{"metadata":{"image":[],"title":"","description":""},"api":{"url":"","auth":"never","basic_auth":false,"params":[],"results":{"codes":[]},"settings":"","try":true},"next":{"description":"","pages":[]},"title":"Step 2: Authentication","type":"basic","slug":"authentication-1","excerpt":"","body":"**Implement Authentication**\nThe next step is to implement an authentication mechanism for your app to connect to Yammer. The authentication is an OAuth 2 flow, beginning with the user authenticating with their Yammer credentials. The user then authorizes your app to connect to their Yammer network. The end result is a token that your app will use to write events to Yammer and retrieve Yammer data.\n\nThe Yammer API supports using the following token types:\n  * Azure Active Directory\n  * Yammer OAuth 2 (Legacy)\n\n**Azure Active Directory Tokens**\nAll Yammer v1 REST API endpoints support using Azure Active Directory (AAD) Tokens that are acquired using the Microsoft Authentication Library (MSAL). MSAL is available for .NET, JavaScript, iOS and Android, which support many different application architectures and platform.\n\nLearn about using [MSAL](https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview) and [registering an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) with the Microsoft identity platform. \n\n**Client-side Single Page JavaScript Application**\nIf you are using a Single Page Azure Active Directory Application that uses the Implicit Grant Flow, then your Azure Active Directory Application will need to be mapped to its corresponding Yammer Platform Application. This is required to ensure that your application is not affected by Cross-Origin Resource Sharing (CORS) permissions issues. \nPlease provide details about your application in this [form](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRyOZxByRF1dLgv7k6ye5z8pUNEJOREVWQ1k3QkNXQTVJRURGOE9WQjVHRS4u) and our team will work with you on the process to map your Yammer and Azure Active Directory Applications.\n\n**Yammer OAuth 2 (Legacy)**\nYammer's v1 REST API endpoints also support using Yammer OAuth 2 Tokens.\n\n  * Server-Side Flow: Referred to as “Authorization Code Grant” in the OAuth 2.0 Specification, the server-side flow should be used whenever you need to call the Yammer API from your web application server.\n\n  * Client-Side Flow: Referred to as “Implicit Grant” in the OAuth 2.0 Specification, the client-side flow should be used when you need to make API calls from a client, such as JavaScript running in a web browser or from a native mobile or desktop application. \n\nLearn more about using Server-Side and Client-Side flows [here.](https://developer.yammer.com/docs/oauth-2)","updates":["54ee01d28dafa7250027e65e","55cce35ea15ad619004af25d"],"order":2,"isReference":false,"hidden":false,"sync_unique":"","link_url":"","link_external":false,"_id":"546b922862515a14007ebc4f","category":{"sync":{"isSync":false,"url":""},"pages":["545137a814af501a00b50cff","5451389e14af501a00b50d11","5451384514af501a00b50d04","546b8edb62515a14007ebc39","546b9214b47b5d1400109efa","546b922862515a14007ebc4f","546b9234b47b5d1400109efc","546b924762515a14007ebc51","546b925662515a14007ebc53","546fdac1691dc8080089521d","547374bd007eb108007e0380"],"title":"Getting Started","slug":"documentation","order":0,"from_sync":false,"reference":false,"_id":"545137a814af501a00b50cfd","project":"545137a814af501a00b50cf9","version":"545137a814af501a00b50cfc","createdAt":"2014-10-29T18:53:28.598Z","__v":11},"createdAt":"2014-11-18T18:38:32.991Z","project":"545137a814af501a00b50cf9","version":{"version":"1.0","version_clean":"1.0.0","codename":"","is_stable":true,"is_beta":true,"is_hidden":false,"is_deprecated":false,"categories":["545137a814af501a00b50cfd","545138eaa66f020800dbab4a","546b9072b47b5d1400109edf","546b9082b47b5d1400109ee0","546b9088b47b5d1400109ee1","546b909462515a14007ebc43","546b90a0b47b5d1400109ee2","546ced235884600e007a92f6","5481008eea7fd40b00cd7c2b","573b9d83ee2b3b220042291f","57be1efa15efc70e006a5f99","5ee004f52c97b4004c7a5876"],"_id":"545137a814af501a00b50cfc","project":"545137a814af501a00b50cf9","__v":12,"createdAt":"2014-10-29T18:53:28.525Z","releaseDate":"2014-10-29T18:53:28.525Z"},"githubsync":"","parentDoc":null,"user":"5433099f9a2b451a00ad4531","__v":20}

Step 2: Authentication


**Implement Authentication** The next step is to implement an authentication mechanism for your app to connect to Yammer. The authentication is an OAuth 2 flow, beginning with the user authenticating with their Yammer credentials. The user then authorizes your app to connect to their Yammer network. The end result is a token that your app will use to write events to Yammer and retrieve Yammer data. The Yammer API supports using the following token types: * Azure Active Directory * Yammer OAuth 2 (Legacy) **Azure Active Directory Tokens** All Yammer v1 REST API endpoints support using Azure Active Directory (AAD) Tokens that are acquired using the Microsoft Authentication Library (MSAL). MSAL is available for .NET, JavaScript, iOS and Android, which support many different application architectures and platform. Learn about using [MSAL](https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview) and [registering an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) with the Microsoft identity platform. **Client-side Single Page JavaScript Application** If you are using a Single Page Azure Active Directory Application that uses the Implicit Grant Flow, then your Azure Active Directory Application will need to be mapped to its corresponding Yammer Platform Application. This is required to ensure that your application is not affected by Cross-Origin Resource Sharing (CORS) permissions issues. Please provide details about your application in this [form](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRyOZxByRF1dLgv7k6ye5z8pUNEJOREVWQ1k3QkNXQTVJRURGOE9WQjVHRS4u) and our team will work with you on the process to map your Yammer and Azure Active Directory Applications. **Yammer OAuth 2 (Legacy)** Yammer's v1 REST API endpoints also support using Yammer OAuth 2 Tokens. * Server-Side Flow: Referred to as “Authorization Code Grant” in the OAuth 2.0 Specification, the server-side flow should be used whenever you need to call the Yammer API from your web application server. * Client-Side Flow: Referred to as “Implicit Grant” in the OAuth 2.0 Specification, the client-side flow should be used when you need to make API calls from a client, such as JavaScript running in a web browser or from a native mobile or desktop application. Learn more about using Server-Side and Client-Side flows [here.](https://developer.yammer.com/docs/oauth-2)