I am a beginning developer and i'm trying to build a website that will pull info for my fantasy football team. I used the YQL and get everything i need but when i put the rest query into a browser it tells me i need to provide credentials. i know i have to use oauth for this and have searched high and low for all the docs i can on this. i'm at a total loss. all i'm trying to acheive is have someone login my website and see all the fantasy info for our league. i know the steps i have to take to do this, but the documentation i read doesn't help one bit (especially since yahoo's examples are all in php and i'm using .net). once i get the xml i can take it from there but the issue is trying to get the xml info. i have absolutely no idea how to obtain this whatsoever. so here's what i need help with
1 - i need to request the xml from yahoo yql 2 - how to i provide the proper credentials (i already have a consumer id and key) 3 - once i have those credentials how do i pass them to yahoo to get the xml information?
hopefully this all makes sense. please please please help, i've been at this for months and am at a total loss. thank you in advance for the help.
Hi Carlin. That's a pretty big question, so I'm not sure I'll be able to answer in an exceptional amount of detail. Let me at least see if I can get you pointed in the right direction.
Authentication As you noted, all of our service authentication is done through OAuth. That's the reason the URLs won't work in your browser -- the browser isn't passing around OAuth credentials. So the first step you'll need is to put together a basic program that can set up a valid OAuth request. You said you'd searched around high and low for documentation, but here's some more: check out the Welcome Thread at the top of this forum and read over all the links in the OAuth section (most interestingly, the OAuth Authorization Flow and the OAuth libraries link). The first libraries at the libraries link are for .NET, so you should try to play around with those.
The flow for getting user specific data should be something like:
Get a request token from Yahoo!, which includes a link to present to the user.
Send the user to that link, and have them come back with a verifier token.
Use the verifier plus the original credentials to get an access token.
Pass the access token as part of your request in order to access the information.
So you'll definitely need to send a user to a browser at some point to make sure they can log into Yahoo! and then give your application permission to use their data.
Building an App to Just Get Your Own Data It seems like this is something a lot of people are trying to do, which doesn't really fit well with the whole "get a user to grant permission every time" model of OAuth, because you only ever have one user (yourself). What I've typically been recommending that people do is:
Set up a program like described above to prove that, given a user, you're able to get valid access tokens for them.
Using yourself as the user, go through that process and save the access tokens that you get back.
From your application, whenever that access token expires, refresh it and save that token again.
You can indefinitely refresh tokens, which means that, once you have that initial token in place, you should never need to play with the OAuth authorization flow again (aside from when you need to refresh the token, which doesn't require any human input). You can just use it as a stored key with which to make requests to our services (in the context of your own user).
Does that make sense? Basically: use the libraries, and take advantage of the fact that you can indefinitely refresh your own access token.