Back to YQL Forum
0

Cross Domain Javascript

My code :
function getData(data){

alert(data.results.item[0].title);

}

function addScript(s){

var nScript = document.createElement('script');
nScript.src = s;
document.getElementsByTagName("head")[0].appendChild(nScript);

}

var url = "http://query.yahooapis.com/v1/yql?q=select%20*%20from%20rss%20where%20url%3D'http%3A%2F%2Frss.news.yahoo.com%2Frss%2Ftopstories'&format=json&callback=getData";
addScript(url);


don't working.... What's wrong ?

by
Report Abuse
3 Replies
  • Your request must be signed with OAuth. With that request alone you'll only get a '401 Authorization Required' response.

    CODE
    $ curl -I http://query.yahooapis.com/v1/yql?q=select%20*%20from%20rss%20where%20url%3D'http%3A%2F%2Frss.news.yahoo.com%2Frss%2Ftopstories'&format=json&callback=getData
    ...
    $ HTTP/1.1 401 Authorization Required
    Date: Wed, 29 Oct 2008 05:41:58 GMT
    WWW-Authenticate: OAuth oauth_problem="parameter_absent", realm="yahooapis.com"
    Connection: close
    Content-Type: application/xml


    There is an OAuth library for javascript, however as with any client OAuth implementation, you will expose your consumer secret.
    http://code.google.com/p/oauth/source/brow...code/javascript

    You can sign up for consumer key / secret here.
    http://developer.yahoo.com/dashboard/

    Also take a look at the PHP examples for creating OAuth signed requests to YQL.

    http://developer.yahoo.com/yql/docs/#php_example
    http://developer.yahoo.com/yql/docs/#2_Legged_OAuth
    Report Abuse
    0
  • On a similar note. I just want to access public data. In fact, all I want is an easy conversion from Atom to JSON.

    Do I still need to jump through OAuth hoops? What's the cost of exposing my consumer secret?
    Report Abuse
    0
  • QUOTE (lachlanhardy @ Oct 29 2008, 05:04 AM) <{POST_SNAPBACK}>
    On a similar note. I just want to access public data. In fact, all I want is an easy conversion from Atom to JSON.

    Do I still need to jump through OAuth hoops? What's the cost of exposing my consumer secret?


    No hoops for 2-legged signing. This just means signing your request using your developer consumer key and secret - which you can get quickly and easily by registering in the dashboard (link above). The "cost" of doing this in Javascript (rather than a proxy on your server) is that someone else could use your key and secret and also make calls using them. Since anyone can get a ck+cks from yahoo it's probably not that much of a concern - you could always get another should that situation arise. I would NOT advise using 3-legged oauth signing (which your application is impersonating the user) or using a CK+CKS that is "scoped" for getting private data using javascript only, as if you needed to change that ck+cks you'd have to get everyone to "repermission".

    So, for simple public access, just grab yourself a key and use any oauth library for any language and just do a 2-legged signing. For private data access you should keep that secret safe on a server.

    Jonathan
    Report Abuse
    0
Ask a Question

Recent Posts

in YQL