On this page, we're going to walk you through an example illustrating how the Yahoo! Updates API works on a partner site.
In this example, Mike wants to have his readers be able to rate their favorite TV shows on his blog. As his readers are performing social actions on his site (rating the TV shows), those actions are getting broadcasted to others on the Yahoo! network via the Yahoo! Updates stream.
In order to completely understand the power of this demo, you'll want to open a new tab or window and log in to your Yahoo! Profile page. If you don't yet have a Yahoo! Profile, take a few seconds to create one. Look at the existing updates on your Yahoo! Profile page before you run the demo. This is where the updates will be published.
The example displayed below shows a mock partner site with fictitious content within an iframe. We are displaying the example in an iframe to show that the file could exist anywhere off the Yahoo! Network.
View the demo in a new window.
After creating a new application, you are issued an application ID, a consumer
key, and a secret key that are used to identify your application to Yahoo! and needed by
the SDK to complete authorization. In this example, these values are stored in a
for easy access.
rate.phpscript containing the rating form using the YUI Connection Manager.
Once the application has made the request to rate.php, that script will check for an existing user session by checking for the presence of an access token in the browser cookie.
An access token is needed by the application to post updates to Yahoo!. If
one does not exist, we can get one by going through the first two steps of
the OAuth authorization. First, we will request a Request Token from Yahoo!, then
use it to construct the authorization URL. This will be returned as part of an error
rate.php, signaling to the application that the user will need
Once the application has received the response from
rate.php, it will check for an
error flag stating that the user needs to login before an update can be pushed out.
A prompt is displayed to the user with a link to the authorization URL that we just generated.
Once the user returns to the application after authenticating—through the callback URL we supplied—there is only one step left before sending an update. This last step through OAuth is to obtain an access token by passing the application credentials and the now authorized request token.
RatingUtil class and the SDK will handle this nicely for us. By
instantiating a new
RatingUtil object, the code will check for a session
through the SDK, and if one exists, a new session is created and stored for future use.
Now that we have an ready session, we are able to communicate with the social APIs. Using the query string passed through the callback URL, we still have the users original rating form entry. Using that data, we can create a session and push a new update out.
At this point, a new update has been published. Because we now have the access token stored in the user cookie, we can retrieve it (and refresh the token, if needed) at any time to create a new session.
This means that if the user submits another rating form, we can push an update immediately without sending the user back through OAuth.
rate.php, if the user has a session, we'll publish an update and
return a success response to our application, rather than our previous action
of initializing the OAuth flow.
That's it! You've now made it through OAuth and are now pushing updates to Yahoo!.
RatingUtil.inc.php is fully shown here so you can see the methods being called by
oauth_callback.php. This class contains the OAuth consumer token,
the session, the session store, and the application ID for easy access. It also contains
methods for creating an authorization URL and inserting an update.