Authorization
During the interaction with YooMoney, JWT format tokens are used for identification. The token format is described in IETF RFC7519.
To issue the token, you need to call the
users/login
method by setting a “username-password” pair in the input.Address for sending the request
POST https://yoomoney.ru/api/offerwall/v1/users/login
Parameters
Parameter | Type | Description |
---|---|---|
login | string | Login. Required parameter |
password | string | Password. Required parameter |
Upon successful authorization, the method returns HTTP status 200 and the token value.
Parameter | Type | Description |
---|---|---|
accessToken | string | Token |
tokenType | string | Type of token. Fixed value: Bearer |
expiresIn | int | Token validity period in seconds |
Example of the response
{ "accessToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyIiwiZXhwIjoxNTc5NzkzNDQxfQ.FaX6mOhDAgVRZ5-L5p3fcH-BFnv7WuUm8hRzxPdJji7i2Lu2zANXS6nJOpbEV8Rbt1YjDh2f88swphUY5BAloA", "tokenType": "Bearer", "expiresIn": 3600 }
When calling any API method, you must set the value of the access token in the request headers.
Request header example
Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyIiwiZXhwIjoxNTc5NzkzNDQxfQ.FaX6mOhDAgVRZ5-L5p3fcH-BFnv7WuUm8hRzxPdJji7i2Lu2zANXS6nJOpbEV8Rbt1YjDh2f88swphUY5BAloA
Token’s validity period is limited. After the expiration, the token becomes invalid, and if you send it in a request, the response will return with the 401 Unauthorized status. In this case, you’ll need to request a new token.