Skip to main content

Restict Access to OnlyOffice Document Server to Nextcloud Users Only

ONLYOFFICE Document Server can use a token generated using the JSON Web Tokens (JWT) standard in order to secure the connection and restrict access the the OnlyOffice Document server which by default is accessible to everyone.

  • Edit the /etc/onlyoffice/documentserver/local.json file and find the following section:
"token": {

        "enable": {

          "request": {

            "inbox": false,

            "outbox": false


          "browser": false

Set all the settings from “false” to “true” so it looks like below:

"token": {

        "enable": {

          "request": {

            "inbox": true,

            "outbox": true


          "browser": true

Locate the following section:

"secret": {

        "inbox": {

          "string": "secret"


        "outbox": {

          "string": "secret"


        "session": {

          "string": "secret"

Substitute “secret” with a secret token of your choosing (ex: ThisisTheSecret) so it looks like below:

"secret": {

        "inbox": {

          "string": "ThisisTheSecret"


        "outbox": {

          "string": "ThisisTheSecret"


        "session": {

          "string": "ThisisTheSecret"
  • Save the file and restart the services:
sudo supervisorctl restart all


  • Go in Nextcloud under Settings --> ONLYOFFICE  and click on Advanced server settings. In the Secret key field enter the THESECRET token you created earlier and click the Save button (Figure 1).

Figure 1


  • Click the “Save” button, you should get the following message on top of the Nextcloud window (Figure 2):

Figure 2
