OAuth at Yandex

The OAuth 2.0 protocol allows applications to work with Yandex services on behalf of the user. Access to each app is explicitly restricted by the rights set at the registration. For the basic principles of OAuth, as well as the protocol features in Yandex, see OAuth implementation in Yandex.

OAuth authorization is supported by Yandex.Disk, Yandex.Webmaster, Yandex.Metrica, and other services.

How do I use OAuth?

To start using the protocol, you need to:

Register your app in Yandex.OAuth.
Receive the token in one of two ways:
- Extract the token from the URL hash (the part of the URL after the # character).
  
  This method is described in the instructions for mobile, desktop, and web apps.
- Request a token in exchange for a confirmation code. You can use a confirmation code to work with applications that aren't adapted to the URL:
  - If it's important to receive the token in the response body and not in the URL, request a code that can be exchanged for a token.
  - If it's difficult to access the redirect URL in the app, request the code output for the user in Yandex.OAuth.
  - If it's difficult to enter a code on the device, you can ask the user to enter the code in Yandex.OAuth.

You can test OAuth applications using debug tokens.