Back to OAuth General Discussion YDN SDKs Forum
0

Delicious OAuth Api

I just created a new yahoo consumer key and I noticed that delicious read/write is available as an application scope. However, it doesn't look like the current delicious api is oauth enabled (http://delicious.com/help/api). Is there some super secret api docs I'm missing?

Thanks,

Josh

by
Report Abuse
26 Replies
  • According to this:

    http://blog.delicious.com/blog/2009/10/del...ut-you-too.html

    QUOTE
    For accounts created with a yahoo ID, you can use pretty much the same api’s except:
    1) You need to use OAuth, as per http://developer.yahoo.com/oauth/, with Delicious as a scope
    2) use /v2 as the path rather than /v1
    3) You can use http rather than https


    So I've got the OAuth procedure down and I've both registered my app with YDN and had the app receive a valid access token.

    I think try to access https://api.del.icio.us/v2/posts/get using this access token but get back zero-length data in my HTTP client.

    Am I doing something wrong?
    Report Abuse
    0
  • QUOTE (Pukka @ Oct 21 2009, 04:34 PM) <{POST_SNAPBACK}>
    Am I doing something wrong?


    A bit more info on the above...

    I have a working test app using a key and secret associated with a project that has read access to the Social Profiles. I run it and am able to successfully call a method on that (/user/{guid}/profile).

    I then swap to a key and secret associated with a project that has read/write access to Delicious. I run it with the URL http://api.del.icio.us/v2/posts/get and receive back a "Please provide valid credentials. OAuth oauth_problem="token_rejected", realm="yahooapis.com" message in XML.
    Report Abuse
    0
  • It's totally messed up. Really shame.
    Report Abuse
    0
  • QUOTE (Josh @ Oct 21 2009, 08:56 AM) <{POST_SNAPBACK}>
    I just created a new yahoo consumer key and I noticed that delicious read/write is available as an application scope. However, it doesn't look like the current delicious api is oauth enabled (http://delicious.com/help/api). Is there some super secret api docs I'm missing?

    Thanks,

    Josh


    Apologies. Our help docs didn't get updated. Will get that resolved.
    API access to accounts that have been created using a Yahoo! ID is via OAuth using the existing API's as you do now, except that you should use a /v2 path rather than /v1.

    Chris
    Report Abuse
    0
  • So I signed up for an api key and now I have an app id etc as mentioned by Pukka

    but this can't be used with either of these:
    http://nashruddin.com/php5-class-to-access...ervice-api.html
    http://www.phpdelicious.com/

    perhaps the way fourth is yql

    something that should be simple is feeling rather complex (and made so by lack of upto date docs)
    Report Abuse
    0
  • So… no news and updates on this topic for seven days. It's really nice to know where we developers are rated since everything got a yahoo label. It's just fantastic to be forced to read blog comments to find (non-official documented) solutions.

    Sorry for sounding a little bit harsh, but the silence inside the "Developer tree house" is just making me sad. I'm really thinking about stopping my delicious based product… maybe others will do the same so that you start to care a little bit more…
    Report Abuse
    0
  • Dear Yahoo/Delicious staff

    Why oh why have you made this process so so hard. I have a PhD in Computer Science from a prestigious university and I'm having a tough time understanding this palaver. I've been asked by my employer to intergrate a simple web service to Delicious, a process that requires some simple scripts to be created. This is turning to be a nightmare with your new oauth login process. Pls pls , try to simplify. You will turn new users away. The hurdle to learn this process is so high, and this will turn new users away unless their product/service will give even a higher return.
    Report Abuse
    0
  • Another wrinkle is that, it seems, the /v2 API, i.e. https://api.del.icio.us/v2/posts/update, does not work for "old school" accounts.

    So, since I don't know whether a user's account is "Yahoo" or "old school", I'm going to have to try v2 with OAuth, and if that doesn't work, try v1, and if that doesn't work, tell the user that their credentials are incorrect.

    Seems like a mess. Is there a better way to do this?
    Report Abuse
    0
  • Sorry for the replies to multiple questions in one post:

    The user should be able to provide you with the type of account they have at whatever point they access your app, allowing you to choose which API method to use.
    I agree, OAuth is more complicated than just using a username/password, but it's much more secure. Previously, giving out your Delicious username and password to someone only gave them access to your Delicious content. Now, with Yahoo! ID integration, they would have access to your email, IM, stock portfolios and much more which is clearly not acceptable to the vast majority of users.

