You build great web applications. We have millions of users who store their data on Yahoo!. Browser-Based Authentication (BBAuth) makes it possible for your applications to use that data (with their permission).
BBAuth also offers a Single Sign-On (SSO) facility so that existing Yahoo! users can use your services without having to complete yet another registration process.
The first time a user visits your web site, you redirect them to a specially constructed Yahoo! URL where they can login and grant your application permission.
The image below illustrates the process.
More details are available in the next section.
To use BBAuth, you'll need to do the following:
First you need to register your application with Yahoo!. The process requires that you describe what your application does, provide contact information, set your application's endpoint URL, and select the Yahoo! services to which your application needs access. Some services may divide their API calls into subsets, or scopes. For example, a service might group its read-only methods into a single scope.
When you complete registration, Yahoo! provides you with an application ID and shared secret for making authenticated service calls.
Your application cannot access a user's personal data until the user grants your application limited access to their data. To do this you must direct your users to a specialized Yahoo! login page. Once the user enters their Yahoo! user ID and password, Yahoo! displays a Terms of Service page and lists the data which your application may access. If the user grants your application access, Yahoo! redirects the user to your site. The redirect URL contains a token that you use to retrieve the user's credentials.
Now that you have the user's token, you can use
it to retrieve an auth cookie and a WSSID,
which together represent the user's credentials. The user's credentials last
for one hour, and you must supply them for each authenticated web service call.
Want to use Browser-Based Authentication but don't like reading documentation? Learn by doing. Download our Quickstart Package here and get the test application up and running in short order. The package includes handy Browser-Based Authentication classes for both PHP4 and PHP5 that simplify the amount of coding necessary.
Licensing terms for Browser-Based Authentication are defined by the general Yahoo! API Terms of Use. All of the code samples listed in this section are provided free of charge under a BSD license.
Browser-Based Authentication and related topics are discussed on the ydn-auth mailing list. If you have questions or need technical support, please use this group.
If you want to use the Yahoo! Authentication API for a client application instead of a web application, please enable javascript to see the contact email address for further assistance.
If you need your application key deactivated (for example, if you feel it has been compromised), then see the Yahoo! Developer Help page for information on how to contact Yahoo! Customer Care.
Registering Your Application explains how to acquire an application ID and shared secret for your application.
We'd love to see what you've come up with! To share your applications and find other examples of developer creativity, please visit the Yahoo! Applications Gallery. You'll be able to upload, download, rate, and review applications from all over the world, using all sorts of Yahoo! data and services.
Copyright © 2008 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Copyright Policy - Job Openings