The Yandex Disk API is available at the address https://webdav.yandex.com. The connection must be made over the HTTPS protocol (port 443).
To access any user's data, the application must be authorized using Basic authentication or an OAuth access token.
Applications can get access to users' Disks with usernames and passwords, following the Basic authentication mechanism of the HTTP protocol.
For Basic authentication, each of the application's requests to Yandex Disk must contain the
Authorization header in the following format:
Authorization: Basic <access token>
Here, the access token is a string in the format
<username>:<password> in Base64 encoding.
Authorizing applications using OAuth tokens
Applications can get access to users' Disks by using OAuth tokens. Each access token allows a specific application to access the data of a specific user.
When registering an application that uses the Yandex Disk API, you should select the appropriate access rights:
After registration, the application can use any appropriate method to get OAuth tokens for accessing user data.
The access token that is obtained must be passed in the
Authorization header for every call to the Yandex Disk API, indicating the token type before the token value. Example for this header:
Authorization: OAuth 0c4181a7c2cf4521964a72ff57a34a07
For information on obtaining and using OAuth access tokens, see the documentation for the Yandex OAuth service.