Shared mailboxes
A shared mailbox is a mailbox that has no specific owner and is used by multiple employees, for example, from one department.
Limitation
To create shared mailboxes, your organization needs to be connected to a domain. How connect a domain
Preparing to work with shared mailboxes via the API
All operations with shared mailboxes are currently available via the API only.
-
To work with the API, you'll need an OAuth token, which you can get after creating an application in the Yandex OAuth service.
- If you don't have an OAuth application yet, follow the instructions on the Access to API page to create one and obtain a token. When creating an application, select the permissions
ya360_admin:mail_read_shared_mailbox_inventory
andya360_admin:mail_write_shared_mailbox_inventory
. - If you already have an OAuth application for working with the Yandex 360 for Business API, add permissions to view and edit mailbox access settings to it and then get a new OAuth token following this instruction.
- If you don't have an OAuth application yet, follow the instructions on the Access to API page to create one and obtain a token. When creating an application, select the permissions
-
Gather data needed for API requests.
-
Find the organization ID: go to admin.yandex.ru and select General settings → Company profile. You can see the ID below the organization name.
-
Find the ID of the employee who needs access. To do this:
-
Select Users → Employees.
-
Find the line with the employee you need and click their name.
-
Right-click the employee's username and copy the link address.
-
Insert the address into any text editor. The ID is the part of the address after
uid=
. For example, in the addresshttps://staff.yandex.ru/bb?org_id=5487632&uid=2260000054273165
the ID is
2260000054273165
.Is it possible to find employee IDs using the API?
Sure. There's a request that returns the list of IDs. View documentation.
-
-
Create a mailbox
-
Prepare a file named parameters.json that will contain the data for the request. You can do it in any text editor. In the file, specify the parameters of the shared mailbox in the following format:
{ "email": "{ADDRESS}", "name": "{NAME}", "description": "{DESCRIPTION}" }
where
{ADDRESS}
is the email address of the shared mailbox.
{NAME}
is the name of the shared mailbox.
{DESCRIPTION}
is a brief description of the shared mailbox. -
Form and send a request to create a shared mailbox:
-
HTTP method:
PUT
-
Request URL:
https://api360.yandex.net/admin/v1/org/{ORGANIZATION}/mailboxes/shared
where
{ORGANIZATION}
is the ID of the organization you got at Step 2.1 of the "Preparing to work with shared mailboxes" instruction.Example
https://api360.yandex.net/admin/v1/org/1234567/mailboxes/shared
-
Headers:
Authorization: OAuth {OAUTH TOKEN} Content-Type: application/json
where
{OAUTH-TOKEN}
is the OAuth token you got at Step 1 of the "Preparing to work with shared mailboxes" instruction. -
Request body is in the parameters.json file you created at Step 1 of this instruction.
If you use Windows, you can submit a request to allow mailbox delegation using a
curl
command formatted as follows:curl -X PUT -H "Authorization: OAuth {OAUTH-ТОКЕН}" -H "Content-Type: application/json" -d "@parameters.json" https://api360.yandex.net/admin/v1/org/{ORGANIZATION}/mailboxes/shared
where
{OAUTH-TOKEN}
is the OAuth token you got at Step 1 of the "Preparing to work with shared mailboxes" instruction.
parameters.json
is the file with the request body created at Step 1 of this instruction.
{ORGANIZATION}
is the ID of the organization you got at Step 2.1 of the "Preparing to work with shared mailboxes" instruction.I don't understand how to do this
-
Prepare the command: copy and paste the sample code above into any text editor, replacing the values with your token and IDs.
-
Open the folder containing the parameters.json file.
-
Click on empty space in the address bar.
-
Type
cmd
there and press Enter. -
The "Command line" window will open. Insert the command you've prepared and press Enter.
-
-
Analyze the response: if the request is successful, you'll get the
200 OK
status code with the ID of the created shared mailbox. Save this ID.
Grant access
Group operations for access provisioning are not yet supported. With one request, you can provide, modify, or restrict access rights only for one employee and only to one mailbox. But you can submit multiple such requests at a time.
-
Prepare a file named roles.json that will contain the data for the request. You can do it in any text editor. In the file, specify the roles of the employee to whom you're granting access to the mailbox. For the description of roles, see Roles and access rights.
