Access and authorization
An application (program, script, or other type of app) sends an API request on behalf of a Yandex Direct user — a representative of an advertiser or advertising agency — and manages this user's data.
The app can access a user's data under the following conditions:
-
The app developer completed the application registration process, and the request for access was approved.
-
The user has a Yandex Direct account and represents a direct advertiser, an advertising agency, or a client of an advertising agency, who was granted access to the data by the agency.
Note
-
If the agency granted the client read-only access to the web interface, the client's representative can only get data when using the API, as well.
-
If the agency granted the client permission to edit campaigns, the client's representative can use either the web interface or the API for managing the client's campaigns.
-
-
The user has accepted the user agreement on the API page for the Yandex Direct service.
-
The user has allowed the app to make requests.
The app must request permission from the user to access data, get an access token, and specify the token in requests.
To get a token, the application must redirect the user to the access request page. The user logs in to Yandex (using their login for Yandex Direct) and clicks the Confirm button. Next, the Yandex server generates a token and sends it to the app.
Restricting access by IP address
API access may be restricted by IP address, for increased information security. The user can specify the allowed IP addresses on the API settings page under the Settings tab.