Developers » Community App Documentation
1. App registration
Firstly, you need to register your apps API_ID:

Choose Embedded app, select Community app, create a name and verify the action via SMS.
You will be redirected to your apps administration interface. Go to the settings tab and create an iFrame address. This is the URL of your sites page, which will then be displayed inside the VK frame. Its also necessary to indicate the address of the apps mobile version, which is adapted from mobile app browsers. If the main version of the site is adapted, just double the address in the field.
Attention the address must have the HTTPS protocol. For webpages, they should be permitted for inclusion into the frame.

For further work, youll need a way of identifying ID app fields (in the documentation, it matches the API_ID, app_id or client_id parameters) and secret key (secret_key, app_secret).
2. Work with API
2.1. Launch parameters
While launching apps, the address bar transmits additional parameters, which were contain user and source data.

For example, address bar fragment
can look like this:

Here api_settings access rights which the user gives to the app; viewer_id User ID; group_id Community ID, from which the app was opened; is_app_user information about
the user has the app installed.

Additional information about other launch parameters can be found on this page.

Pay attention Additionally while launching, you can receive the exact data you need from the API. For this, select the field First request to API in app settings. The first requests result will be transmitted within the api_result parameter.

For example, to immediately get the main photograph of a user while launching, use this first request:


Parameter api_result will contain a JSON-object with the method answer users.get for a current user, such as (for viewer_id = 6492):

While launching, in order to transmit random parameters in an app, use the # symbol in the link after which you can indicate a necessary value. Data after # will be transmitted within the hash parameter.

Amongst launch parameters, sign transmits a request signature. With its help, you can ensure that the requested data will not be changed on the clients end.

A PHP code example for checking the request signature:
$sign = "";

foreach ($request->getParams() as $key => $param) {

if ($key == 'hash' || $key == 'sign') continue;

$sign .=$param;


$secret = 'SECRET_KEY';

$sig = $secret ? hash_hmac('sha256', $sign, $secret) : "";

Here is the SECRET_KEY the apps secret key.

2.2. Request user rights
In order to request user rights, call the Client API method showSettingsBox immediately before it is necessary to create a link with these requested rights to API. Never request all rights that you need in the future beforehand. While launching, the app will get access to the users public information.

After changing settings, the event is called onSettingsChanged.

Possible mask values for access rights are available for users listed on this page.

2.3. Request community administrator rights
To access documents, photos, community messages and group settings, you must request community administrator rights. For this, call the method showGroupSettingsBox:

For example:
VK.callMethod("showGroupSettingsBox", 4);

After changing settings, the event is called onGroupSettingsChanged. By way of parameters, the access key and the bit mask of given rights will be transmitted.

The method showGroupSettingsBox can be called only when the app is launched by a community administrator. Possible access right mask values for communities are listed on this page.

2.4. Calling methods
You can use one of these ways of these ways of interacting with API:
  • with the help of SDK. Javascript SDK this is a special library that allows for easy and convenient work with API methods and user interfaces from iFrame-apps. Almost all capabilities of Javascript SDK are mentioned in this manual.
  • directly by using the access key, which transmits to the app while launching (parameter access_token). You can read more about
here in this manual about API requests.

2.5. Sending personal messages
The app can send messages from communities in which it is installed.

We recommend this work scheme: API. If
successful, there event onAllowMessagesFromCommunity will be created.
  • Check whether the message is permitted for sending to a user with the help of the method messages.isMessagesFromGroupAllowed, which is called with the community access key. The user can revoke the rights at any time.
  • Send messages with the help of the method messages.send, which is called with the community access key.
3.1. Platform distinctions
While working with your app, users will often need its default settings immediately after installation. In the list of parameters that is transmitted during the launch, there is a viewer_type. By its definition, you can determine a users role in the community, such as displaying the special interface for community administrators.

While using your app, users can always return to the community from which the app was launched by clicking on push-notifications and other options. Therefore, it is necessary to remember user status so that when returning to your app, he can continue from where he had stopped.

3.2 Forming snippets
In personal messages and wall posts to community apps, this kind published with additional information framed in the format of this snippet.

The snippet contains the community name as the title, and also the image and description of Open Graph tags:
  • Descriptions. If there are the tags og:description, mrs__share_description or twitter:description on the apps page, then the description can be taken from one of these (the one stated first) or the tag <description> will be used.
  • Illustration. If there are the tags og:image, twitter:image or image on the apps page, then the address image for illustrations will be taken from the one that was stated first, or from the first eight tags <img src="...">. And from these, illustration suggestions will be pictures whose height and width are no more than 130 pixels. If the picture is more than 537 pixels wide, then the website link will be followed by an enlarged picture.

Pay attention! In order for you to get data for forming snippets from pages, it is necessary to allow requests whose launch parameters are incomplete. In this request, the only parameters that will be included are api_url, api_id and group_id'''.

3.3. Launching apps from external sites
You can place an installation button on your page for your app on a users community.

Use a link in this format:

Here appId is the ID of your app, and is the address of the reverse call that, in case of success, a request will be made with two parameters: aid (app identifier) and gid (community identifier).

3.4. Moderation
A list of all apps available for addition to communities can be viewed by administrators in the section Community settings→ Apps.

Only approved apps that follow the platform rules will be included in this catalog. In order to submit an application to moderation and place your app in the catalog, message us at In the application, there must be information about the app and a link to the community where the app is installed.