Request format
Requests are to be sent via HTTP 1.1 using SSL (HTTPS) to the following address:
https://yoomoney.ru/api/<method_name>
Requests are authorized in accordance with The OAuth 2.0 Authorization Framework: Bearer Token Usage.
HTTP requests must have this header:
Authorization: Bearer <access_token>

The token that is used must have the necessary permissions to execute the requested method with the specified set of parameters.

Security requirements:
  1. All network interactions are transmitted only via HTTPS.
  2. The TLS version is 1.2 or later.
  3. The application should verify the validity of the server’s SSL certificate. If the SSL certificate did not pass verification, the session must be aborted immediately to prevent compromising the authorization data.
  4. Do not store the access token in unencrypted format, for example, as cookies.
  5. Never use the access token in request parameters (GET, POST etc).
Format for request parameters:
  • Key/value pairs, packed as HTTP 1.1 POST request parameters;
  • MIME type: application/x-www-form-urlencoded;
  • Encoding: UTF‑8.
Request example
POST /api/request-payment HTTP/1.1
Host: yoomoney.ru
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer 410012345678901.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123

param1=value1&param2=value2&param3=value3
See also
Response format Access token scope Data types