Starting from December 31, push API methods will be unavailable. From October 1, they may be unstable.
Authorization for Yandex.Market requests to the store
The store must be able to identify requests from the Market in order to distinguish them from unauthorized third-party requests. To authorize the Market, an authorization token is used, which is transmitted with each request via a URL parameter or an HTTP header (depending on the settings in the merchant's account on the Market).
Example:
-
in the URL parameters:
POST https://<host>/<path_to_market_api>/order/accept?auth-token=41FBAC4A763D480999DAEDAC09B36CBB200000016A894A28 -
in the HTTP header
Authorization:Authorization: 41FBAC4A763D480999DAEDAC09B36CBB200000016A894A28
The store must compare the transferred token with the token generated in the seller's account on the Market earlier. If an attempt is made to transfer an incorrect token or if it is missing, the store must return an error. 403 Forbidden.
Getting a token
You can generate an authorization token in your account by clicking on the name of your business in the lower—left corner on the page Configuring the API go to the tab Receiving requests from Yandex.Market.
There is no "Receiving requests from the Market" tab.
Write to the support service and select in the cabinet Communication → Support → Create an appeal → Working through the API.
Save the token immediately after generation
The token is displayed in the cabinet once — immediately after generation. If it gets lost, you will need to generate a new one.
Yandex.Market does not guarantee that requests will come from a specific IP address or set of IP addresses. Since the authorization token is passed in all requests from the Market, to simplify the descriptions of API methods, this parameter is not specified in the examples.