Yammer REST API: How to get access tokens for external networks?

empz picture empz · Mar 24, 2014 · Viewed 9.2k times · Source

I'm working on an ASP.NET web application that reads data from Yammer. I've successfully acomplished authentication and getting messages from the "home" network.

Now I want to switch to another network and get messages from it. I've read all the documentation and specifically the Networks section which states the following:

Facilitates switching a user between different Yammer networks. All Yammer web requests contain a network permalink in the URL (https://www.yammer.com/network_permalink/resource_path) to denote the network context. API requests use a different OAuth token for each user/network combination.

Endpoint: Returns a list of networks to which the current user has access. Supports included_suspended parameter.

GET https://www.yammer.com/api/v1/networks/current.json

Ok, so I need to get the corresponding token for the user/network combination. Perfect. I do a GET request to that networks/current.json endpoint and I get all the networks the current user has access to. Great. Now, where are the tokens? They aren't in the json response.

So...

  • How do I get messages from external networks using the Yammer REST API via server-side code?
  • How do I get the tokens for the external networks?

UPDATE

Following Brian's suggestion:

  1. I do a GET https://www.yammer.com/api/v1/oauth/tokens.json passing the current token in the authentication header (Bearer: xxxxxxxxx)
  2. This returns the 2 networks the user I'm using is in. The home and the external. One thing I noticed is that the user_id is different for each network. I don't know if that's another user or if the same user has a different user_id for each network.
  3. Now I want to get messages from the other network so I do a

GET https://www.yammer.com/api/v1/messages.json

but now using the token for the external network I got from the tokens.json endpoint. But I get the following response:

{
  "response":
     {
      "stat":"fail",
      "code":17,
      "message":"Attempt to access a protected resource failed."
     }
 }

And again, according to the doc that endpoint is for impersonation and restricted to verified admin users in paid Yammer networks.

I have no clue really.

UPDATE 2

The process described in the above update works for the user (me) that created the Yammer App. I'm using. Other users can't get messages from external networks unless I'm in that network. So it seems like they are using my tokens, but that's impossible unless there's a bug in the API.

Answer

Brian Lyttle picture Brian Lyttle · Mar 24, 2014

You need to hit https://www.yammer.com/api/v1/oauth/tokens.json. This topic is covered over on the Zapier blog. Their blog specifies an access_token as a query string parameter, but that is no longer supported. Specify the access token for the current user on the Authorization header as shown on the Yammer developer site.