Get a token

PHP 5 using the file_get_contents function

  1. Callback URL
  2. Procedure
  3. Script code

This example shows getting an OAuth token in the web service. Recommendations for other types of applications (desktop or mobile) are given in the Yandex OAuth documentation.

Callback URL

When registering or editing application parameters on the Yandex OAuth service, you must set the Callback URL to the URL of the script that is receiving the token. For example:

 https://site.ru/get_token.php

The code of the script is provided below.

Procedure

The token request requires specifying the application ID and password that were generated during registration on the Yandex OAuth service.

  1. The application takes the user to the access request page using a link in the format
    https://oauth.yandex.com/authorize?response_type=code&client_id=APPLICATION_ID

    On the page that opens, the user clicks Allow.

  2. Yandex OAuth performs a redirect to the address from Callback URL. In addition, the code parameter is appended to the address. For example:
     http://site.ru/get_token.php?code=AUTHORIZATION_CODE
  3. The script sends a POST request to https://oauth.yandex.com/token, passing the following parameters:
    • grant_type = authorization_code

    • code = AUTHORIZATION_CODE

    • client_id = APPLICATION_ID

    • client_secret = APPLICATION_PASSWORD

  4. Yandex OAuth sends a response in JSON format. The access_token key contains the OAuth token. For example:
    {"access_token": "0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f"}

    The received token must be saved and used in requests to the Yandex Direct API.

Script code

To use this example, specify the application ID and password.

<?php
// Application ID
$client_id = 'APPLICATION_ID'; 
// Application password
$client_secret = 'APPLICATION_PASSWORD';

// If the script was called with the "code" parameter in the URL,
// it executes a request to get a token
if (isset($_GET['code']))
  {
    // Forming the parameters (body) of the POST request with the authorization code
    $query = array(
      'grant_type' => 'authorization_code',
      'code' => $_GET['code'],
      'client_id' => $client_id,
      'client_secret' => $client_secret
    );
    $query = http_build_query($query);

    // Forming the header for the POST request
    $header = "Content-type: application/x-www-form-urlencoded";

    // Executing the POST request and outputting the result
    $opts = array('http' =>
      array(
      'method'  => 'POST',
      'header'  => $header,
      'content' => $query
      ) 
    );
    $context = stream_context_create($opts);
    $result = file_get_contents('https://oauth.yandex.ru/token', false, $context);
    $result = json_decode($result);

    // Save the token to use in requests to the Yandex Direct API
    echo $result->access_token;
  }
// If the script was called without the "code" parameter,
// the user is redirected to the access request page
  else 
    {
      echo '<a href="https://oauth.yandex.ru/authorize?response_type=code&client_id='.$client_id.'">Access request page</a>';
    }
?>