Debug token

Applications that use OAuth can be tested using debug tokens. To get them, open Yandex.OAuth in the browser with the required parameters. Debug tokens, like all others, can always be revoked.

To get a token manually:

  1. When registering or editing an app, click the Substitute URL for development link in the Platforms → Web services → Callback URI field.
  2. Log in to Yandex with the user account the app should request access to.
  3. Click the following link:
    https://oauth.yandex.com/authorize?response_type=token&client_id=<app ID>

    The ID is available in the application properties (click the app name to open its properties).

  4. If you didn't allow access to this application or the lifetime of the issued token expired, you'll be redirected to confirm access. Click Allow to confirm the issuing of the token.

Yandex.OAuth redirects you to the token page, adding the token data after the # character:

https://oauth.yandex.ru/verification_code#
   access_token=<new OAuth token>
 & expires_in=<token lifetime in seconds>
Parameter Description
access_token

An OAuth token with the requested rights or with the rights specified when registering the app.
expires_in

Token lifetime in seconds.
Parameter Description
access_token

An OAuth token with the requested rights or with the rights specified when registering the app.
expires_in

Token lifetime in seconds.

If the token couldn't be issued, the OAuth server adds an error code to the URL:

https://oauth.yandex.ru/verification_code#
  error=<error code>

Error codes:

  • access_denied: The user denied access to the app.
  • unauthorized_client: The app was rejected during moderation or is awaiting moderation. Also returned if the app is blocked.