Using the OAuth token
Use the OAuth token you received for each request to the YooMoney API. Specify the OAuth token in the authorization header.
Interaction format
You can only those requests, for which you requested the rights when registering the app, to the YooMoney API.
Example of request to the YooMoney API with an OAuth token
cURL
PHP
Python
curl https://api.yookassa.ru/v3/payments \ -X POST \ -H 'Authorization: Bearer <oauth_token>' \ -H 'Idempotence-Key: <Idempotence Key>' \ -H 'Content-Type: application/json' \ -d '{ "amount": { "value": "100.00", "currency": "RUB" }, "capture": true, "confirmation": { "type": "redirect", "return_url": "https://www.example.com/return_url" }, "description": "Order No. 1" }'
Unsuccessful scenarios
There are two unsuccessful scenarios regarding the use of tokens: when something's wrong with the OAuth token or the rights for running the transaction.
If the OAuth token isn't specified, is invalid, expired, revoked , or if you've deleted the app the token was issued for, YooMoney will return the HTTP 401 code and the
invalid_credentials
error in response to the request.If the OAuth token is correct but you're trying to run a transaction for which you haven't requested rights, (for example, you'd like to return a payment but the token only allows creating payments), YooMoney will return the HTTP 403 code and the
forbidden
error. This situation can happen if you didn't select sufficient rights initially or if you received the token first and then edited the app settings.See also