API access

To access the Yandex Tracker API, you can use one of these authorization methods:

Via OAuth 2.0. In this case, specify the header in your requests to the Tracker API:

Authorization: OAuth <OAuth_token>

For more information, see Getting access to the API via OAuth 2.0.
Using an IAM token. In this case, specify the header in your requests to the Tracker API:

Authorization: Bearer <IAM_token>

For more information, see Access the API with an IAM token.

For information about the header format, see Headers.

If you use a Python client to call the API, specify authorization details when initializing the client. For more information, see Python client.

Getting access to the API via OAuth 2.0

If you use a federated or service account, log in using an IAM token.

To access Yandex Tracker API, you need to obtain an OAuth token. This token grants the same permissions as the user account in Yandex Tracker. For example, if the user is not allowed to change queue settings, API requests to change queue settings will not be available using this token.

Use the obtained token in the Authorization header when making requests to Yandex Tracker API.

For information about basic OAuth concepts and the Yandex implementation of the protocol, see the OAuth for Yandex ID documentation.

Setting up token issuance for users

Suppose you want to integrate your app or system with Yandex Tracker. For example, you may need the system to create Yandex Tracker issues via the API on behalf of your organization's users. In this case, each user must be issued a token to access Yandex Tracker API.

To set up token issuance for users:

Follow the link https://oauth.yandex.com/client/new/ or register your app in the OAuth service. For instructions, see the Register your app section in Yandex ID Help.
Under Data access, add permissions to work with the Yandex Tracker API. To select a permission, start typing its name in the Access name field:
- Write in tracker (tracker:write) to allow any operations with data, such as creating, deleting, and editing.
- Read from tracker (tracker:read) to only allow data reads.
Select and configure a method for obtaining an OAuth token. For instructions, see the [Get an OAuth token]({{ link-OAuth-access }}) section in Yandex ID Help.

Obtaining a debug token

If you need access to the Yandex Tracker API for testing, debugging, or automation purposes, obtain a debug OAuth token:

Follow this link: https://oauth.yandex.com/client/new/.
Under Platforms, select Web services.
Hover over the Redirect URI field and click Enter URL for debugging in the tooltip. This will set the field value to https://oauth.yandex.com/verification_code.
Under Permissions, add the Write in tracker (tracker:write) and Read from tracker (tracker:read) permissions.
To get a debug token:
1. In your Yandex OAuth account, select the previously created application and copy its ID from the ClientID field.
2. Next, generate a link to request a token:
```
https://oauth.yandex.com/authorize?response_type=token&client_id=<application_ID>
```
1. Follow the link and copy the OAuth token. For more information, see Yandex ID Help.

To check if you have access to the API, request information about the current user. If no access permission is granted, you will get a response with the 401 Unauthorized code.

Sample curl request for retrieving information about the current user:

Unix

Windows

curl -X GET 'api.tracker.yandex.net/v3/myself' \
     -H 'Authorization: OAuth ABC-def12GH_******' \
     -H 'X-Cloud-Org-Id: abcd12******'

curl -X GET "api.tracker.yandex.net/v3/myself" ^
     -H "Authorization: OAuth ABC-def12GH_******" ^
     -H "X-Cloud-Org-Id: abcd12******"

Access the API with an IAM token

If you're using Tracker as part of a Yandex Cloud organization, you can authorize with the API using an IAM token.

An IAM token is a unique sequence of characters issued to a user after authentication. The user needs this token to authorize with the Yandex Tracker API and access resources. Read more about this authentication method in the documentation of the identification and access control service.

The IAM token is valid for no more than 12 hours and is limited by the cookie lifetime for the federation. When the token expires, the 401 Unauthorized error is returned.

Python client

When developing applications in Python, you can use the yandex_tracker_client package, a client that makes it easier to work with Tracker API.

To start using the client:

Download and install the latest Python version from https://www.python.org/downloads/.
From your OS command line, run:
```
pip install yandex_tracker_client
```
Get an OAuth token or IAM token for authorization.
Find out your organization ID.

To get the organization ID, go to Administration → Organizations and copy the value from the ID field.

Initialize the client in your program code:

In your Yandex 360 for Business organization

In your Yandex Cloud organization

from yandex_tracker_client import TrackerClient
client = TrackerClient(token='<OAuth_token>', org_id='<organization_ID>')

Here, <OAuth_token> is your OAuth token and <organization_ID> is your organization ID.

For authorization using an OAuth token:

from yandex_tracker_client import TrackerClient
client = TrackerClient(token='<OAuth_token>', cloud_org_id='<organization_ID>')

For authorization using an IAM token:

from yandex_tracker_client import TrackerClient
client = TrackerClient(iam_token='<IAM_token>', cloud_org_id='<organization_ID>')

Here, <OAuth_token> or <IAM_token> is your token and <organization_ID> is your organization ID.

In the client, use the same data format as in the Yandex Tracker API.

For more information about how the client works and its terms of use, see its page on GitHub: https://github.com/yandex/yandex_tracker_client.

Was the article helpful?

Overview

Common request format