Help Center


To get started, do the following:

  • Create an account in Pyrus. We recommend using bots to work with the API. Bots are technical accounts that can't use the web or mobile applications. You can find detailed instructions for creating bots in this article.
  • Log in to the profile and copy the API access key — security_key. If the user does not have one yet, press the button Get new security key.
  • Perform the authorization request auth. It returns access_token, which must be specified in every subsequent request.
  • In Cloud Pyrus, the reply to the request for authorization auth contains an api_url and files_url — of the API address and file service that you need to use to work with Pyrus API with the received access_token.

Pyrus Tip: if you use your account for testing and development purposes, you can create an API access key in your profile.

Pyrus Tip: if you have more than one account registered to the same email, then to receive a token you need to add the person_id parameter, where person_id is equal to the employee ID.

   "login": "YOUR EMAIL",

   "security_key": "SECRET KEY",

   "person_id": 16900

POST /auth

Request body

    "login": "",
    "security_key": "czSHwEAthJKMshQ*****"

Response body

   "access_token": "gAAAAA15vmSeoj*****",
   "api_url": "",
   "files_url": ""


curl -X POST \ \
  -H 'Content-Type: application/json'
  -d '{
    "login": "<YOUR_LOGIN>",
    "security_key": "<YOUR_SECURITY_KEY>"


loginBot's login
security_keySecurity Key, obtained on step 2

Using the token

The obtained token must be specified in the HTTP Authorization header for each API request:

Authorization: Bearer gAAAAA15vmSeoj*******

The token lifetime is limited, so your application must be able to reauthorize if the token has been revoked.

Revoking tokens

Access tokens can be revoked in the following cases:

  • The token has expired.
  • The maximum number of tokens per user has been exceeded. If the limit is reached, creating a new token automatically invalidates the oldest token.
  • The user has changed security_key in his profile. In this case, all tokens issued with the obsolete security key will be revoked.
  • The user has changed his password.
  • The user's account has been blocked.

Was this article helpful?