Attempt to get contacts results in "token_rejected"

I have been spinning my wheels for several days now and I can't seem to figure out what I'm doing wrong.

Here is the normalized request, which I am using to generate a signature. I am signing it with the Consumer Secret and Token Secret concatenated with an ampersand ("&"). I have shortened some of the data for security and brevity.

Signature Base:


Request Url:



Authorization: Oauth realm="yahooapis.com",oauth_consumer_key="dj0yJmk9dUVvR3FZZmRuQ0FnJmQ9WVdrOVQwUlhiVlJWTkdVbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1lYQ--",oauth_nonce="9992478",oauth_signature_method="HMAC- SHA1",oauth_timestamp="1383179689",oauth_token="A=Hiomf…b.SwMsA",oauth_version="1.0",oauth_signature="79CE56D44C5FC94DC1325E61B4D71E3355A4B386"


Connection: Keep-Alive Transfer-Encoding: chunked Vary: Accept-Encoding Cache-Control: private Content-Type: application/xml Date: Thu, 31 Oct 2013 00:34:18 GMT Server: HTTP/1.1 UserFiberFramework/1.0 Via: HTTP/1.1 r02.ycpi.lax.yahoo.net UserFiberFramework/1.0 WWW-Authenticate: OAuth oauth_problem="token_rejected", realm="yahooapis.com"

Any help will be appreciated!

2 Replies
  • I have the same problem here. Did you find any solution? Using either Header or query for the parameters... My oauth_signature is ok. regards

  • Are you aware of the move to HTTPS. detailed in the Yahoo Developer Network blog (below)? http://yahoodevelopers.tumblr.com/post/75633763287/yahoo-contacts-and-profile-apis-move-to-https Yahoo has enabled HTTPS access to Yahoo Contacts and Profile APIs and now requires all developers using the Yahoo Contacts APIs and Profile APIs to use the HTTPS protocol (and port 443). The domain name social.yahooapis.com is the same. Since last month, Yahoo is limiting all access to Yahoo’s Contacts APIs and Profile APIs to secure SSL connections only. If you haven't made the switch to HTTPS, your users will not be able to access their Yahoo Contacts / Profile data via your service.


Recent Posts

in Contacts