Accessing the API

A successful API call requires:

  • Correct Accept and Content-Type headers: the Yandex.Disk API only supports the application/json MIME type. Any other value will cause a data format error.

  • A URL formed to meet the requirements of the request.

  • The OAuth token issued to your application for accessing a specific user's data on Yandex.Disk. For requests that do not require authorization, this is specified explicitly.

General rules for forming a URL

Rules common to all resources:

  • The host for all Yandex.Disk API requests is When uploading or downloading a file, you need to access the file download service and the Yandex.Disk storage separately.

  • Each request must include the version of the Yandex.Disk API. For example, version 1 is denoted as follows:

  • The Yandex.Disk root directory can be set directly or indirectly: the paths disk:/foo and /foo point to the same folder.

Getting OAuth tokens

Yandex.Disk uses OAuth tokens to authorize applications. Each access token allows a specific application to access the data of a specific user.

In order to use the OAuth protocol with Yandex.Disk, you need to register your application. When registering an application that uses Yandex.Disk, select the appropriate access rights (in addition to accessing users' files, you can use the application folder):

After registration, the application will be able to get OAuth tokens for accessing user data on Yandex.Disk.

The access token that is obtained must be passed in the Authorization header for every call to the Yandex.Disk API, indicating the token type before the token value. Example for this header:

Authorization: OAuth 0c4181a7c2cf4521964a72ff57a34a07