosts": "*",
  "AllowedCorsOrigins": "[\"none.com\"]",
  "DbProvider": "Postgres",
  "DatabaseConnectionString": "Server=host.docker.internal;Port=5432;Database=creatio_db;User ID=postgres;password=testpassword123;Timeout=500; CommandTimeout=400;MaxPoolSize=1024;",
  "X509CertificatePath": "openssl.pfx",
  "Clients": "[{\"ClientId\":\"IdServiceUsers\",\"ClientName\":\"Bpmonline designer\",\"Secrets\":[\"665b6f638c2da3ecc5d3a1868eb9352f6e01ee4a\"],\"AllowedGrantTypes\":[\"implicit\",\"client_credentials\"],\"RedirectUris\":[\"http://localhost:4200\",\"http://localhost:4200/lib\",\"http://localhost:4200/lib/\"],\"PostLogoutRedirectUris\":[\"http://localhost:4200\"],\"IdentityTokenLifetime\": 300,\"AccessTokenLifetime\": 3600,\"Properties\": {\"AllowedQueryParameters\": \"[\\\"invitationHash\\\",\\\"targetSubject\\\"]\"},\"AllowedScopes\": [\"register_own_resource\", \"get_resource_list\", \"get_client_info\",\"find_clients\",\"remove_client\",\"update_client\", \"add_registrar_client\", \"IdentityServerApi\"]}]",
  "FeatureManagement": {
    "Full": true
  },
  "DbConnectionRetryOptions": {
    "MaxRetryCount": 5,
    "MaxRetryDelay": 6
  },
  "IgnoreDbCertificateValidation": true,
  "MsSqlCompatibilityLevel": 120
}
The Dockerfile:
 
FROM mcr.microsoft.com/dotnet/aspnet:8.0
 
WORKDIR /app
COPY . ./
 
ENV ASPNETCORE_URLS=http://+:80
EXPOSE 80
ENTRYPOINT ["dotnet", "IdentityService.dll"]
The command I used to run the dotnet8 IdentityService:
 
docker run --env=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --env=ASPNETCORE_URLS=http://+:80 --env=DOTNET_RUNNING_IN_CONTAINER=true --env=DOTNET_VERSION=8.0.10 --env=ASPNET_VERSION=8.0.10 --workdir=/app -p 80:80 -d creatio-identity-service:latest

Like 0

Like

4 comments

Hello,

Please try to set up the Identity Service logging (point 8 from this article) and then run it again to see if any additional details or errors are logged there. 

Mira Dmitruk,

I set that up as well after this post and the container fails to start, which returns no logs.

Hello,
If the container fails to start and produces no logs, even after enabling logging as per point 8 in the article, then the issue most likely lies at a runtime or container-level problem, before your application code even runs.

1. Check the Container’s Exit Logs
Run: docker ps -a
Look for the container that exited. Then: docker logs <container_id>
If logs are still empty, it crashed before application output - most likely a .NET runtime issue or entry point failure.

2. Try starting the container manually in interactive mode to see what's wrong:

docker run -it --rm creatio-identity-service:latest /bin/bash

Once inside: dotnet IdentityService.dll

Observe the error. Common issues:
- DLL not found (IdentityService.dll)
- Broken dependencies
- Misnamed or incorrectly copied files

 

3. Confirm the application runs outside docker. Just to rule out .NET or config issues, run: dotnet IdentityService.dll
in your host machine's CLI, from the same folder you're using in the Docker context. If it fails here, the issue is in appsettings.json or dependencies.

I resolved the issue, thank you for the advice. The issue was caused by a missing openssl file.

Show all comments

We are currently facing an issue with how incoming calls are handled within Creatio. When an incoming call is received, it is correctly routed to multiple available operator extensions simultaneously, which is expected behavior. However, the problem arises because Creatio is creating multiple call records — one for each operator to whom the call was redirected — even though only one of them actually answers the call.

We have a business process configured that is triggered upon the creation or modification of a record in the "Call" object. This process opens the customer profile page for the operator to assist in providing relevant information during the call.

The issue is that, due to multiple call records being created for the same incoming call, the business process is being triggered for all operators, not just the one who answers the call. As a result, the customer profile page is opening for all operators who received the call notification, which leads to confusion and unnecessary disruption.

Expected Behavior:
Only one call record should be created — specifically for the operator who actually answers the call. Consequently, the customer profile page should open only for that operator, not for everyone whose extension the call was redirected to.

Request:
We would appreciate your guidance or support in resolving this issue, either by adjusting the way call records are created or by providing a method to identify and limit the process execution to only the operator who answers the call.

Like 0

Like

3 comments

Hello,

Here’s how the basic logic works:

If a call appears on the CTI panel, it is automatically saved in the Calls section.
So, if a call is received by a group of 5 users, it will appear on the CTI panel for all 5 users. However, only one of them will actually answer the call.
As a result, 5 call records will be created in the Calls section, but only one will show that a conversation took place.

To avoid this, we recommend changing the call routing so that calls are directed to operators one at a time (sequentially).

This would require custom development, and unfortunately, we don’t have a ready-made example of this kind of implementation.



Best regards,
Malika

Hello, 

please take a look at this post: https://community.creatio.com/questions/cti-panel-answercall-method-ove… . Maybe it will help you in implementing similar logic in your process to what we did (trigger when user answers the call, instead when call record is created in database).

Best Regards,

Jelenko.

Jelenko Mršić,

Hello, 
Thank you for your response, I've tried using "Time to Connect" field as you have shown in your solution, but still the problem is not solved and when I checked incoming call is going to 4 different extension and only one operator is picking up the call but still the backend process is running for other operators too.

In the below screenshot the last column represent - "Time to Connect" value. 

 

Do you have any idea what could be the problem now?

Thanks.

Show all comments