In this Chapter:
You must sign all requests to Yahoo Web services, including those to OAuth calls such as
get_token (OAuth Core 1.0 Spec, Section 9) using the
oauth_signature parameter. You can use either
the HMAC-SHA1 or PLAINTEXT method.
Take the relevant request header and create a base string from it. For example, the following is a request URL and header for getting a Request Token:
If you normalize the request, the resulting base string looks like the following:
Use the normalized base string as "text" sign it using the concatenated Consumer Secret and Token Secret separated by an "&" character. For more information, refer to OAuth Core 1.0 Spec, Section 9.2.
For requests to
get_request_token, the Token Secret is absent. Include
only the Consumer Secret followed by an "&" character.