    Apologies to all for the lack of documentation on this process. We dropped the ball here, and that's something we plan to resolve soon with some step-by-step examples of the OAuth flow. In the meantime, YDN provides code to work with OAuth at http://developer.yahoo.com/social/sdk/, which should hopefully make accessing Delicious easier.
    Report Abuse
    0
  • Any update on this? I am continually getting "signature_invalid" errors .. I've successfully been able to get an access token, but haven't been able to access any delicious api endpoints.

    Basically any sample code or at least a peek at what sorts of headers the delicious API is expecting would be very very helpful. My users have been unable to add delicious for several weeks on this!

    V

    QUOTE (Chris D @ Nov 11 2009, 09:09 AM) <{POST_SNAPBACK}>
    Sorry for the replies to multiple questions in one post:

    The user should be able to provide you with the type of account they have at whatever point they access your app, allowing you to choose which API method to use.
    I agree, OAuth is more complicated than just using a username/password, but it's much more secure. Previously, giving out your Delicious username and password to someone only gave them access to your Delicious content. Now, with Yahoo! ID integration, they would have access to your email, IM, stock portfolios and much more which is clearly not acceptable to the vast majority of users.

    Apologies to all for the lack of documentation on this process. We dropped the ball here, and that's something we plan to resolve soon with some step-by-step examples of the OAuth flow. In the meantime, YDN provides code to work with OAuth at http://developer.yahoo.com/social/sdk/, which should hopefully make accessing Delicious easier.
    Report Abuse
    0
  • Has anyone actually gotten this working yet?

    Even the "sample" PHP code from http://developer.yahoo.com/social/sdk/php/ doesn't work for me. It never directs me to a Yahoo page to login, just fails.

    If anyone has it working I'd love to see some code :)
    Report Abuse
    0
  • Why this oauth is so fucked up i dont get it at all where goes username where to put password where to send data nothing shittest solution ever.
    Report Abuse
    0
  • Hi Chris

    Many thanks for this update. I'm using the examples you pointed us to at http://developer.yahoo.com/social/sdk/ . I'm using the example in C:\yahoo-yos-social-python-6cdea09\yahoo-yos-social-python-6cdea09\examples\oauth_tokens.py .

    It breaks up at :

    /*

    print '\n* Authorize the request token ...'
    print '\nAuthorization URL:\n%s' % oauthapp.get_authorization_url(request_token)
    verifier = raw_input('Please authorize the url above ^^^')
    */

    What should one pass into the verifier? When I passed in my username or password, it bombed giving me:


    ======
    Please authorize the url above ^^^ (my username and/or password)

    * Obtain an access token ...
    Traceback (most recent call last):
    File "oauth_tokens.py", line 136, in <module>
    main()
    File "oauth_tokens.py", line 119, in main
    access_token = oauthapp.get_access_token(request_token, verifier.strip())
    File "../src/yahoo/application.py", line 81, in get_access_token
    self.token = self.client.fetch_access_token(request)
    File "../src/yahoo/oauth.py", line 164, in fetch_access_token
    return AccessToken.from_string(self.connection.getresponse().read().strip())
    File "../src/yahoo/oauth.py", line 129, in from_string
    key = params['oauth_token'][0]
    KeyError: 'oauth_token'

    =====



    Looking forward to hearing from you.



    QUOTE (Chris D @ Nov 11 2009, 09:09 AM) <{POST_SNAPBACK}>
    Sorry for the replies to multiple questions in one post:

    The user should be able to provide you with the type of account they have at whatever point they access your app, allowing you to choose which API method to use.
    I agree, OAuth is more complicated than just using a username/password, but it's much more secure. Previously, giving out your Delicious username and password to someone only gave them access to your Delicious content. Now, with Yahoo! ID integration, they would have access to your email, IM, stock portfolios and much more which is clearly not acceptable to the vast majority of users.

    Apologies to all for the lack of documentation on this process. We dropped the ball here, and that's something we plan to resolve soon with some step-by-step examples of the OAuth flow. In the meantime, YDN provides code to work with OAuth at http://developer.yahoo.com/social/sdk/, which should hopefully make accessing Delicious easier.
    Report Abuse
    0
  • Has anyone got any success with Delicious OAuth API actually working?

