Authorization

To get started, do the following:

• Create an account in Pyrus. We recommend using bots to work with the API. Bots are technical accounts that can't use the web or mobile applications. You can find detailed instructions for creating bots in this article.
• Log in to the profile and copy the API access key — security_key. If the user does not have one yet, press the button Get new security key.
• Perform the authorization request auth. It returns access_token, which must be specified in every subsequent request.
• In Cloud Pyrus, the reply to the request for authorization auth contains an api_url and files_url — of the API address and file service that you need to use to work with Pyrus API with the received access_token.

{
   "login": "YOUR EMAIL",

   "security_key": "SECRET KEY",

   "person_id": 16900
}

POST /auth

https://accounts.pyrus.com/api/v4/auth

{
    "login": "bill.smith@somedomain.edu",
    "security_key": "czSHwEAthJKMshQ*****"
}

{
   "access_token": "gAAAAA15vmSeoj*****",
   "api_url": "https://api.pyrus.com/v4/",
   "files_url": "https://files.pyrus.com/"
}

curl -X POST \
  https://accounts.pyrus.com/api/v4/auth/ \
  -H 'Content-Type: application/json'
  -d '{
    "login": "<YOUR_LOGIN>",
    "security_key": "<YOUR_SECURITY_KEY>"
}'

Parameters

Using the token

The obtained token must be specified in the HTTP Authorization header for each API request:

Authorization: Bearer gAAAAA15vmSeoj*******

The token lifetime is limited, so your application must be able to reauthorize if the token has been revoked.

Revoking tokens

Access tokens can be revoked in the following cases:

• The token has expired.
• The maximum number of tokens per user has been exceeded. If the limit is reached, creating a new token automatically invalidates the oldest token.
• The user has changed security_key in his profile. In this case, all tokens issued with the obsolete security key will be revoked.
• The user has changed his password.
• The user's account has been blocked.