Client Authorization

Interaction of the service requires client authorization. The client authorization is made via the OAuth 2.0 protocol.

To get a token, you should send a POST request (x-www-form-urlencoded) to URL:

Environment	URL
testing	https://api.edu.cdek.ru/v2/oauth/token?parameters
production	https://api.cdek.ru/v2/oauth/token?parameters

Valuable parameters and their possible values:

grant_type: type of authentication, available value: client_credentials;

client_id: client identifier, equal to Account;

client_secret: client's secret key, equal to Secure password.

In response to the access request, the following information will be returned:

access_token: jwt-token;

token_type: token type (always takes value "bearer");

expires_in: lifetime of the token (default value: 3,600 seconds);

scope: scope of the token (access to and operations with objects);

jti: unique identifier of the token.

Then, when the user refers to the service methods, the received token is transmitted in the request header in the following form:
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJvcmRlcjphbGw...

Sample Request:

KEY	VALUE
grant_type	client_credentials
client_id	wqGwiQx0gg8mLtiEKsUinjVSICCjtTEP
client_secret	RmAmgvSgSl1yirlz9QupbzOJVqhCxcP5

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJvcmRlcjphbGw...",
    "token_type": "bearer",
    "expires_in": 3599,
    "scope": "order:all payment:all",
    "jti": "9adca50a-..."
}