    I have followed all in the guide http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html, but when calling simple http://api.del.icio.us/v2/tags/get, the return message is:

    <yahoo:description>Please provide valid credentials. OAuth oauth_problem="token_rejected", realm="yahooapis.com"</yahoo:description>
    </yahoo:error>

    The error did not even return the proper realm "Delicious" I pass making the api call.
    Report Abuse
    0
  • I would like to post as my own user account, not this Pukka test one, but for the life of me, I can't get the login on yahoo.com to reflect the change to yahoo.net.

    Anyway...

    I have heard from a few intrepid developers who have been able to implement Delicious OAuth two things:

    1) Only accounts created since this switch can use OAuth.
    2) Private bookmarks cannot be accessed

    Can a Yahoo developer corroborate either of these and list a possible timeline if either/both are going to be fixed?

    Thanks.
    Report Abuse
    0
  • Hi

    to understand the whole thing I tried to implement a simple shell script to do calls against delicious api. Here is the code:

    CODE
    #!/bin/bash

    DATE=$(date +%s)

    RANDOM=$(dd if=/dev/urandom bs=1 count=1024 2>/dev/null | sha1sum | cut -d\  -f1)

    CONSUMER_KEY="insert here"
    SECRET="insert here"

    eval `curl -s "https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_nonce=$RANDOM&oauth_timestamp=$DATE&oauth_consumer_key=$CONSUMER_KEY&oauth_signature_method=plaintext&oauth_signature=$SECRET%26&oauth_version=1.0&oauth_callback=oob" | sed -e 's/\&/\n/g'`

    echo oauth_token: $oauth_token
    echo oauth_token_secret: $oauth_token_secret
    echo oauth_expires_in: $oauth_expires_in
    echo -n "xoauth_request_auth_url: "
    perl -MURI::Escape -wle 'print uri_unescape("'$xoauth_request_auth_url'");'

    echo -n "Enter verifier: "
    read VERIFIER

    VERIFIER=$(echo $VERIFIER | sed -e 's/\n//g')

    # Get token

    DATE=$(date +%s)
    RANDOM=$(dd if=/dev/urandom bs=1 count=1024 2>/dev/null | sha1sum | cut -d\  -f1)

    eval `curl -s "https://api.login.yahoo.com/oauth/v2/get_token?oauth_consumer_key=$CONSUMER_KEY&oauth_signature_method=plaintext&oauth_version=1.0&oauth_timestamp=$DATE&oauth_verifier=$VERIFIER&oauth_token=$oauth_token&oauth_signature=$SECRET%26$oauth_token_secret&oauth_nonce=$RANDOM" | sed -e 's/\&/\n/g'`

    echo oauth_token: $oauth_token
    echo oauth_token_secret: $oauth_token_secret
    echo oauth_expires_in: $oauth_expires_in
    echo oauth_session_handle: $oauth_session_handle
    echo oauth_authorization_expires_in: $oauth_authorization_expires_in
    echo xoauth_yahoo_guid: $xoauth_yahoo_guid

    (I know it is not pretty and insecure, but it works for simple tests :)Christof
    Report Abuse
    0
  • QUOTE (Chris D @ Nov 11 2009, 09:09 AM) <{POST_SNAPBACK}>
    The user should be able to provide you with the type of account they have at whatever point they access your app, allowing you to choose which API method to use.


    Thank you, Chris. Well, users should know, but when I watch my 22-year-old son click through important dialog boxes as though he was shooting at enemy targets, I would say that, if I put up a dialog and asked users "Is this an Old Skool Account or an Account Based On A Yahoo! ID?",

    * 25% of users would have no idea what I was talking about and give the wrong answer
    * 25% of users would not know what I meant but guess correctly and give the correct answer
    * 25% of users would think they knew what I was talking about but give the wrong answer
    * 25% of users would know what I was talking about and give the correct answer

    And then I'd have to write code to handle the wrong answers. More importantly,

    * 30% of users will be annoyed and give up on my app.
    * 30% of users will be annoyed and give up on Delicious.

