Exchange PART for OAuth Credentials API
Exchange PART for OAuth Credentials API Address
https://api.login.yahoo.com/oauth/v2/get_token
As defined in Section 5.2 of the OAuth 1.0a spec, all input parameters can be submitted via HTTP GET, or HTTP POST with a content-type of application/x-www-form-urlencoded, or using the Authorization Header as explained in Section 5.4 in the OAuth Core 1.0 document. For Messenger clients, a correct timestamp may not be available in certain platforms especially mobile. In those
cases, we recommend using the PLAINTEXT method of signature calculation so that value of timestamp parameter is ignored.
Please check the OAuth specification for details on signature calculation. This document assumes familiarity with the OAuth specification and skims some OAuth details.
Exchange PART for OAuth Credentials API Input Parameters
| Request Parameter | Type and Length | Description |
|---|---|---|
oauth_consumer_key
|
string (256 chars) | The consumer key that will be validated |
oauth_signature_method
|
string (32 chars) | PLAINTEXT or HMAC-SHA1 (PLAINTEXT is preferred)
|
oauth_nonce
|
string (256 chars) | A random value |
oauth_timestamp
|
string (40 chars) | A Unix timestamp, expressed as "seconds from epoch." Note that if your system typically returns a timestamp as milliseconds from epoch, you should divide the number by 1000. |
oauth_signature
|
string (120 chars) | For the PLAINTEXT signature method, this is the consumer secret with an ampersand '&' concatenated to the end. (See note below on URL encoding the ampersand.) For the HMAC-SHA1 signature method, this is the actual signature.
|
oauth_verifier
|
N/A | None |
oauth_version
|
string (20 chars) | 1.0 |
oauth_token
|
string (256 chars) | The Pre Approved Request Token (PART) obtained from Pre Approved Request Token (PART) API |
Exchange PART for OAuth Credentials API Response
The Response format is specified in Section 5.3 of the OAuth 1.0a spec.
| Response Parameter | Description |
|---|---|
oauth_token
|
The access token |
oauth_token_secret
|
OAuth access token secret |
oauth_session_handle
|
The persistent credential |
oauth_expires_in
|
Lifetime of the access token in seconds. |
oauth_authorization_expires_in
|
Lifetime of the oauth_session_handle in seconds
|
Note
In case of the PLAINTEXT signature method being used, the oauth_signature should be your consumer secret concatenated with an ampersand '&', which will then be URL encoded. For example, the oauth_signature sent should look like 'oauth_signature=5b39ec891e64d8dbbfab96dc137da73e%26'. Please check the OAuth specification for details.