{"metadata":{"image":[],"title":"","description":""},"api":{"url":"","auth":"never","basic_auth":false,"params":[],"results":{"codes":[]},"settings":"","try":true},"next":{"description":"","pages":[]},"title":"Step 2: Authentication","type":"basic","slug":"authentication-1","excerpt":"","body":"**Implement Authentication**\nThe next step is to implement an authentication mechanism for your app to connect to Yammer. The authentication is an OAuth 2 flow, beginning with the user authenticating with their Yammer credentials. The user then authorizes your app to connect to their Yammer network. The end result is a token that your app will use to write events to Yammer and retrieve Yammer data.\n\nThe Yammer API supports using the following token types:\n  * Azure Active Directory\n  * Yammer OAuth 2 (Legacy)\n\n**Azure Active Directory Tokens**\nAll Yammer v1 REST API endpoints support using Azure Active Directory (AAD) Tokens that are acquired using the Microsoft Authentication Library (MSAL). MSAL is available for .NET, JavaScript, iOS, and Android, which support many different application architectures and platform.\n\nLearn about using [MSAL](https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview) and [registering an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) with the Microsoft identity platform. \n\n**Client-side Single Page JavaScript Application**\nIf you are using a Single Page AAD App that uses the Implicit Grant Flow, then your AAD App will need to be mapped to its corresponding Yammer platform Application. Please provide details about your Yammer and AAD App through a Support request to Microsoft Support.  This is required to ensure that your application is not affected by Cross-Origin Resource Sharing (CORS) permissions issues.\n\n**Yammer OAuth 2 (Legacy)**\nYammer's v1 REST API endpoints also support using Yammer OAuth 2 Tokens.\n\n  * Server-Side Flow: Referred to as “Authorization Code Grant” in the OAuth 2.0 Specification, the server-side flow should be used whenever you need to call the Yammer API from your web application server.\n\n  * Client-Side Flow: Referred to as “Implicit Grant” in the OAuth 2.0 Specification, the client-side flow should be used when you need to make API calls from a client, such as JavaScript running in a web browser or from a native mobile or desktop application. \n\nLearn more about using Server-Side and Client-Side flows [here.](https://developer.yammer.com/docs/oauth-2)","updates":["54ee01d28dafa7250027e65e","55cce35ea15ad619004af25d"],"order":2,"isReference":false,"hidden":false,"sync_unique":"","link_url":"","link_external":false,"_id":"546b922862515a14007ebc4f","category":{"sync":{"isSync":false,"url":""},"pages":["545137a814af501a00b50cff","5451389e14af501a00b50d11","5451384514af501a00b50d04","546b8edb62515a14007ebc39","546b9214b47b5d1400109efa","546b922862515a14007ebc4f","546b9234b47b5d1400109efc","546b924762515a14007ebc51","546b925662515a14007ebc53","546fdac1691dc8080089521d","547374bd007eb108007e0380"],"title":"Getting Started","slug":"documentation","order":0,"from_sync":false,"reference":false,"_id":"545137a814af501a00b50cfd","project":"545137a814af501a00b50cf9","version":"545137a814af501a00b50cfc","createdAt":"2014-10-29T18:53:28.598Z","__v":11},"createdAt":"2014-11-18T18:38:32.991Z","project":"545137a814af501a00b50cf9","version":{"version":"1.0","version_clean":"1.0.0","codename":"","is_stable":true,"is_beta":true,"is_hidden":false,"is_deprecated":false,"categories":["545137a814af501a00b50cfd","545138eaa66f020800dbab4a","546b9072b47b5d1400109edf","546b9082b47b5d1400109ee0","546b9088b47b5d1400109ee1","546b909462515a14007ebc43","546b90a0b47b5d1400109ee2","546ced235884600e007a92f6","5481008eea7fd40b00cd7c2b","573b9d83ee2b3b220042291f","57be1efa15efc70e006a5f99","5ee004f52c97b4004c7a5876"],"_id":"545137a814af501a00b50cfc","project":"545137a814af501a00b50cf9","__v":12,"createdAt":"2014-10-29T18:53:28.525Z","releaseDate":"2014-10-29T18:53:28.525Z"},"githubsync":"","parentDoc":null,"user":"5433099f9a2b451a00ad4531","__v":20}

Step 2: Authentication


**Implement Authentication** The next step is to implement an authentication mechanism for your app to connect to Yammer. The authentication is an OAuth 2 flow, beginning with the user authenticating with their Yammer credentials. The user then authorizes your app to connect to their Yammer network. The end result is a token that your app will use to write events to Yammer and retrieve Yammer data. The Yammer API supports using the following token types: * Azure Active Directory * Yammer OAuth 2 (Legacy) **Azure Active Directory Tokens** All Yammer v1 REST API endpoints support using Azure Active Directory (AAD) Tokens that are acquired using the Microsoft Authentication Library (MSAL). MSAL is available for .NET, JavaScript, iOS, and Android, which support many different application architectures and platform. Learn about using [MSAL](https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview) and [registering an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) with the Microsoft identity platform. **Client-side Single Page JavaScript Application** If you are using a Single Page AAD App that uses the Implicit Grant Flow, then your AAD App will need to be mapped to its corresponding Yammer platform Application. Please provide details about your Yammer and AAD App through a Support request to Microsoft Support.  This is required to ensure that your application is not affected by Cross-Origin Resource Sharing (CORS) permissions issues. **Yammer OAuth 2 (Legacy)** Yammer's v1 REST API endpoints also support using Yammer OAuth 2 Tokens. * Server-Side Flow: Referred to as “Authorization Code Grant” in the OAuth 2.0 Specification, the server-side flow should be used whenever you need to call the Yammer API from your web application server. * Client-Side Flow: Referred to as “Implicit Grant” in the OAuth 2.0 Specification, the client-side flow should be used when you need to make API calls from a client, such as JavaScript running in a web browser or from a native mobile or desktop application. Learn more about using Server-Side and Client-Side flows [here.](https://developer.yammer.com/docs/oauth-2)