Response format
The service response is a JSON document in UTF‑8, see The application/json Media Type for JavaScript Object Notation (JSON) and official JSON site. The contents depend on the request results.
Successful response example
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 51
Expires: Thu, 01 Dec 2019 16:00:00 GMT
Cache-Control: no-cache

The response has HTTP headers to forbid proxy servers and local browsers to cache the content.
If authorization fails, the server responds with a 4xx HTTP code. Possible reasons for rejection:
  • The request cannot be parsed;
  • The request does not include the HTTP Authorization header;
  • The Authorization header specifies a nonexistent, invalid or expired token;
  • The token does not have permissions for the requested operation.
The response contains the WWW-Authenticate header (in accordance with The OAuth 2.0 Authorization Framework: Bearer Token Usage).
When authorization of the request is denied, the following fields are present in the response:
errorCode of the reason for authorization refusal.
error_descriptionAdditional text description of the reason for refusal.
Codes for reasons for authorization refusal:
HTTP response codeValue of the error fieldDescription
400invalid_requestHTTP request does not conform to protocol format. Unable to parse HTTP request, or the Authorization header is missing or has an invalid value.
401invalid_tokenNonexistent, expired, or revoked token specified.
403insufficient_scopeThe token does not have permissions for the requested operation.
Response example for missing header
HTTP/1.1 400 Bad Request
WWW-Authenticate: Bearer error="invalid_request"
Response example for expired token
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer error="invalid_token", error_description="The access token has expired"
Response example for token without required permissions
HTTP/1.1 403 Forbidden
WWW-Authenticate: Bearer error="insufficient_scope", error_description="Payment forbidden by application authorization parameters"
If a technical error occurs, the server responds with the HTTP code 500 Internal Server Error. The application should repeat the request with the same parameters later.
See also
Request format Access token scope Data types