Getting started

The Yandex Disk API is available at the address The connection must be made over the HTTPS protocol (port 443).

To access any user's data, the application must be authorized using Basic authentication or an OAuth access token.

Basic authentication

Applications can get access to users' Disks with usernames and passwords, following the Basic authentication mechanism of the HTTP protocol.

For Basic authentication, each of the application's requests to Yandex Disk must contain the Authorization header in the following format:

Authorization: Basic <access token>

Here, the access token is a string in the format <username>:<password> in Base64 encoding.

Authorizing applications using OAuth tokens

Applications can get access to users' Disks by using OAuth tokens. Each access token allows a specific application to access the data of a specific user.

To access Yandex services using the OAuth protocol, the developer must register the application on the service, in the Register new application section.

When registering an application that uses the Yandex Disk API, you should select the appropriate access rights:


After registration, the application can use any appropriate method to get OAuth tokens for accessing user data.

The access token that is obtained must be passed in the Authorization header for every call to the Yandex Disk API, indicating the token type before the token value. Example for this header:

Authorization: OAuth 0c4181a7c2cf4521964a72ff57a34a07

For information on obtaining and using OAuth access tokens, see the documentation for the Yandex OAuth service.