• Get Started
• Home
• About Us
• Developer Network Blog
• YDN Theater
• Frequently Asked Questions
• Support Communities
• Got Suggestions?
• Developer Central
• Java Developer Center
• JavaScript Developer Center
• Flash Developer Center
• ColdFusion Developer Center
• .NET Developer Center
• PHP Developer Center
• Python Developer Center
• Ruby Developer Center
• Silverlight Developer Center
• Lessons and Libraries
• Applications Gallery
• Browser Based Authentication
• Design Patterns
• Exceptional Performance
• Security Best Practices
• YUI - Yahoo! User Interface
• Work With Us
• Get an Application ID
• Merchant Solutions
• Partnerships
• Search Marketing
• Usage Policy
• Terms of Use
• Contact Us
• Services
• Answers
• Local
• Mail
• Maps
• OpenID
• Search
• Shopping
• Travel
• Utilities
• Sites
• del.icio.us
• Fire Eagle™
• Flickr™
• Live
• MyBlogLog
• Pipes
• Upcoming
• Yahoo! Research Berkeley
• Feeds
• Finance
• HotJobs
• RSS Feeds
• Traffic
• Weather
• Developer Kits
• Media Player
• Messenger
• Mobile
• Music Engine Plugins
• r3
• Search Developer Kit
• Widgets

Initial Registration

Because BBAuth deals with the personal data of Yahoo! users, you must provide some extra information before you can acquire an application ID. The initial registration page is available at http://developer.yahoo.com/wsregapp/index.php. You must be a logged-in Yahoo! user to access this page. The page displays these fields, all of which are required:

• Yahoo! ID: Specifies your Yahoo! user ID. This field should be pre-populated. If the Yahoo! ID in the field belongs to someone else, log out of Yahoo!, log back in with your own Yahoo! user ID, and reload the registration page.

• Developer/company name: Specify your first and last name. If you are creating an application that belongs to a company or other organization, specify the organization's name instead.

• Product name: Specify the name of your application.

• URL: Specify the endpoint URL to your application. When a user logs into Yahoo! and grants your application permission to access their data, Yahoo! redirects the user to your application's endpoint URL with some extra GET parameters attached. One of these parameters is the token, which your application will use to retrieve the user's credentials. This means that you must design your endpoint URL to parse and store the token parameter for future use. For more information about the token and related parameters, refer to Logging in Your Users and Making Authenticated Service Calls.

• Contact email: Specify your contact email. This may be any working email address. Confirm your email address in the next field.

• Description of application: Provide a short description of what your application does. For example, "This application provides an alternate interface for uploading photos to photos.yahoo.com, optimized for mobile devices."

• Properties: Select the Yahoo! services to which your application needs access. Individual Yahoo! business units choose whether to expose authenticated services, and if so, which services to expose.

  You may select as many services as necessary to enable your application to function. Although these permissions are fixed at registration time, try to keep your application's permissions tightly scoped. Users can view these permissions when they log in, and if the permissions are too broad, they are more likely to deny your request for access.

Note: You cannot change any of these fields after you register your application. To access different properties or use a different endpoint URL, you must register a new application.

Domain Confirmation

After you submit your application information, Yahoo! needs to verify that you own the domain for your application. The page displays a randomly generated filename and a randomly generated string phrase. To perform the verification:

1. Create a file in your domain root using the specified file name. For example, if the file name is "ydntpoZbQ", and your domain name is yourdomain.com you should create the file at http://yourdomain.com/ydntopZbQ.

2. Copy the random phrase and paste the results in the file.

3. Click the Check Domain button. If Yahoo! verifies that the file is present, the page displays a result of "Pass" in green, and the Continue button becomes active.

   Once your application is registered, delete the file.

4. Click the Continue button. The page displays two long strings:

   • your application ID -- identifies the developer and the application; displayed unencrypted during use
   • your shared secret -- used to add an encrypted signature to web service calls; never displayed unencrypted

   Store these values in a place where you will not lose them; you need them to make authenticated web service calls. If you lose either one, you must register a new application.

Now that you have an application ID and a shared secret, you can build your application. The next step is to learn how to log in your users. When a user logs in, Yahoo! provides you with the user's token, which represents the user's permission to allow your application access to their data.

Support & Community

BBAuth and related topics are discussed on the ydn-auth mailing list.

Where to Go from Here

Logging In Your Users explains how to direct your users to a Yahoo! login page so that they return with a token. You can use this token to retrieve the user's credentials.