    No, I believe that instead I need to go through the "if this doesn't work, try that" algorithm under the hood. Lots of code coming!!
    Report Abuse
    0
  • QUOTE (Chris D @ Nov 11 2009, 09:09 AM) <{POST_SNAPBACK}>
    In the meantime, YDN provides code to work with OAuth at http://developer.yahoo.com/social/sdk/, which should hopefully make accessing Delicious easier.


    Well, the first thing it did was ask me to select from among four choices. I was expecting "Delicious" to be mentioned in one of the choices, but it was not. I chose the second choice:

    [ ] Contacts, MyBlogLog, Social Directory, Status, Updates, Wretch
    Create desktop and Web apps that use Yahoo! open authentication (OAuth) APIs.

    It seemed to work. Delicious was a choice later.
    Report Abuse
    0
  • I've made it all the way to Step 7 (http://delicious.com/help/oauthapi)

    But keep getting
    Please provide valid credentials. OAuth oauth_problem="signature_invalid", realm="yahooapis.com"

    I've spent literally a full day trying to figure this out and haven't had any luck.

    Can someone please paste their PHP code where you build the base string, generate the signature, and create the cURL request?

    I would be soooooo thankful :)I'm thinking I may be doing the urlencoding in the wrong order or something simple like that. Or maybe the headers I'm using in cURL aren't right. Or maybe the Delicious instructions are wrong (yet again...like in Step 4).
    Report Abuse
    0
  • Figured it out...turns out I wasn't doing a urlencode on ALL the parameters that I was passing into the CURLOPT_URL when I was making the final call to http://api.del.icio.us/v2/posts/add

    :)I'm thinking I may be doing the urlencoding in the wrong order or something simple like that. Or maybe the headers I'm using in cURL aren't right. Or maybe the Delicious instructions are wrong (yet again...like in Step 4).
    Report Abuse
    0
  • I am attempting to make a PHP file that will work like http://code.google.com/p/mysqlicious/) but that works with the yahoo logins.

    So I can do this successfully:

    1) Send the user to delicious to login.
    2) Exchange the consumer key, verifier, request_token and the signature (the "$shared_secret%26$request_token_secret" one) to get the oauth_token, oauth_token_secret, expirations, session handle and xoauth_yahoo_guid.
    3) Build the base string.
    4) Create the signature ($signature = base64_encode(hash_hmac("sha1", $basestring, $shared_secret."&".$oauth_token_secret, true)); )
    5) Create the header with these params: realm, oauth_consumer_key, oauth_nonce, oauth_signature_method, oauth_timestamp, oauth_token, oauth_version and oauth_signature.
    6) Request all bookmarks from delicious and receive them successfully.

    At this point I want to be able to make the request to delicious again without having the user login. Specifically, I want to set up a CRON to run each night that will update a mysql database with all of the bookmarks from the user account. I really don't want to have to sign in every account every night. As of right now when I try to reuse the signature and headers, I get a timestamp error and when I try to rebuild the basestring and headers with a new timestamp I get signature invalid error.

    So...

    -> Do I need to rebuild the base string and signature each time?
    -> If so, what params need to be included in the base string for the signature and the header for the request? Are they different from the initial request?
    Report Abuse
    0
  • QUOTE (Lsu @ Dec 16 2009, 10:16 AM) <{POST_SNAPBACK}>
    I am attempting to make a PHP file that will work like http://code.google.com/p/mysqlicious/) but that works with the yahoo logins.

    So I can do this successfully:

    1) Send the user to delicious to login.
    2) Exchange the consumer key, verifier, request_token and the signature (the "$shared_secret%26$request_token_secret" one) to get the oauth_token, oauth_token_secret, expirations, session handle and xoauth_yahoo_guid.
    3) Build the base string.
    4) Create the signature ($signature = base64_encode(hash_hmac("sha1", $basestring, $shared_secret."&".$oauth_token_secret, true)); )
    5) Create the header with these params: realm, oauth_consumer_key, oauth_nonce, oauth_signature_method, oauth_timestamp, oauth_token, oauth_version and oauth_signature.
    6) Request all bookmarks from delicious and receive them successfully.

