Authorization in the API

    API requests can be made by users with a registered Yandex.Passport account.

    To use the API:

    1. Sign up for Yandex.Cloud.

      To learn more, see the section Getting started in the documentation on Billing.

    2. Determine the required roles for the user on whose behalf API requests will be made. Select one of the options:

      • The resource-manager.cloud.owner role for the cloud.
      • A pair of roles: resource-manager.cloud.member for the cloud and admin for the cloud or folder.
      • A pair of roles: resource-manager.cloud.member for the cloud and editor for the cloud or folder.
    3. Assign roles:

      1. In the management console, click and go to Access management.

      2. Select the tab Users and roles.

      3. In the line with the appropriate user name, click Configure roles.

      4. To add a role in a cloud, click Assign role in the Roles for the cloud section.

        To add a role for a folder, select the folder and click Assign role in the Roles for folders section.

      5. Select the desired role from the list. For more information about roles, see Roles in the documentation on the service Yandex Identity and Access Management.

    4. If you already have a folder in Yandex.Cloud, open the page of that folder in the management console.

      Note

      If you have assigned the admin or editor role for a specific folder to the user who will make API requests, select that folder at this step.

      If there is no folder yet, create one:

      1. In the management console, click Create folder.

      2. Enter the folder name.

        The name may contain lowercase Latin letters, numbers, and hyphens. The first character must be a letter. The last character can't be a hyphen. The name length must be from 3 to 63 characters.

      3. Click Create folder.

    5. Find the folder ID in the URL of the folder page in the management console.

    6. Get an IAM token .

    7. In each API request to the service, pass:

      • IAM token in the Authorization header in the Authorization: Bearer <IAM-token> format.
      • Folder ID in the folderId parameter in the folderId=<folder id> format in the request body.