This page provides an overview of the YDN implementation of the OAuth 2.0 protocol and describes the Oath DSP API authorization workflow.
The Oath DSP API uses the OAuth 2.0 protocol as a simple and secure method for handling authentication and controlling access.
Oath DSP supports the server-side application profile only. Your YDN app is a web-based application that provides user access via an HTML-based user agent. Client credentials and tokens are issued and stored on the web server and are inaccessible to the user.
Access to Oath DSP seat data is granted explicitly via a bearer token. The BrightRoll API is accessible via an access token that is issued to the YDN app.
For detailed information on Yahoo’s implementation of the OAuth standard, see the documentation OAuth Authorization Model on the Yahoo! Developer Network.
The Oath DSP API authorization workflow specifies the steps that every YDN app must follow to enable OAuth support, obtain API access to the platform, and make requests using the |api|s.
This is a four step process:
1. Obtain OAuth 2.0 Authentication Credentials¶
The first step towards gaining access to the |api|s is to obtain authentication credentials (client ID, client secret, and authorization code) for your YDN app.
First, you must request access to the BrightRoll APIs and OAuth support from your account manager (external users) or product support (internal users).
Once you have the appropriate permissions, you can sign up on the Yahoo Developer Network (YDN), create a YDN app, and request the authentication credentials from the YDN. The YDN authorization server generates the authentication credentials that will enable you to generate the access tokens that will enable your YDN app to use the |api|s.
This is a one-time process. For step-by-step instructions, see Obtain OAuth Credentials.
2. Generate OAuth 2.0 Access Tokens¶
Once you have the authentication credentials for your YDN app, your client application can request an access token and refresh token from the YDN authorization server.
These OAuth tokens will enable your application to access the Oath DSP API in all subsequent requests. The access token is a temporal credential that enables the YDN app to make requests. The refresh token is a persistent credential that enables the YDN app to generate new access tokens.
This is a one-time process. For step-by-step instructions, see Generate OAuth Tokens.
3. Refresh OAuth 2.0 Access Tokens¶
The lifetime of an access token is limited to one hour.
If your YDN app needs to access a Oath DSP API beyond the lifetime of a single access token, it can generate a new access token using its refresh token.
For step-by-step instructions, see Refresh Access Token.