Discuss with expertTry it for free
© 2026 Direct Cursus Technology L.L.C.
Written by
Updated at June 4, 2026

Note

These methods of getting an IAM token are intended for requests by a Yandex user account and are not recommended for automated solutions. If you want to automate your work with the Yandex Cloud API and get IAM tokens in software, see Getting an IAM token for a service account.

Getting an IAM token for a Yandex account

You can get an IAM token for your Yandex account using the CLI. You need to install the YC CLI to do it.

Note

The IAM token lifetime does not exceed 12 hours; however, we recommend requesting a token more often, e.g., every hour.

Getting an IAM token using the YC CLI

If you do not have the Yandex Cloud CLI yet, install and initialize it.

  1. Authenticate in the CLI as a user.

  2. Get an IAM token:

    yc iam create-token

    Result:

    t1.9euelZrLop7Uz8up********

    The value you get is an IAM token. You can copy it, save it to a file, or write it into a variable:

    export IAM_TOKEN=`<IAM_token>`

Specify the received IAM token when accessing Yandex Cloud resources via the API. Provide the IAM token in the Authorization header in the following format:

Authorization: Bearer <IAM_token>

If you have saved your IAM token to a variable, use the latter:

Authorization: Bearer ${IAM_TOKEN}

Example of using an IAM token obtained through the CLI

Sending a request to get a list of clouds using an IAM token:

  1. Get an IAM token and write it to the variable:

    export IAM_TOKEN=`yc iam create-token`

  2. Send a request to get a list of clouds:

    curl \
  --request GET \
  --header "Authorization: Bearer ${IAM_TOKEN}" \
  https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds

  3. Result:

    {
"clouds": [
  {
  "id": "b1gia87mbaom********",
  "createdAt": "2019-08-19T06:15:54Z",
  "name": "my-cloud-1",
  "organizationId": "my-organization"
  },
  {
  "id": "b1gue7m154kt********",
  "createdAt": "2022-08-29T13:27:03Z",
  "name": "my-cloud-2",
  "organizationId": "my-organization"
  }
]
}

  1. Get an IAM token and write it to the variable:

    $IAM_TOKEN=yc iam create-token

  2. Send a request to get a list of clouds:

    curl.exe ` 
  --request GET ` 
  --header "Authorization: Bearer $IAM_TOKEN" ` 
  https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds

  3. Result:

    {
"clouds": [
  {
  "id": "b1gia87mbaom********",
  "createdAt": "2019-08-19T06:15:54Z",
  "name": "my-cloud-1",
  "organizationId": "my-organization"
  },
  {
  "id": "b1gue7m154kt********",
  "createdAt": "2022-08-29T13:27:03Z",
  "name": "my-cloud-2",
  "organizationId": "my-organization"
  }
]
}

See also

Previous
Revoking a role
Next
Getting an IAM token for a service account