Three ways to control social data access

If we log into a site using OpenID+OAuth "Hybrid Auth", then authorize an OAuth app or install a Yahoo! Application Platform (YAP) app, and grant access to our protected Yahoo! data, how can we revoke or control access later?

Screenshot showing an OAuth app requesting access

It is important for users and developers to understand how to do this. Users may change their minds about allowing an app to access their data. Developers need to build apps that can handle such changes.

Yahoo! provides three levels of control: general OAuth, Updates API-specific, and YAP application.

General OAuth

You can see and manage all the apps you have granted access to via OAuth and Hybrid Auth here:

To get there, follow these steps:

  1. Go to
  2. Click View Account Info under the Account Info tab on the Profiles page.
  3. Click Manage Apps and Website Connections under Sign-In and Security.
  4. Click an app name to see scopes provided.
  5. Click Remove to revoke accesss.

Updates API-specific

At a more granular level, you can control which apps are allowed to publish updates for your account on the Manage Updates page of your Yahoo! Profile, and in the Settings dialog of an app (shown in the following screenshot).

Updates scope setting for YAP app

YAP application

You can see all the Yahoo! applications you have installed, and remove individual apps, on the My Apps page.

My Apps page

Removing an app revokes its access to your data.

Co-authored by Erik Eldridge and Christine Dorffi