Request format

Requests are to be sent via HTTP 1.1 using SSL (HTTPS) to the following address:

https://money.yandex.ru/api/<method name>

Requests are authorized in accordance with The OAuth 2.0 Authorization Framework: Bearer Token Usage.

HTTP requests must have this header:

Authorization: Bearer <access_token>
Note. The token that is used must have the necessary permissions to execute the requested method with the specified set of parameters.

Security requirements:

  1. All network interactions are transmitted only via HTTPS.
  2. The application should verify the validity of the server's SSL certificate. If the SSL certificate did not pass verification, the session must be aborted immediately to prevent compromising the authorization data.
  3. Do not store the access token in unencrypted format, for example, as cookies.
  4. Never use the access token in request parameters (GET, POST etc).

Format for request parameters:

  • Key/value pairs, packed as HTTP 1.1 POST request parameters.
  • MIME type: application/x-www-form-urlencoded.
  • Encoding: UTF-8.

Request example:

POST /api/request-payment HTTP/1.1
Host: money.yandex.ru
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer 410012345678901.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123

param1=value1&param2=value2&param3=value3