Chapter 5. Using OAuth in Yahoo! API Requests
For requests to Yahoo! API and Web services that require OAuth authorization, you must use the HMAC-SHA1 encryption method because requests are made insecurely using HTTP. The following example is an HTTP GET request for the profile of a fictional User with the GUID abcdef123.
Note
Requests to Yahoo! APIs and Web services that require OAuth authorization must provide the OAuth credentials either via query parameters or via an Authorization header. Credentials in the POST body are not supported.