Getting an OAuth token

To work with the Track & Trace API, you need an OAuth token. OAuth token requirements:

  • The token must be created for a user who's an administrator in the company.
  • The token mustn't be revoked. For more information, see Token lifetime.

To start working with the Track & Trace API, you must first get an OAuth token:

  1. If necessary, create a Yandex ID account. When registering, use a corporate or any other email address on Yandex Mail.

  2. Log in to Yandex with the account you will use to upload data.

  3. Open the Create app page in Oauth for Yandex ID. You can gain access to advanced features by signing in with your gosuslugi.ru account.

  4. Step 1: Create an app.

    1. Fill in the Service name field. You can enter any name. It will appear in your app list in OAuth for Yandex ID. You don't need to attach the service icon.
    2. In the Email address field, enter your email address.
  5. Step 2: App platforms.

    1. Select Web services.

    2. In the Redirect URI field, enter this URL: https://oauth.yandex.com/verification_code.

  6. Step 3: Data access permissions.

    1. In the Permission name field, enter courier:logistician.
    2. Select Logistics Coordinator role - Load courier and order information, export results.
    3. Click Continue.

  7. Step 4: Please make sure everything is correct. Click Everything is correct, create the app.

    This opens the application page. You'll need the app ID from the ClientID field to get an OAuth token.

  8. Get an OAuth token. To do this:

    1. Open the link. Paste the value obtained in Step 7 into the <ClientID-of-your-app> field.

      https://oauth.yandex.com/authorize?response_type=token&client_id=<ClientID-of-your-app>
      
    2. Make sure the service prompts you to log in under the correct username.

    3. Click Log in as .

    4. Copy the string that appears on the screen: this is your OAuth token.

    5. Make sure the token works. To do this, add it to the request header:

    curl -H "Authorization: OAuth <your-OAuth-token>" -X GET https://courier.yandex.ru/api/v1/test
    

    The response should be: {"message":"OK"}.

    For more information about OAuth, see OAuth implementation in Yandex.

Token lifetime

Token lifetime is not limited.

The token may become invalid if:

  • It has been revoked. If your token was revoked, you need to get a new one. For more information about why a token may be revoked, see Revoke a token.
  • The user changes the password to the account the token was issued to.
  • The user of the account the token was issued to clicks Log out of all Yandex services.

Troubleshooting

unauthorized_client error when receiving an OAuth token

The error occurs when receiving an OAuth token (Step 8.1) if there are restrictions for your account. In this case, contact support via the form. Support will check whether the restrictions can be removed and write back.

Note

Before filling out the form, make sure that you're logged in under the account for which there are restrictions. Otherwise, the form won't open.

Contact support