Registering Applications for Browser-Based Authentication

To use Browser-Based Authentication (BBAuth), you must first register your application. The sign-up process requires that you describe what your application does, select the Yahoo! services to which your application needs access, and provide contact information. On completion, Yahoo! provides you with an application ID and shared secret for making authenticated service calls.

Initial Registration

Because BBAuth deals with the personal data of Yahoo! users, you must provide some extra information before you can acquire an application ID. Visit the BBAuth registration page to register your application. You must be a logged-in Yahoo! user to access this page. The page displays these fields, all of which are required:

  • Yahoo! ID: Specifies your Yahoo! user ID. This field should be pre-populated. If the Yahoo! ID in the field belongs to someone else, log out of Yahoo!, log back in with your own Yahoo! user ID, then reload the registration page.

  • Developer/company name: Specify your first and last name. If you are creating an application that belongs to a company or other organization, specify the organization's name instead.

  • Product name: Specify the name of your application.

  • URL: Specify the endpoint URL to your application. When a user logs into Yahoo! and grants your application permission to access their data, Yahoo! redirects the user to your application's endpoint URL with some extra GET parameters attached. One of these parameters is the token, which your application will use to retrieve the user's credentials. This means that you must design your endpoint URL to parse and store the token parameter for future use. For more information about the token and related parameters, refer to Logging in Your Users and Making Authenticated Service Calls.

  • Contact email: Specify your contact email. This may be any working email address. Confirm your email address in the next field.

  • Description of application: Provide a short description of what your application does. For example, "This application provides an alternate interface for uploading photos to photos.yahoo.com, optimized for mobile devices."

  • Properties: Select the Yahoo! services to which your application needs access. Individual Yahoo! business units choose whether to expose authenticated services, and if so, which services to expose.

    You may select as many services as necessary to enable your application to function. Although these permissions are fixed at registration time, try to keep your application's permissions tightly scoped. Users can view these permissions when they log in, and if the permissions are too broad, they are more likely to deny your request for access.

Note: You cannot change any of these fields after you register your application. To access different properties or use a different endpoint URL, you must register a new application.

Domain Confirmation

After you submit your application information, Yahoo! needs to verify that you own the domain for your application. The page displays a randomly generated filename and a randomly generated string phrase. To perform the verification:

  1. Create a file in your domain root using the specified file name. For example, if the file name is ydntpoZbQ, and your domain name is yourdomain.com you should create the file at http://yourdomain.com/ydntopZbQ.

  2. Copy the random phrase and paste the results in the file.

  3. Click the Check Domain button. If Yahoo! verifies that the file is present, the page displays a result of "Pass" in green, and the Continue button becomes active.

    Once your application is registered, delete the file.

  4. Click the Continue button. The page displays two long strings:

    • your application ID -- identifies the developer and the application; displayed unencrypted during use
    • your shared secret -- used to add an encrypted signature to web service calls; never displayed unencrypted

    Store these values in a place where you will not lose them; you need them to make authenticated web service calls. If you lose either one, you must register a new application.

Now that you have an application ID and a shared secret, you can build your application. The next step is to learn how to log in your users. When a user logs in, Yahoo! provides you with the user's token, which represents the user's permission to allow your application access to their data.

Where to Go from Here

Logging In Your Users explains how to direct your users to a Yahoo! login page so that they return with a token. You can use this token to retrieve the user's credentials.

Support & Community

BBAuth and related topics are discussed on the ydn-auth mailing list.

Ready to get started?

By applying for an Application ID for this service, you hereby agree to the Terms of Use

Yahoo Groups Discussions