    At this point I want to be able to make the request to delicious again without having the user login. Specifically, I want to set up a CRON to run each night that will update a mysql database with all of the bookmarks from the user account. I really don't want to have to sign in every account every night. As of right now when I try to reuse the signature and headers, I get a timestamp error and when I try to rebuild the basestring and headers with a new timestamp I get signature invalid error.

    So...

    -> Do I need to rebuild the base string and signature each time?
    -> If so, what params need to be included in the base string for the signature and the header for the request? Are they different from the initial request?



    Hi. Lus.
    How did you do that sucessfully?
    I am stalled on step 6). Not sure is my step 5) build baseurl is correct or not.

    Now each time I send a request, I got an 401 response, token_rejected.

    Can you share how do you do that?

    Thanks.
    Report Abuse
    0
  • Well, I finally got this stupid thing working in Objective-C for my Macintosh app. Here is my advice, in particular for Mac or iPhone (Cocoa) projects:

    First of all, block out some time. Don't expect to knock this off in a few hours, unless you've done all this before. With some of the following already under my belt, it took me the better part of 3 days.

    Next, put your hands on the following components:

    • An HMAC-SHA1 encoder function. On the Macintosh, #import <CommonCrypto/CommonHMAC.h> and use CCHmac(kCCHmacAlgSHA1,,,,).
    • A function to encode URI strings in accordance with RFC 3986. Apple's function CFURLCreateStringByAddingPercentEscapes() only encodes the list of characters given in the superseded RFC 2396. You need to tell it to also encode these characters: !*'();:@&=+$,/?
    • A good synchronous function for sending HTTP requests and getting responses. Don't use +[NSURLConnection sendSynchronousRequest:returningResponse:error:] because it always returns error -1012 if something goes wrong, instead of the error from the server. In this project, you're going to need all the error info you can get! Years ago, I wrote my own synchronous function that wraps the asynchronous methods.

    Then, read, read, read ... until you can't take it any more:

    A nice drawing in YDN documentation.
    A very well-written tutorial with some php scripts. The scripts are really nice because you can copy/paste or pipe data into and out of them to and from your own code. Unfortunately, this tutorial ends up sending a request to some other Yahoo API, not Delicious. So you still have to figure out the grand finalé.
    The current draft of the OAuth standard.
    This example in Delicious API Help. Note in step 7: "remove any parameters that were part of the actual API request". Weird, but important.

    Some of the things I learned which are not stated in the above documents:
    • The API parameters to Delicious should be appended to the URL as a query, just as with the old v1 API. For example, to add a bookmark a site named "Bonehead", http://api.del.icio.us/v2/posts/add?descri...%2Fbonehead.com
    • Just like pretty much all the other parameter lists when using OAuth, these parameters appended to the URL must be sorted.

    There is a Cocoa framework, OAuthConsumer , over on Google Code. I was unable to get it to work, possibly because I tried to use it before doing the required reading (see above). For simple, well-bounded problems, you can drop in a framework and use its API without understanding what's going on inside. Possibly, OAuth is too complicated to be in that category. Anyhow, I'm happy without OAuthConsumer, because my whole implementation is only a few hundred lines of code (and I put every parameter on a separate line and write lots of comments). And I saw some things in OAuthConsumer that I didn't like. But you might not mind -- I'm one of those guys that leans toward DIY.

    As to why OAuth needs to be so complicated -- I don't know -- I'm probably not smart enough to comment on that. But as I was reading the documentation and writing the code, I found myself continually having to suspend disbelief as I seemed to be jumping through hoop after redundant hoop. Don't be surprised if you find yourself doing the same.

    Have fun!
    Report Abuse
    0
  • QUOTE (Jerry @ Mar 16 2010, 07:57 AM) <{POST_SNAPBACK}>
    Just like pretty much all the other parameter lists when using OAuth, these parameters appended to the URL must be sorted.


    Thank you for this!
    Report Abuse
    0
  • I have the same issue with STEP 7 from http://www.delicious.com/help/oauthapi
    I guess it can be anything from step 5 to step 7.
    Getting the "Please provide valid credentials", have tried a TON of different solutions the past few days but its all down to the same error.
    A little help would be very appreciated. :) curl_close($ch);
    Report Abuse
    0
  • Never mind. Got it working now. :)
    Report Abuse
    0
    • Ask a Question

    Recent Posts

    in OAuth General Discussion YDN SDKs