OAuth Authorization Model

Yahoo APIs use the OAuth protocol for authorization and authentication. OAuth is a simple, secure, and quick way to publish and access protected data.


What is OAuth?

OAuth is an open authorization model based primarily on existing standards that ensures secure credentials can be provisioned and verified by different software platforms. It allows you to share your private resources stored on one site with another site without having to hand out your user name and password.

For a visitor to your site, OAuth is completely transparent. The user experience will be specific to the implementation of both the site requesting access and the one storing the resources, and will adjust to the device being used (web browser, mobile phone, PDA, set-top box).

Example user flow:

A developer has created an application which will allow his users to represent their presence using the Yahoo Status web service. Once the developer signs up for an OAuth API Key and Secret (provided by Yahoo), they may access Yahoo's OAuth API to establish the credentials used to access this data from Yahoo Status. When a user interacts with the developer's application, they are redirected to Yahoo's authorization page, where they sign into their Yahoo account, then grant the application access to their Yahoo Status data. A user-authorized token is returned to the application which can be used to access this data.

Support and Community

You can raise questions and suggestions about the OAuth API on the YDN feedback forum