Client Authorization


 

Interaction of the service requires client authorization. The client authorization is made via the OAuth 2.0 protocol.

To get a token, you should send a POST request (x-www-form-urlencoded) to URL:

Environment

URL

testing

https://api.edu.cdek.ru/v2/oauth/token?parameters

production

https://api.cdek.ru/v2/oauth/token?parameters


Valuable parameters and their possible values:

grant_type: type of authentication, available value: client_credentials;

client_id: client identifier, equal to Account;

client_secret: client's secret key, equal to Secure password.


In response to the access request, the following information will be returned:

access_token: jwt-token;

token_type: token type (always takes value "bearer");

expires_in: lifetime of the token (default value: 3,600 seconds);

scope: scope of the token (access to and operations with objects);

jti: unique identifier of the token.

Then, when the user refers to the service methods, the received token is transmitted in the request header in the following form:
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJvcmRlcjphbGw...


Sample Request:

KEY

VALUE

grant_type

client_credentials

client_id

EMscd6r9JnFiQ3bLoyjJY6eM78JrJceI

client_secret

PjLZkKBHEiLK3YsjtNrt3TGNG0ahs3kG


{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJvcmRlcjphbGw...",
    "token_type": "bearer",
    "expires_in": 3599,
    "scope": "order:all payment:all",
    "jti": "9adca50a-..."
}


 

© 2000—2022, Курьерская компания СДЭК