Generate OAuth Tokens

Once you have the OAuth authentication credentials for your YDN app, your client application can request an access token and refresh token from the YDN authorization server.

In this procedure, you will generate two OAuth tokens: an access token and a refresh token.

Token Description
ACCESS_TOKEN A token that expires in one hour. Obtain a new token periodically to make API calls.
REFRESH_TOKEN A persistant token. Use the same refresh token every time you make API calls.


This procedure assumes that you have obtained your YDN apps authentication credentials following the procedure described in Obtain OAuth Credentials.

The YDN OAuth 2.0 process generates three authentication credentials that you must have to generate OAuth tokens:

  • CLIENT_ID. The client ID is an OAuth 2.0 credential that uniquely identifies your app.
  • CLIENT_SECRET The client secret is an OAuth 2.0 credential that is known by both YDN and your app.
  • AUTHORIZATION_CODE The application access code is an OAuth 2.0 credential that the YDN console generated for your YDN app.

Step 1: Encode Client ID and Client Secret

Base64 encoding is a way of encoding binary data into text so that it can be easily transmitted across a network without error.

In this step, you will take the client ID and client secret that the YDN console generated for you and encode them using the base64 protocol. You can use command line tools like openssl or base64 on a Mac, base64 on a PC, or use an encoding service like

To generate an ENCODED(CLIENT_ID:CLIENT_SECRET) in the Terminal:

  1. Create an input file that contains the CLIENT_ID and CLIENT_SECRET in the following format: CLIENT_ID:CLIENT_SECRET. For example, input.txt.
In the input file, ensure that no spaces are appended to the CLIENT_ID and CLIENT_SECRET keys and separate the CLIENT_ID and CLIENT_SECRET with a colon.
  1. Open a Terminal session and run the command:
base64 -i input.txt -o output.txt

The ENCODED(CLIENT_ID:CLIENT_SECRET) is generated in the output.txt file.

Step 2: Generate Refresh & Access Tokens

In this step, you will generate an access token and refresh token for your YDN app using your OAuth credentials: client ID, client secret, and authorization code.

To generate OAuth tokens:

  1. Run the following cURL command in the Terminal.

    In the command, you must specify your ENCODED(CLIENT_ID:CLIENT_SECRET) and AUTHORIZATION_CODE.

curl "" \
   -X POST \
   -H "Content-Type: application/x-www-form-urlencoded" \
   -H "Authorization: Basic <<ENCODED(CLIENT_ID:CLIENT_SECRET)>>" \
   -d 'grant_type=authorization_code&redirect_uri=oob&code=<<AUTHORIZATION_CODE>>'


There is a single space between Basic and ENCODED(CLIENT_ID:CLIENT_SECRET).

The YDN authorization server returns the JSON response. For example:

  1. Copy and save the refresh_token value.

    The refresh token value is constant and you will use it every time you generate a new access token.

Response Fields

A successful response contains the following fields:

Fields Description
access_token The access token signed by Yahoo. Use this token to access BrightRoll DSP API. This token has a 1-hour lifetime.
token_type Identifies the type of token returned. At this time, this field always has the value bearer.
expires_in The access token lifetime in seconds.
refresh_token The refresh token that you can use to acquire a new access token after the current one expires. For details on how, see Refreshing an Access Token in RFC 6749.
xoauth_yahoo_guid The GUID of the Yahoo user.

You will use the access_token value to interface with the BrightRoll DSP API.