OAuth Protocol Parameters are sent from the Consumer to the Service Provider in one of three methods, in order of decreasing preference:
1. In the HTTP Authorization header as defined in OAuth HTTP Authorization Scheme (OAuth HTTP Authorization Scheme). 2. As the HTTP POST request body with a content-type of application/x-www-form-urlencoded. 3. Added to the URLs in the query part (as defined by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 3).
Requests to Yahoo! APIs and Web services that require OAuth authorization must provide the OAuth credentials either via query parameters or via an Authorization header. Credentials in the POST body are not supported.
It seems like two different teams implemented the OAuth for token workflow and for API requests. Please either fix the implementation or fix the documentations. Having developers integrate with broken implementation AND bad documentations is a waste of everyone's time.
Can you please try passing the parameters in HTTP Authorization header and see if that works for you? We recently added support for Authorization header.
Yahoo Membership Team
I encountered problems when trying to Post a HTML string to yahoo smallview using Authorization header or QueryString, it always returns error code 403 "OAuth signature mismatch". I had similar problem with HTTP PUT, it return me error code 401. However GET works fine. So far I have not be successful at sending any requests which has a body.
SyncContact 1.0.2 - which is an iPhone application uses OAuth for authentication for accessing Yahoo Contacts Social API. It works just as document on Yahoo Developer Network (http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html). Just that we couldn't get it to work using Authorization header or HTTP Body for OAuth paramters, however, everyone works fine as stated if all the OAuth parameters are passed as query string.