Getting Started

OAuth

If you're going to use the Fantasy Sports APIs, you're going to have to get a bit familiar with OAuth. OAuth is the authentication mechanism for these services that allows users to grant you permission to make requests on their behalf. Many other Yahoo! services use OAuth, and thus all of the underlying details are explained in exhaustive detail in our primary OAuth documentation. Of particular interest is the OAuth Authorization Flow, which explains where each request is made and where the user needs to get involved.

However, constructing OAuth flows from scratch is complicated and easy to get wrong. It's often easier to use existing libraries, which are available for most languages on the OAuth.net Code page.

Registering Your Application

To work with OAuth and Yahoo! services, you also must register your application with the Yahoo! Developer Network. When you register your application, you define a scope of Yahoo! services that your application will need access to, as well as the basic descriptive information that will be presented to users of your application when they're asked to grant you permissions. You will be given a consumer key and secret value that will need to be fed into OAuth requests that you generate. You should be sure to keep these values secret, as anyone with access to them could masquerade as your application.

To create a new OAuth application to use with the Fantasy Sports APIs, you should go through the New API Key flow on YDN. Be sure to specify that you need access to private user data, and select either Read or Read/Write access for Fantasy Sports.

PHP Sample Code

Basic OAuth Library Use

While everyone will have their favorite language to use when writing applications using the Fantasy Sports APIs, hopefully this PHP example will still serve as a useful reference. It tries to do several interesting things: keeping track of (and potentially refreshing) access tokens for future reuse, facilitating the interactive user authentication flow, and actually making a request based on any tokens retrieved. In order to use this code, you must have the default PHP OAuth extension installed, and you will need to fill in your own consumer key and secret where specified. You should then be able to execute the PHP script from the command line.

Full OAuth Flow without Libraries

If the PHP library described above doesn't fit your needs, you may feel like implementing the flow yourself. It's mildly tricky and you may run into common issues like not sorting the parameters correctly, or not encoding the various parts of the URL at the right time. The following script is an example of doing absolutely everything from scratch, and may be a useful guide for you.

PUTs and POSTs

The default PHP OAuth extension does not support any methods aside from GET (as far as I can tell), but we do have write operations as part of the Fantasy API that you might want to make use of. The easiest solution would be to find a library that does support PUTs and POSTs (and DELETEs), but failing that, you can check out this quick sample code that will execute a PUT or POST given an access token (see earlier scripts for how to retrieve an access token).

Making Public Requests

Most of the Fantasy API data relies on 3-legged OAuth, as much of the data is specific to a certain Yahoo! user. However, you can use 2-legged OAuth to request purely public data. 2-legged OAuth effectively boils down to making a request without setting an access token through the default PHP OAuth library, or effectively using your consumer key/secret as the token.

Table of Contents