Exchange the Request Token and OAuth Verifier for an Access Token (get_token)
URL:
https://api.login.yahoo.com/oauth/v2/get_token
Supported Methods:
GET, POST
After your Users authorize your application access to their information, your application needs to exchange the approved Request Token for an Access Token, which tells Yahoo! that your application has been given authorization to access User data. (OAuth Core 1.0 Spec, Section 6.3)
The following is an example of a URI request for an Access Token:
Table 4.5. Get Access Token (get_token) Request Parameters
| Request Parameter | Description |
|---|---|
oauth_consumer_key |
Consumer Key provided to you when you signed up. |
oauth_signature_method |
The signature method that you use to sign the request. This can be PLAINTEXT or HMAC-SHA1. |
oauth_nonce |
A random string (OAuth Core 1.0 Spec, Section 8) |
oauth_signature |
The concatenated Consumer Secret and Token Secret separated by an "&"
character. If you are using the PLAINTEXT signature method, add %26 at
the end of the Consumer Secret. If using HMAC-SHA1, refer to OAuth Core 1.0 Spec, Section 9.2.
For more information about signing requests, refer to Signing Requests to Yahoo!.
|
oauth_timestamp |
Current timestamp of the request. This value must be +-600 seconds of the current time. |
oauth_verifier |
The OAuth Verifier is a verification code tied to the Request Token. |
oauth_version |
OAuth version (1.0). |
oauth_token |
The Request Token, which is required during the User authorization process
and is short enough for the end User to easily enter. The Request Token is provided
in the response to the get_request_token request.
|
Yahoo! will return a response similar to the following:
Table 4.6. Get Access Token (get_token) Response Parameters
| Response Parameter | Description |
|---|---|
oauth_token |
The Access Token provides access to protected resources accessible through Yahoo! Web services. |
oauth_token_secret |
The secret associated with the Access Token provided in hexstring format. |
oauth_session_handle |
The persistent credential used by Yahoo! to identify the Consumer after a User has authorized access to private data. Include this credential in your request to refresh the Access Token once it expires. |
oauth_expires_in |
Lifetime of the Access Token in seconds (3600, or 1 hour). |
oauth_authorization_expires_in |
Lifetime of the oauth_session_handle in seconds. |
xoauth_yahoo_guid |
The introspective GUID of the currently logged in User. For more information of the GUID, see the Yahoo! Social API Reference. |
Once you have an Access Token, you can use it towards requests to Yahoo! Web services. For more information on using the Access Token in Yahoo! API requests, refer to Use OAuth in Yahoo! API Requests.
Important
If you used the pop-up window method for presenting the Yahoo! authorization page, ensure that you close this window once you receive the Access Token from Yahoo!.