Sample roles.json file:
{ "roles": [ "shared_mailbox_imap_admin", "shared_mailbox_half_sender" ] }
The list should include either the
shared_mailbox_sender
role or theshared_mailbox_owner
role, as they're responsible for read access. -
Send a request to the API to provide employees with access to the shared mailbox:
-
HTTP method:
POST
-
Request URL:
https://api360.yandex.net/admin/v1/org/{ORGANIZATION}/mailboxes/set/{MAILBOX}?actorId={EMPLOYEE WITH ACCESS}¬ify={NOTIFICATION DELIVERY PARAMETER}
where
{ORGANIZATION}
is the ID of the organization you got at Step 2.1 of the "Preparing to work with shared mailboxes" instruction.
{MAILBOX}
is the shared mailbox ID you got when following the Create a mailbox instruction.
{EMPLOYEE WITH ACCESS}
is the ID of the employee who needs to be granted access to the mailbox. You got it at Step 2.2 of the "Preparing to work with shared mailboxes" instruction.
{NOTIFICATION DELIVERY PARAMETER}
is the parameter that determines who needs to receive a notification email about changes in mailbox access rights. Possible values:all
,delegates
,none
. For the descriptions of the parameter values, see Notifications.Example
https://api360.yandex.net/admin/v1/org/1234567/mailboxes/mailboxes/set/2260000054273165?actorId=3340000075421587¬ify=all
-
Headers:
Authorization: OAuth {OAUTH TOKEN} Content-Type: application/json
where
{OAUTH-TOKEN}
is the OAuth token you got at Step 1 of the "Preparing to work with shared mailboxes" instruction. -
Request body is in the roles.json file you created at Step 1 of this instruction.
If you use Windows, you can submit a request to allow mailbox delegation using a
curl
command formatted as follows:curl -X POST -H "Authorization: OAuth {OAUTH TOKEN}" -H "Content-Type: application/json" -d "@roles.json" https://api360.yandex.net/admin/v1/org/{ORGANIZATION}/mailboxes/set/{MAILBOX}?actorId={EMPLOYEE WITH ACCESS}¬ify={NOTIFICATION DELIVERY PARAMETER}
where
{OAUTH-TOKEN}
is the OAuth token you got at Step 1 of the "Preparing to work with shared mailboxes" instruction.
roles.json
is the file with the request body created at Step 1 of this instruction.
{ORGANIZATION}
is the ID of the organization you got at Step 2.1 of the "Preparing to work with shared mailboxes" instruction.
{MAILBOX}
is the shared mailbox ID you got when following the instructions under Create a mailbox.
{EMPLOYEE WITH ACCESS}
is the ID of the employee who needs to be granted access to the mailbox. You got it at Step 2.2 of the "Preparing to work with shared mailboxes" instruction.
{NOTIFICATION DELIVERY PARAMETER}
is the parameter that determines who needs to receive a notification email about changes in mailbox access rights. Possible values:all
,delegates
,none
. For the descriptions of the parameter values, see Notifications. -
-
Analyze the response you get: if the request is successful, you'll get the
200 OK
status code with the ID of the task for changing permissions. Save the ID you obtained. -
To check that access has been granted, send another request with task ID pasted into it:
curl -X GET -H "Authorization: OAuth {OAUTH TOKEN}" https://api360.yandex.net/admin/v1/org/{ORGANIZATION}/mailboxes/tasks/{TASK ID}
In response, you'll get the status of the task for changing permissions. The permissions are successfully changed if the response contains the value
complete
.
Disable access
To disable access to the mailbox for a specific employee, follow the instruction for granting access and specify an empty list in the roles.json file that lists available roles:
{
"roles": []
}
Delete a mailbox
To delete a shared mailbox, use a DELETE request:
curl -X DELETE -H "Authorization: OAuth {OAUTH TOKEN}" https://api360.yandex.net/admin/v1/org/{ORGANIZATION}/mailboxes/shared/{MAILBOX}
API documentation
For a complete description of all access control methods, see the documentation.
An API is a special mechanism for managing Yandex 360 services, designed primarily for process automation. There are two ways to work with the API: create a special application (which can be done by a developer) or use the computer's command line. You can find the developer documentation here.
Special code allowing access to data on behalf of a specific user.
An API request to create a new resource on the server. It's used to send data to the server to create a new item or perform an action.
An API request to delete an existing resource on the server. It's used to delete a resource by its ID or another unique identifier.