To get started, do the following:

  1. Create an account in Pyrus. We recommend using bots to work with the API. Bots are technical accounts that can't use the web or mobile applications. You can find detailed instructions for creating bots in this article.
  2. Log in to the profile and copy the API access key — security_key. If the user does not have one yet, press the button Get new security key.
  3. Perform the authorization request auth. It returns access_token, which must be specified in every subsequent request.

If you use your account for testing and development purposes, you can create an API access key in your profile.

POST /auth


    "login": "bill.smith@somedomain.edu",
    "security_key": "czSHwEAthJKMshQ*****"
Show response

    "access_token": "gAAAAA15vmSeoj*****"


curl -X POST \
  https://api.pyrus.com/v4/auth/ \
  -H 'Content-Type: application/json'
  -d '{
    "login": "<YOUR_LOGIN>",
    "security_key": "<YOUR_SECURITY_KEY>"


login Bot's login
security_key Security Key, obtained on step 2

Using the token

The obtained token must be specified in the HTTP Authorization header for each API request:

Authorization: Bearer gAAAAA15vmSeoj*******

The token lifetime is limited, so your application must be able to reauthorize if the token has been revoked.

Revoking tokens

Access tokens can be revoked in the following cases:

  • The token has expired.
  • The maximum number of tokens per user has been exceeded. If the limit is reached, creating a new token automatically invalidates the oldest token.
  • The user has changed security_key in his profile. In this case, all tokens issued with the obsolete security key will be revoked.
  • The user has changed his password.
  • The user's account has been blocked.

Was this article helpful?

Yes, thanks! No, I have a question