Get a Request Token (get_request_token)
URL:
https://api.login.yahoo.com/oauth/v2/get_request_token
Supported Methods:
GET, POST
Before your Users get involved, your application uses your Consumer Key to obtain a Request Token (OAuth Core 1.0 Spec, Section 6.1).The Request Token is a temporary token used to initiate User authorization for your application. The Request Token tells Yahoo! that you've obtained User approval, but must be exchanged, along with the OAuth Verifier, for an Access Token. The Request Token is intentionally short so that a User can type it manually as part of the redirect URL in cases where the application cannot launch a browser (such as a mobile phone app or a device that has no browser).
The following is an example of URI request for a request token:
The key request parameters are shown in the following table:
Table 4.1. Request Token (get_request_token) Request Parameters
| Request Parameter | Description |
|---|---|
oauth_consumer_key |
Consumer Key provided to you when you signed up. |
oauth_nonce |
A random string (OAuth Core 1.0 Spec, Section 8) |
oauth_signature_method |
The signature method that you use to sign the request. This can be PLAINTEXT or HMAC-SHA1. |
oauth_signature |
The Consumer Secret that was issued to the application. If you are using the
PLAINTEXT signature method, add %26 at the end of the Consumer Secret.
For more information about signing requests, refer to Signing Requests to Yahoo!.
|
oauth_timestamp |
Current timestamp of the request. This value must be +-600 seconds of the current time. |
oauth_version |
OAuth version (1.0). |
xoauth_lang_pref |
(optional) The language preference of the User; the default value is
EN-US. For further details about this parameter, refer to the OAuth
Extension for Specifying User Language Preference.
|
oauth_callback |
Yahoo! redirects Users to this URL after they authorize access to their private
data. If your application does not have access to a browser, you must specify the
callback as oob (out of bounds).
|
Tip
Because all OAuth requests to Yahoo! login servers are made over HTTPS, you have the choice of using PLAINTEXT or HMAC-SHA1. However, calls made to actual Yahoo! APIs are sent insecurely over HTTP and thus require HMAC-SHA1 signatures.
Yahoo! returns a response similar to the following via the URL:
The key response parameters include the following:
Table 4.2. Request Token (get_request_token) Response Parameters
| Response Parameter | Description |
|---|---|
oauth_token_secret |
The secret associated with the Request Token, provided in hexstring format. |
oauth_expires_in |
The lifetime of the Request Token in seconds. The default number is 3600 seconds, or one hour. |
xoauth_request_auth_url |
The URL to the Yahoo! authorization page. |
oauth_token |
The Request Token that Yahoo! returns as a response to the
request_token call. The Request Token is required during the User
authorization process.
|
oauth_callback_confirmed=true |
This parameter confirms that you are using OAuth 1.0 Rev. A. This parameter is always set to true. |