Authorization in the API

    API requests can be made by users on behalf of a Yandex account or a service account.

    To use the API:

    1. Sign up for Yandex.Cloud.

      For more information, see the section Getting started in the documentation on Billing.

    2. Decide which roles will be needed for the account that API requests will be made on behalf of. Select one of the options:

      • The resource-manager.cloud.owner role for the cloud.
      • A pair of roles: resource-manager.cloud.member for the cloud and admin for the cloud or folder.
      • A pair of roles: resource-manager.cloud.member for the cloud and editor for the cloud or folder.

      The resource-manager.cloud.member role doesn't have to be assigned for a service account.

    3. Assign the selected roles to the account:

    4. If you already have a folder in Yandex.Cloud, open the page of that folder in the management console.

      Note

      If you assigned the admin or editor role to a user for a specific folder, select this folder at this step.

      If there is no folder, create one:

      1. In the management console, click Create folder.

      2. Enter the folder name.

        The name may contain lowercase Latin letters, numbers, and hyphens. The first character must be a letter. The last character can't be a hyphen. The length of the name must be from 3 to 63 characters.

      3. Click Create folder.

    5. To get the folder ID, you can take it from the URL of the folder page in the management console:

      https://console.cloud.yandex.ru/folders/b5gfc3ntettogerelqed7p
      

      b5gfc3ntettogerelqed7p is the folder ID.

    6. Get an IAM token:

    7. In each API request to the service, pass:

      • The IAM token in the Authorization header in the Authorization: Bearer <IAM token> format.
      • The folder ID in the folderId parameter in the folderId=<folder id> format in the request body.