Getting an IAM token for a Yandex account
Note
The IAM token lifetime does not exceed 12 hours; however, we recommend requesting it more often, such as once per hour.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
Get an IAM token:
yc iam create-token
Alert
If you are the owner of the cloud and you use your own account to access the API, remember that the owner of the cloud can perform any operations with cloud resources.
We recommend using a service account to work with the API. This way, you can assign only the roles that are necessary.
-
Log in to your Yandex account.
-
Get an OAuth token from Yandex.OAuth. To do this, follow this link, click Allow, and copy the OAuth token you got.
-
Exchange the OAuth token for an IAM token:
-
Using curl in Bash:
curl \ --request POST \ --data '{"yandexPassportOauthToken":"<OAuth_token>"}' \ https://iam.api.cloud.yandex.net/iam/v1/tokens -
Using the built-in PowerShell function:
$yandexPassportOauthToken = "<OAuth_token>" $Body = @{ yandexPassportOauthToken = "$yandexPassportOauthToken" } | ConvertTo-Json -Compress Invoke-RestMethod -Method 'POST' -Uri 'https://iam.api.cloud.yandex.net/iam/v1/tokens' -Body $Body -ContentType 'Application/json' | Select-Object -ExpandProperty iamToken
-
Specify the received IAM token when accessing Yandex Cloud resources via the API. Provide the IAM token in the Authorization header in the following format:
Authorization: Bearer <IAM_token>
Examples
Using an IAM token obtained via the CLI
Save the IAM token to a variable in the CLI and use it in other requests from the command line. Sample request to get cloud list:
export IAM_TOKEN=`yc iam create-token`
curl \
--request GET \
--header "Authorization: Bearer ${IAM_TOKEN}" \
https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds
$IAM_TOKEN=yc iam create-token
curl.exe \
--request GET \
--header "Authorization: Bearer $IAM_TOKEN" `
https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds