Authentication in the API

Authentication is validating the authenticity of a user. Below is a description of authentication steps in Yandex.Cloud.

Step 1. Authorization in Yandex

Log in to Yandex using your account. For more information, see Your Yandex account.

Step 2. Getting an OAuth token

To start working with the Yandex.Cloud API, you need to get an OAuth token. It allows accessing Yandex services on behalf of the user.

You can get the OAuth token in the Yandex.OAuth service. To do this, follow the link and click Allow.

Save the received OAuth token.

Step 3. Changing the OAuth token for an IAM token

To work with the APIs of other Yandex.Cloud services, you need to get an IAM token. To do this, use the method create. In the request body, pass the OAuth token (in the field yandexPassportOauthToken). The received IAM token is valid for 12 hours. After that period expires, get a new IAM token.

Step 4. Using the IAM token

The received IAM token allows you to make requests to Yandex.Cloud services. The IAM token must be passed in the Authorization header of each API request. The full format of the header record is as follows:

Authorization: Bearer [your IAM token]

Before executing a request, Yandex.Cloud checks if the token is valid and the request can be executed. If the user does not have the necessary permissions, the request will not be executed.

See also