Welcome, guest Sign In

Signing Requests to Yahoo!

In this Chapter:

You must sign all requests to Yahoo! Web services, including those to OAuth calls such as get_token (OAuth Core 1.0 Spec, Section 9) using the oauth_signature parameter. You can use either the HMAC-SHA1 or PLAINTEXT method.

Signing Requests using HMAC-SHA1

Take the relevant request header and create a base string from it. For example, the following is a request URL and header for getting a Request Token:

Header:

URL:

If you normalize the request, the resulting base string looks like the following:

Use the normalized base string as "text" sign it using the concatenated Shared Secret (Consumer Secret) and Token Secret separated by an "&" character. For more information, refer to OAuth Core 1.0 Spec, Section 9.2.

Note

For requests to get_request_token, the Token Secret is absent. Include only the Shared Secret (Consumer Secret) followed by an "&" character.

Signing Requests using PLAINTEXT

To create the oauth_signature parameter for PLAINTEXT signatures, simply concatenate the Shared Secret (Consumer Secret) and Token Secret separated by an "&" character.

Note

For requests to get_request_token, the Token Secret is absent. Include only the Shared Secret (Consumer Secret) followed by an "&" character.

Table of Contents

Copyright © 2009 Yahoo! Inc. All rights reserved. Copyright | Privacy Policy

Help us continue to improve the Yahoo! Developer Network: Send Your Suggestions